Zimbra 0-Day использовалась для кражи данных электронной почты правительственных организаций - SEC-1275-1
Tags
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 |
Common Information
| Type | Value |
|---|---|
| UUID | adfc6749-34d9-4fd0-b426-bbf5feff050a |
| Fingerprint | 58aac5d6939e05e1 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 19, 2023, midnight |
| Added to db | Nov. 19, 2023, 9:30 p.m. |
| Last updated | Nov. 17, 2024, 5:46 p.m. |
| Headline | Zimbra 0-Day использовалась для кражи данных электронной почты правительственных организаций |
| Title | Zimbra 0-Day использовалась для кражи данных электронной почты правительственных организаций - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 5/1/10 |
Source URLs
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 20 | cve-2023-37580 |
|
| Details | Domain | 4 | ntcpk.org |
|
| Details | Domain | 3 | applicationdevsoc.com |
|
| Details | Domain | 3 | obsorth.opwtjnpoc.ml |
|
| Details | File | 16 | auth.js |
|
| Details | File | 2 | zimbradefender.js |
|
| Details | File | 3 | pqymscxwybwjpios.js |
|
| Details | Url | 3 | https://applicationdevsoc.com/tndgt/auth.js |
|
| Details | Url | 2 | https://applicationdevsoc.com/zimbramalwaredefender/zimbradefender.js |
|
| Details | Url | 3 | https://obsorth.opwtjnpoc.ml/pqymscxwybwjpios.js |