Storm-1175 focuses gaze on vulnerable web-facing assets in high ...
Essential information
- Published
- 06/04/2026 20:26
- Modified
- 06/04/2026 21:48
- Tags
- 2026-04-06 exploit medusa psexec ransomware remote access storm-1175
- Related entities
- 17 vulnerabilities (cve), 7 observables, 1 intrusion sets (apt), 1 malware
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (17)
SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a …
- Attack vector
- Network
- Complexity
- Low
- Published
- 16/01/2025
- Modified
- 29/04/2026
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …
- Attack vector
- Network
- Published
- 29/04/2025
- Modified
- 21/12/2025
SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files …
- Attack vector
- NETWORK
- Published
- 29/12/2025
- Modified
- 05/03/2026
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context …
- Attack vector
- Network
- Published
- 21/04/2023
- Modified
- 21/12/2025
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary …
- Attack vector
- Network
- Published
- 13/02/2025
- Modified
- 21/12/2025
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to …
- Attack vector
- Network
- Published
- 29/09/2025
- Modified
- 29/05/2026
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.
- Attack vector
- Network
- Published
- 07/03/2024
- Modified
- 21/12/2025
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 20/04/2023
- Modified
- 22/04/2026
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These …
- Attack vector
- Network
- Complexity
- Low
- Published
- 16/01/2025
- Modified
- 29/04/2026
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous …
- Attack vector
- Network
- EPSS
- 0.0336 (P87.0%)
- Published
- 26/01/2026
- Modified
- 10/02/2026
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 14/02/2023
- Modified
- 16/04/2026
Observables (7)
-
134.195.91.224 -
185.135.86.149 -
85.155.186.121 -
0cefeb6210b7103fd32b996beff518c9b6e1691a97bb1cda7f5fb57905c4be96 -
e57ba1a4e323094ca9d747bfb3304bd12f3ea3be5e2ee785a3e656c3ab1e8086 -
5ba7de7d5115789b952d9b1c6cff440c9128f438de933ff9044a68fff8496d19 -
9632d7e4a87ec12fdd05ed3532f7564526016b78972b2cd49a610354d672523c
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (1)
-
The MITRE Corporation Confidence 100
[MEDUSA](https://attack.mitre.org/software/S1220) is an open-source rootkit that is capable of dynamic linker hijacking, command execution, and logging credentials.(Citation: Google Cloud Mandiant UNC3886 2024)
First seen 01/01/1970 · Last seen 16/11/5138 ·