Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG | CISA
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Powershell - T1086 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID b022c34e-fbbd-445c-8ab4-ff45e81c3558
Fingerprint ae69dde668069eea
Analysis status DONE
Considered CTI value 2
Text language
Published May 11, 2023, noon
Added to db June 5, 2023, 11:41 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
Title Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG | CISA
Detected Hints/Tags/Attributes 82/2/39
Source URLs
Redirection Url
Details Source https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a
URL Provider
Details Provider Source level domain
Details cisa.gov www.cisa.gov
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 257 https://us-cert.cisa.gov/ncas/alerts.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 140 
cve-2023-27350
Details Domain 19 
www.huntress.com
Details Domain 5 
windowcsupdates.com
Details Domain 5 
anydeskupdate.com
Details Domain 5 
anydeskupdates.com
Details Domain 8 
windowservicecemter.com
Details Domain 5 
winserverupdates.com
Details Domain 5 
netviewremote.com
Details Domain 5 
updateservicecenter.com
Details Domain 8 
windowservicecenter.com
Details Domain 5 
windowservicecentar.com
Details Domain 2 
decrypt.support
Details Domain 3 
privyonline.com
Details Domain 68 
gmx.com
Details Domain 2 
data-highstream.com
Details Domain 85 
onionmail.org
Details Domain 5 
ber6vjyb.com
Details Domain 3 
upd343.winserverupdates.com
Details Domain 7 
upd488.windowservicecemter.com
Details Domain 4127 
github.com
Details Domain 152 
cisa.gov
Details Domain 39 
ic3.gov
Details Email 2 
decrypt.support@privyonline.com
Details Email 2 
fimaribahundqf@gmx.com
Details Email 2 
main-office@data-highstream.com
Details Email 2 
prepalkeinuc0u@gmx.com
Details Email 3 
tpyrcne@onionmail.org
Details Email 37 
report@cisa.gov
Details File 11 
pc-app.exe
Details File 2125 
cmd.exe
Details File 1208 
powershell.exe
Details File 16 
server.log
Details File 15 
update.dll
Details File 8 
servers.txt
Details Github username 2 
kost
Details sha256 1 
6bb160ebdc59395882ff322e67e000a22a5c54ac777b6b1f10f1fef381df9c15
Details sha256 6 
c0f8aeeb2d11c6e751ee87c40ee609aceb1c1036706a5af0d3d78738b6cc4125
Details sha256 1 
0ce7c6369c024d497851a482e011ef1528ad270e83995d52213276edbe71403f
Details Url 1 
https://github.com/kost/revsocks