Apache ActiveMQ Vulnerability (CVE-2023-46604) Continuously Being Exploited in Attacks [Friday, December 22, 2023]

Apache ActiveMQ Vulnerability (CVE-2023-46604) Continuously Being Exploited in Attacks [Friday, December 22, 2023]
Report

Apache ActiveMQ Vulnerability (CVE-2023-46604) Continuously Being Exploited in Attacks

Description :
In November 2023, AhnLab Security Emergency response Center (ASEC) published a blog post titled “Circumstances of the Andariel Group Exploiting an Apache ActiveMQ Vulnerability (CVE-2023-46604)” which covered cases of the Andariel threat group exploiting the CVE-2023-46604 vulnerability to install malware. Since then, the Apache ActiveMQ vulnerability (CVE-2023-46604) has continued to be exploited by various threat actors.

Published Created Modified
2023-12-22 11:24:53 2023-12-22 11:24:53 2023-12-22 12:04:50

Tags

Indicators

URLs :
  • http://27.191.193.193:555/poc2.xml
  • http://27.191.193.193:555/Ladon.ps1
  • http://121.190.90.250:8081/js/3/paste.xml
  • http://121.190.90.250:8081/js/3/config.json
  • http://121.190.90.250:8081/js/s.rar
  • http://62.233.50.101:11197/ncat.exe
  • http://121.190.90.250:8081/js/3/paste.ps1
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.