“##upal restful web services unserialize rce ( cve - 2019 - 6340 ). - other notable campaigns included : - joomla component jbcatalog — arbitrary file upload : the threat actor tried to create a back door by piecing together a php shellcode on the vulnerable server. - thinkphp rem…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
98%
“vulnerabilities, exploits, and malware driving attack campaigns in april 2019 security researchers at f5 networks constantly monitor web traffic at various locations throughout the world. this allows us to detect current “ in the wild ” malware, and to get an insight into a threa…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
95%
“malicious file. this threat actor was previously detected exploiting jenkins cli signedobject deserialization ( cve - 2017 - 1000353 ) with the same payload — a cryptominer, in this case. to read more about the payload, please refer to our february attack campaigns article ( / co…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
94%
“to rce. threat actors wasted no time in adding this zero - day threat vector in their arsenals, and we started detecting campaigns with the payload for cve - 2017 - 10271 but the endpoint for cve - 2019 - 2725. various poc exploits were posted online, but initially none of them t…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
86%
“the weblogic server service. the unsafe deserialization vulnerability exists within weblogic. wsee. async. asyncresponsebean class. to exploit this vulnerability, a threat actor needs to construct a normal soap message. within the message, the threat actor then needs to assign va…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
57%
“can see in figure 5, a new trait, serializedcolumnnormalizertrait was added. this indicates that the vulnerability is a serialization vulnerability as the module now checks for serialization within a string. to further investigate and find out which particular property can be use…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.007JavaScript
32%
“can see in figure 5, a new trait, serializedcolumnnormalizertrait was added. this indicates that the vulnerability is a serialization vulnerability as the module now checks for serialization within a string. to further investigate and find out which particular property can be use…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In April, threat actors focused on targeting vulnerabilities that had the highest impact: this month it was a recently released deserialization vulnerability in Oracle WebLogic Server.