RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence
Tags
attack-pattern: Data Acquire Access - T1650 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Password Spraying - T1110.003 Private Keys - T1552.004 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Private Keys - T1145 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID 34ba15c0-57cd-4449-a3cd-d3ffb8d0f61f
Fingerprint 1524a0012badb5e1
Analysis status DONE
Considered CTI value 2
Text language
Published July 5, 2020, 2:44 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence
Title RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence
Detected Hints/Tags/Attributes 58/1/38
Source URLs
Redirection Url
Details Source https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/
URL Provider
Details Provider Source level domain
Details nccgroup.com research.nccgroup.com
Attributes
Details Type #Events CTI Value
Details CVE 77 
cve-2020-5902
Details Domain 358 
pastebin.com
Details Domain 1 
f5update.ddns.net
Details Domain 1 
f5updates.eu5.org
Details Domain 18 
update.sh
Details Domain 4127 
github.com
Details Domain 1 
bypass-iocs.md
Details Domain 8 
nccgroup.com
Details Email 2 
cirt@nccgroup.com
Details File 1 
firmwareupdate.php
Details File 1 
metrics.php
Details File 1 
f5_reconfig.txt
Details File 1 
ssl.tar
Details File 1 
f5_metadata.tar
Details File 1 
enc.dat
Details File 1 
dnscacheresolve.php
Details File 8 
update.html
Details File 13 
demo.txt
Details File 1 
bg_status.php
Details File 2 
utility.php
Details File 1 
scripts.php
Details File 16 
lang.sys
Details Github username 33 
nccgroup
Details sha1 1 
79f80e6528e6bf552f55f8efe9d8d291ec0a2e78
Details sha1 1 
eebc1efe99bb5040498365322105cc5bd4dc59a5
Details sha1 1 
784fb1aea7d9693e7df4ba70fb8abc7138701ccf
Details sha1 1 
b8ce500c1e6ec4d4268ae0d2de82f9f35bbfc673
Details sha1 1 
e1775079d58a6266fdd6185143642ac53b4314fe
Details IPv4 1 
148.251.87.169
Details IPv4 198 
1.1.1.1
Details IPv4 1 
217.12.199.179
Details Url 1 
http://148.251.87.169/metrics.php
Details Url 1 
http://148.251.87.169/dnscacheresolve.php
Details Url 1 
https://pastebin.com/raw/jdu3vdgm
Details Url 1 
http://f5updates.eu5.org/updates/update.sh
Details Url 1 
https://pastebin.com/raw/wbpw3e65
Details Url 1 
https://github.com/nccgroup/cyber-defence/blob/master/intelligence/cve-2020-5902/bypass-iocs.md
Details Url 1 
https://github.com/nccgroup/cyber-defence/tree/master/intelligence/cve-2020-5902