Злоумышленники эксплуатируют исправленную уязвимость FortiClient EMS в дикой природе - SEC-1275-1
Tags
attack-pattern: | Domains - T1583.001 Domains - T1584.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | aef11ad4-6c61-4074-a458-381c5732512f |
Fingerprint | c84b7f8e35b6d847 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Dec. 23, 2024, midnight |
Added to db | Dec. 23, 2024, 7:16 a.m. |
Last updated | Dec. 23, 2024, 11:19 a.m. |
Headline | Злоумышленники эксплуатируют исправленную уязвимость FortiClient EMS в дикой природе |
Title | Злоумышленники эксплуатируют исправленную уязвимость FortiClient EMS в дикой природе - SEC-1275-1 |
Detected Hints/Tags/Attributes | 12/1/75 |
Source URLs
URL Provider
Details | Provider | Source level domain |
---|---|---|
Details | 1275.ru | 1275.ru |
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 44 | cve-2023-48788 |
|
Details | Domain | 5 | corsmich.screenconnect.com |
|
Details | Domain | 5 | infinity.screenconnect.com |
|
Details | Domain | 5 | kle.screenconnect.com |
|
Details | Domain | 4 | qvmlaztyjogwgkikmknv2ch3t5yhb6vw4.oast.fun |
|
Details | Domain | 5 | trembly.screenconnect.com |
|
Details | Domain | 5 | allwebemails1.screenconnect.com |
|
Details | Domain | 5 | lindeman.screenconnect.com |
|
Details | Domain | 5 | myleka.screenconnect.com |
|
Details | Domain | 5 | petit.screenconnect.com |
|
Details | Domain | 5 | sipaco2.screenconnect.com |
|
Details | Domain | 4 | solarnyx2410150445.screenconnect.com |
|
Details | Domain | 5 | sorina.screenconnect.com |
|
Details | Domain | 60 | webhook.site |
|
Details | Domain | 5 | web-r6hl0n.screenconnect.com |
|
Details | Domain | 5 | www.lidahtoto2.com |
|
Details | File | 2335 | cmd.exe |
|
Details | File | 27 | setup.msi |
|
Details | File | 4 | 72.bat |
|
Details | File | 4 | oo.bat |
|
Details | File | 4 | sos.txt |
|
Details | File | 4 | %temp%\falnkaqgoe.exe |
|
Details | File | 4 | %temp%\qgcnsjrb.exe |
|
Details | File | 4 | %temp%\gflqpbnlyyyh.exe |
|
Details | File | 4 | %temp%\edgourkwzlsk.exe |
|
Details | File | 6 | clientsetup.exe |
|
Details | File | 5 | im.ps1 |
|
Details | sha1 | 5 | 34162aaf41c08f0de2f888728b7f4dc2a43b50ec |
|
Details | sha1 | 5 | 441a52f0112da187244eeec5b24a79f40cc17d47 |
|
Details | sha1 | 5 | 44b83dd83d189f19e54700a288035be8aa7c8672 |
|
Details | sha1 | 5 | 59e1322440b4601d614277fe9092902b6ca471c2 |
|
Details | sha1 | 4 | 73f8e5c17b49b9f2703fed59cc2be77239e904f7 |
|
Details | sha1 | 5 | 746710470586076bb0757e0b3875de9c90202be2 |
|
Details | sha1 | 5 | 75ebd5bab5e2707d4533579a34d983b65af5ec7f |
|
Details | sha1 | 5 | 83cff3719c7799a3e27a567042e861106f33bb19 |
|
Details | sha1 | 5 | 841fff3a36d82c14b044da26967eb2a8f61175a8 |
|
Details | sha1 | 5 | 8834f7ab3d4aa5fb14d851c7790e1a6812ea4ca8 |
|
Details | sha1 | 5 | 8cfd968741a7c8ec2dcbe0f5333674025e6be1dc |
|
Details | sha1 | 5 | bc29888042d03fe0ffb57fc116585e992a4fdb9b |
|
Details | sha1 | 5 | cf1ca6c7f818e72454c923fea7824a8f6930cb08 |
|
Details | sha1 | 6 | e3b6ea8c46fa831cec6f235a5cf48b38a4ae8d69 |
|
Details | IPv4 | 5 | 45.141.84.45 |
|
Details | IPv4 | 5 | 185.216.70.170 |
|
Details | IPv4 | 4 | 148.251.53.222 |
|
Details | IPv4 | 5 | 185.196.9.31 |
|
Details | IPv4 | 5 | 206.206.77.33 |
|
Details | IPv4 | 5 | 5.61.59.201 |
|
Details | IPv4 | 5 | 87.120.125.55 |
|
Details | Url | 1 | http://148.251.53.222:14443/setup.msi |
|
Details | Url | 5 | http://185.196.9.31:8080/bd7ozy3umql-yabi8fherw |
|
Details | Url | 5 | http://185.216.70.170 |
|
Details | Url | 5 | http://185.216.70.170/72.bat |
|
Details | Url | 1 | http://185.216.70.170/a |
|
Details | Url | 5 | http://185.216.70.170/hello |
|
Details | Url | 5 | http://185.216.70.170/oo.bat |
|
Details | Url | 5 | http://185.216.70.170/sos.txt |
|
Details | Url | 5 | http://206.206.77.33:8080/xey_j7tyzjajqyj4mbtb0w |
|
Details | Url | 5 | http://5.61.59.201:8080/7k9xbvjahnqk09absc8spa |
|
Details | Url | 5 | http://5.61.59.201:8080/flnofgpkol4qc_gyuweeyq |
|
Details | Url | 5 | http://87.120.125.55:8080/bw_qy1ofzrv7iniy_notfq |
|
Details | Url | 5 | https://allwebemails1.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://corsmich.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://infinity.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://kle.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://lindeman.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://myleka.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://petit.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://sipaco2.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://solarnyx2410150445.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://sorina.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://trembly.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://webhook.site/7ece827e-d440-46fd-9b22-cc9a01db03c8 |
|
Details | Url | 5 | https://webhook.site/d0f4440c-927c-460a-a543-50d4fc87c8a4 |
|
Details | Url | 5 | https://web-r6hl0n.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest |
|
Details | Url | 5 | https://www.lidahtoto2.com/assets/im.ps1 |