Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary] - SANS Internet Storm Center
Tags
country: Bulgaria
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID 423740f4-9b77-44be-8f8f-a5b9edbf8ccc
Fingerprint 9c2875930bdaee88
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 19, 2024, midnight
Added to db Dec. 21, 2024, 4:37 a.m.
Last updated Dec. 25, 2024, 12:22 p.m.
Headline Internet Storm Center
Title Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary] - SANS Internet Storm Center
Detected Hints/Tags/Attributes 48/2/17
Source URLs
Redirection Url
Details Source https://isc.sans.edu/diary/rss/31528
URL Provider
Details Provider Source level domain
Details sans.edu isc.sans.edu
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 142 SANS Internet Storm Center, InfoCON: green https://isc.sans.edu/rssfeed_full.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 41 
cve-2017-9841
Details CVE 54 
cve-2021-41773
Details Domain 88 
sans.edu
Details Domain 691 
nvd.nist.gov
Details Domain 5 
viz.greynoise.io
Details Domain 1 
www.threatstop.com
Details Domain 576 
www.cisa.gov
Details Domain 14 
www.lacework.com
Details Domain 20 
www.sans.edu
Details File 10 
eval-stdin.php
Details IPv4 2 
83.222.191.62
Details Url 1 
https://nvd.nist.gov/vuln/detail/cve-2017-9841
Details Url 1 
https://viz.greynoise.io/ip/83.222.191.62
Details Url 1 
https://www.threatstop.com/check-ioc
Details Url 2 
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-016a
Details Url 2 
https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys
Details Url 14 
https://www.sans.edu/cyber-security-programs/bachelors-degree