ioc[.]one - OSINT Cyber Threat Intelligence Database

threat-intel/yara.yar at main · volexity/threat-intel

Tags

Show in Graph

Common Information

Type	Value
UUID	4df5c8e0-2c5e-4c5e-a1e9-5f70855310f5
Fingerprint	4452ac7d4d27f065
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 10, 2022, midnight
Added to db	Sept. 11, 2022, 12:44 p.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	UNKNOWN
Title	threat-intel/yara.yar at main · volexity/threat-intel
Detected Hints/Tags/Attributes	10/0/19

Source URLs

	Redirection	Url
Details	Source	https://github.com/volexity/threat-intel/blob/main/2022/2022-08-10%20Mass%20exploitation%20of%20(Un)authenticated%20Zimbra%20RCE%20CVE-2022-27925/yara.yar

URL Provider

Details	Provider	Source level domain
Details	github.com	github.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	29		cve-2022-27925
Details	Domain	7		volexity.com
Details	Domain	4127		github.com
Details	Domain	224		unit42.paloaltonetworks.com
Details	Domain	37		java.security
Details	Email	4		threatintel@volexity.com
Details	File	34		license.txt
Details	File	8		tunnel.jsp
Details	Github username	7		volexity
Details	Github username	6		beichendream
Details	Github username	5		secwiki
Details	sha256	1		2786d2dc738529a34ecde10ffeda69b7f40762bf13e7771451f13a24ab7fc5fe
Details	sha256	1		4935f0c50057e28efa7376c734a4c66018f8d20157b6584399146b6c79a6de15
Details	sha256	1		f9b20324f4239a8c82042d8207e35776d6777b6305974964cd9ccc09d431b845
Details	Url	3		https://github.com/volexity/threat-intel/blob/main/license.txt
Details	Url	4		https://github.com/beichendream/godzilla
Details	Url	3		https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge
Details	Url	1		https://github.com/secwiki/webshell-2/blob/master/regeorg-master/tunnel.jsp
Details	Yara rule	1		rule webshell_jsp_general_runtime_exec_req : General Webshells { meta: author = "threatintel@volexity.com" description = "Looks for a common design pattern in webshells where a request attribute is passed directly to exec()." date = "2022-02-02" hash1 = "4935f0c50057e28efa7376c734a4c66018f8d20157b6584399146b6c79a6de15" license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt" memory_suitable = 1 strings: $s1 = "Runtime.getRuntime().exec(request." condition: $s1 }