ioc[.]one - OSINT Cyber Threat Intelligence Database

On insecure zip handling, Rubyzip and Metasploit RCE (CVE-2019-5624) · Doyensec's Blog

Tags

attack-pattern:

Data Cron - T1053.003 Malicious File - T1204.002 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Denial Of Service

Show in Graph

Common Information

Type	Value
UUID	966be24e-8ab7-465b-b380-e87527ab3839
Fingerprint	a703b31b38311e99
Analysis status	DONE
Considered CTI value	0
Text language
Published	April 24, 2019, midnight
Added to db	Jan. 18, 2023, 8:26 p.m.
Last updated	Nov. 16, 2024, 10:14 a.m.
Headline	On insecure zip handling, Rubyzip and Metasploit RCE (CVE-2019-5624)
Title	On insecure zip handling, Rubyzip and Metasploit RCE (CVE-2019-5624) · Doyensec's Blog
Detected Hints/Tags/Attributes	47/1/12

Source URLs

	Redirection	Url
Details	Source	https://blog.doyensec.com/2019/04/24/rubyzip-bug.html

URL Provider

Details	Provider	Source level domain
Details	doyensec.com	blog.doyensec.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	2		cve-2019-5624
Details	Domain	2		pathname.new
Details	Domain	15		file.open
Details	Domain	4		entry.name
Details	Domain	1		absolutepath.zip
Details	Domain	3		evilarc.py
Details	File	79		file.txt
Details	File	1		absolutepath.zip
Details	File	1		rubyzip-poc.rb
Details	File	1		zip.rb
Details	File	3		evilarc.py
Details	IPv4	1		172.16.13.144