Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell [Wednesday, January 24, 2024]

Over the past few weeks, there has been a notable increase in malicious activity targeting a recent critical vulnerability in the Apache ActiveMQ s...
Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell [Wednesday, January 24, 2024]
Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell
Report

Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell

Description :
Over the past few weeks, there has been a notable increase in malicious activity targeting a recent critical vulnerability in the Apache ActiveMQ software. This vulnerability is specifically linked to unsafe deserialization practices within the OpenWire protocol and has been designated as CVE-2023-46604. Exploiting this vulnerability enables threat actors to potentially gain unauthorized access to a target system by executing arbitrary shell commands. Since a PoC of the exploit was made publicly available in October 2023, threat actors have been using it to deploy crypto-miners, rootkits, ransomware, and remote access trojans.

Published Created Modified
2024-01-24 17:08:28 2024-01-24 17:08:28 2024-01-24 18:02:21

Tags

Indicators

Hashes :
  • Godzilla_webshell
  • 233adf5d3c754ead3f304a4891d367884dd615d74d9983119546bebb346b7bf7
  • 5da5796d407a0099aa624b1ea73a877a5197b3b31529d94f2467dce19fe3a74a
  • f97c6c820694a059c7b0b2f3abe1f614b925dd4ab233d11472b062325ffb67be
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.