Custom Arsenal Developed to Target Multiple Industries
Essential information
- Published
- 27/05/2025 10:35
- Modified
- 27/05/2025 13:56
- Tags
- 2025-05-27 CVE-2017-9805 CVE-2021-22205 CVE-2024-27198 CVE-2024-27199 CVE-2024-51378 CVE-2024-51567 CVE-2024-56145 CVE-2024-9047 CVE-2025-31324 apt backdoor brute ratel bypassboss china-nexus cobalt strike custom tools dll sideloading multi-industry targeting pulsepack sql injection vshell vulnerability exploitation
- Related entities
- 9 vulnerabilities (cve), 185 observables, 1 intrusion sets (apt), 8 techniques (mitre), 5 malware, 9 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (9)
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected …
- Attack vector
- Network
- Published
- 02/06/2025
- Modified
- 21/12/2025
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …
- Attack vector
- Network
- Published
- 29/04/2025
- Modified
- 21/12/2025
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus …
- Attack vector
- Network
- Published
- 07/11/2024
- Modified
- 21/12/2025
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands …
- Attack vector
- Network
- Published
- 04/12/2024
- Modified
- 21/12/2025
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. …
- Attack vector
- NETWORK
- Published
- 12/10/2024
- Modified
- 21/12/2025
Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 15/09/2017
- Modified
- 22/04/2026
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/03/2024
- Modified
- 22/04/2026
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.
- Attack vector
- Network
- Published
- 07/03/2024
- Modified
- 21/12/2025
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Observables (185)
-
bkp.windowstimes.me -
api.xwphd.com -
admin.668608.xyz -
784564141.ccega6r0yph8.com -
0ac0568239f8978.ccega6r0yph8.com -
chrome-online.site -
sentinelones.com -
ffdb183742a3404c3756ba654ea8eb7983650cbf8fdc4e8a6514870e251f2915 -
ff724631dba8abe354c8742f09d88821237632e36c305ba4f1132a95880dde67 -
fc56184a160c0fbb3d2a98e5955dfad4e09e3a8db99f162199d9c1f419460984 -
f90e8f85f79cbff664ad3c4758f1bed8a6ebc2a712180d675ff560bea2b88c65 -
f80313b4e2d743c94571a98d1672ffc3bc003209c6315ce2a22a9989aae051c2
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (8)
Malware (5)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Others (9)
-
British Indian Ocean Territory
-
India
-
Brazil
-
Retail
-
Technology
-
Transportation
-
Education
-
Finance
-
Government