Злоумышленники эксплуатируют исправленную уязвимость FortiClient EMS в дикой природе - SEC-1275-1
Common Information
Type Value
UUID aef11ad4-6c61-4074-a458-381c5732512f
Fingerprint c84b7f8e35b6d847
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 23, 2024, midnight
Added to db Dec. 23, 2024, 7:16 a.m.
Last updated Dec. 23, 2024, 11:19 a.m.
Headline Злоумышленники эксплуатируют исправленную уязвимость FortiClient EMS в дикой природе
Title Злоумышленники эксплуатируют исправленную уязвимость FortiClient EMS в дикой природе - SEC-1275-1
Detected Hints/Tags/Attributes 12/1/75
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 8 Архивы IOC - SEC-1275-1 https://1275.ru/ioc/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 44
cve-2023-48788
Details Domain 5
corsmich.screenconnect.com
Details Domain 5
infinity.screenconnect.com
Details Domain 5
kle.screenconnect.com
Details Domain 4
qvmlaztyjogwgkikmknv2ch3t5yhb6vw4.oast.fun
Details Domain 5
trembly.screenconnect.com
Details Domain 5
allwebemails1.screenconnect.com
Details Domain 5
lindeman.screenconnect.com
Details Domain 5
myleka.screenconnect.com
Details Domain 5
petit.screenconnect.com
Details Domain 5
sipaco2.screenconnect.com
Details Domain 4
solarnyx2410150445.screenconnect.com
Details Domain 5
sorina.screenconnect.com
Details Domain 60
webhook.site
Details Domain 5
web-r6hl0n.screenconnect.com
Details Domain 5
www.lidahtoto2.com
Details File 2335
cmd.exe
Details File 27
setup.msi
Details File 4
72.bat
Details File 4
oo.bat
Details File 4
sos.txt
Details File 4
%temp%\falnkaqgoe.exe
Details File 4
%temp%\qgcnsjrb.exe
Details File 4
%temp%\gflqpbnlyyyh.exe
Details File 4
%temp%\edgourkwzlsk.exe
Details File 6
clientsetup.exe
Details File 5
im.ps1
Details sha1 5
34162aaf41c08f0de2f888728b7f4dc2a43b50ec
Details sha1 5
441a52f0112da187244eeec5b24a79f40cc17d47
Details sha1 5
44b83dd83d189f19e54700a288035be8aa7c8672
Details sha1 5
59e1322440b4601d614277fe9092902b6ca471c2
Details sha1 4
73f8e5c17b49b9f2703fed59cc2be77239e904f7
Details sha1 5
746710470586076bb0757e0b3875de9c90202be2
Details sha1 5
75ebd5bab5e2707d4533579a34d983b65af5ec7f
Details sha1 5
83cff3719c7799a3e27a567042e861106f33bb19
Details sha1 5
841fff3a36d82c14b044da26967eb2a8f61175a8
Details sha1 5
8834f7ab3d4aa5fb14d851c7790e1a6812ea4ca8
Details sha1 5
8cfd968741a7c8ec2dcbe0f5333674025e6be1dc
Details sha1 5
bc29888042d03fe0ffb57fc116585e992a4fdb9b
Details sha1 5
cf1ca6c7f818e72454c923fea7824a8f6930cb08
Details sha1 6
e3b6ea8c46fa831cec6f235a5cf48b38a4ae8d69
Details IPv4 5
45.141.84.45
Details IPv4 5
185.216.70.170
Details IPv4 4
148.251.53.222
Details IPv4 5
185.196.9.31
Details IPv4 5
206.206.77.33
Details IPv4 5
5.61.59.201
Details IPv4 5
87.120.125.55
Details Url 1
http://148.251.53.222:14443/setup.msi
Details Url 5
http://185.196.9.31:8080/bd7ozy3umql-yabi8fherw
Details Url 5
http://185.216.70.170
Details Url 5
http://185.216.70.170/72.bat
Details Url 1
http://185.216.70.170/a
Details Url 5
http://185.216.70.170/hello
Details Url 5
http://185.216.70.170/oo.bat
Details Url 5
http://185.216.70.170/sos.txt
Details Url 5
http://206.206.77.33:8080/xey_j7tyzjajqyj4mbtb0w
Details Url 5
http://5.61.59.201:8080/7k9xbvjahnqk09absc8spa
Details Url 5
http://5.61.59.201:8080/flnofgpkol4qc_gyuweeyq
Details Url 5
http://87.120.125.55:8080/bw_qy1ofzrv7iniy_notfq
Details Url 5
https://allwebemails1.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://corsmich.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://infinity.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://kle.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://lindeman.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://myleka.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://petit.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://sipaco2.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://solarnyx2410150445.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://sorina.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://trembly.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://webhook.site/7ece827e-d440-46fd-9b22-cc9a01db03c8
Details Url 5
https://webhook.site/d0f4440c-927c-460a-a543-50d4fc87c8a4
Details Url 5
https://web-r6hl0n.screenconnect.com/bin/screenconnect.clientsetup.exe?e=access&y=guest
Details Url 5
https://www.lidahtoto2.com/assets/im.ps1