Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability [Tuesday, November 14, 2023]

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability [Tuesday, November 14, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

Description :
Since early October 2023, researchers observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous deployment (CI/CD) application used by organizations for DevOps and other software development activities.

Published :
2023-11-14T09:43:11.586Z

Created :
2023-11-14T09:43:11.586Z

Modified :
2023-11-14T10:03:44.072Z

Tags

  • powershell
  • backdoor
  • cve202342793
  • diamond sleet
  • onyx sleet
  • foresttiger

Indicators

URLs :
  • https://www.bandarpowder.com/public/assets/img/user64.png
  • https://commune-fraita.ma/wp-content/plugins/wp-contact/contact.php
  • http://www.bandarpowder.com/public/assets/img/cfg.png
  • http://147.78.149.201:9090/imgr.ico
  • https://vadtalmandir.org/admin/ckeditor/plugins/icontact/about.php
  • http://162.19.71.175:7443/bottom.gif
  • http://www.aeon-petro.com/wcms/plugins/addition_contents/cfg.png
  • http://www.mge.sn/themes/classic/modules/ps_rssfeed/feed.zip
  • http://www.mge.sn/themes/classic/modules/ps_rssfeed/feedmd.zip
  • https://www.bandarpowder.com/public/assets/img/cfg.png
  • http://www.bandarpowder.com/public/assets/img/user64.png
  • http://www.aeon-petro.com/wcms/plugins/addition_contents/user64.png
Domains :
  • 3dkit.org
  • dersmarketim.com
  • galerielamy.com
  • olidhealth.com
Hashes :
  • fa7f6ac04ec118dd807c1377599f9d369096c6d8fb1ed24ac7a6ec0e817eaab6
  • 0be1908566efb9d23a98797884f2827de040e4cedb642b60ed66e208715ed4aa
  • f251144f7ad0be0045034a1fc33fb896e8c32874e0b05869ff5783e14c062486
  • 000752074544950ae9020a35ccd77de277f1cd5026b4b9559279dc3b86965eee
  • d9add2bfdfebfa235575687de356f0cefb3e4c55964c4cb8bfdcdc58294eeaca
  • e06f29dccfe90ae80812c2357171b5c48fba189ae103d28e972067b107e58795
Attacks Pattern :
  • T1595.002
  • T1020
  • T1007
  • T1059.003
  • T1027
  • T1119
  • T1071
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.