Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518 | Rapid7 Blog
Tags
cmtmf-attack-pattern: Acquire Infrastructure Command And Scripting Interpreter Develop Capabilities Exploit Public-Facing Application Obtain Capabilities Stage Capabilities
attack-pattern: Acquire Infrastructure Data Acquire Infrastructure - T1583 Command And Scripting Interpreter - T1623 Confluence - T1213.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Develop Capabilities - T1587 Domains - T1583.001 Domains - T1584.001 Exploit Public-Facing Application - T1377 Exploits - T1587.004 Exploits - T1588.005 File And Directory Permissions Modification - T1222 Ip Addresses - T1590.005 Obtain Capabilities - T1588 Server - T1583.004 Server - T1584.004 Stage Capabilities - T1608 Command-Line Interface - T1059 Exploit Public-Facing Application - T1190 Indicator Removal On Host - T1070 Exploit Public-Facing Application
Show in Graph
Common Information
Type Value
UUID 84586350-2b79-4e2f-9829-eb02c2a90e67
Fingerprint 1109a9d1f1b76c6c
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 6, 2023, 3:31 p.m.
Added to db Nov. 19, 2023, 9:38 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518
Title Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518 | Rapid7 Blog
Detected Hints/Tags/Attributes 62/2/42
Source URLs
Redirection Url
Details Redirection https://blog.rapid7.com/2023/11/06/etr-rapid7-observed-exploitation-of-atlassian-confluence-cve-2023-22518/
Details Source https://www.rapid7.com/blog/post/2023/11/06/etr-rapid7-observed-exploitation-of-atlassian-confluence-cve-2023-22518/
URL Provider
Details Provider Source level domain
Details rapid7.com www.rapid7.com
Details rapid7.com blog.rapid7.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 50 Rapid7 Cybersecurity Blog https://blog.rapid7.com/rss/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 70 
cve-2023-22518
Details CVE 102 
cve-2023-22515
Details Domain 2 
web.shell
Details Domain 1 
com.jsos.shell
Details Domain 3 
logging.properties
Details Domain 1 
dorg.apache.catalina.security
Details Domain 7 
djava.io
Details Domain 1 
mdrg.sh
Details Domain 27 
atlassian.net
Details Domain 5 
j3qxmk6g5sk3zw62i2yhjnwmhm55rfz47fdyfkhaithlpelfjdokdxad.onion
Details File 3 
shell.pl
Details File 6 
com.js
Details File 24 
util.log
Details File 3 
ging.config
Details File 1 
tls.ep
Details File 1 
-datlassian.pl
Details File 1 
startup.opt
Details File 1 
gc-yyyy-mm-dd_xx-xx-xx.log
Details File 3 
bootstrap.jar
Details File 2 
tomcat-juli.jar
Details File 11 
io.tmp
Details File 1 
e:\confluence\confluence\bin\tomcat9.exe
Details File 2 
agttydcb.bat
Details File 6 
read-me3.txt
Details md5 3 
81b760d4057c7c704f18c3f6b3e6b2c4
Details sha256 3 
4ed46b98d047f5ed26553c6f4fded7209933ca9632b998d265870e3557a5cdfe
Details IPv4 14 
193.176.179.41
Details IPv4 8 
193.43.72.11
Details IPv4 5 
45.145.6.112
Details MITRE ATT&CK Techniques 66 
T1583
Details MITRE ATT&CK Techniques 56 
T1587
Details MITRE ATT&CK Techniques 145 
T1588
Details MITRE ATT&CK Techniques 46 
T1608
Details MITRE ATT&CK Techniques 542 
T1190
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 265 
T1222
Details MITRE ATT&CK Techniques 247 
T1070
Details MITRE ATT&CK Techniques 472 
T1486
Details Url 1 
http://193.176.179.41/agae
Details Url 1 
http://193.43.72.11/mdrg
Details Url 3 
http://193.176.179.41/tmp.37
Details Url 1 
http://193.43.72.11/mdrg.sh