Attack Case against HFS (HTTP File Server) Server (Suspected…

216.73.217.22

Attack Case against HFS (HTTP File Server) Server (Suspected CVE-2024-23692)

· Published 03/07/2024 11:39 · Modified 03/07/2024 11:54

Essential information

Published: 03/07/2024 11:39
Modified: 03/07/2024 11:54
Tags: 2024-07-03 CVE-2024-23692 backdoor cobaltstrike destroyrat exploit gh0strat gothief korplug plugx rat vulnerability xenorat xmrig
Related entities: 1 vulnerabilities (cve), 14 observables, 19 techniques (mitre), 8 malware

Description

A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute malicious commands on vulnerable systems. Various attack cases exploiting this vulnerability have been observed, leading to the installation of malware such as coin miners, RATs, backdoors, and information stealers. The attackers seem to be primarily Chinese-speaking threat actors.

Related entities

External references

https://asec.ahnlab.com/ko/67509/
https://otx.alienvault.com/pulse/6685387168b4cf13f282f2c3

Attack Case against HFS (HTTP File Server) Server (Suspected CVE-2024-23692)

Essential information

Description

Related entities

Vulnerabilities (CVE) (1)

Observables (14)

Techniques (MITRE) (19)

Malware (8)

External references