{"vulnerability": "CVE-2023-46604", "sightings": [{"uuid": "d6fb12fa-298f-4062-9b30-18e9c2a4c0b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/8a5d9ef7-0fae-4fcc-a606-d3701ec5f0e0", "content": "", "creation_timestamp": "2024-10-15T11:38:27.000000Z"}, {"uuid": "5d520b7b-5ec1-45c8-9cba-65069dd8126f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/f9c19fe0-d99a-4345-8423-5635b5d8bf1f", "content": "", "creation_timestamp": "2023-11-01T20:42:27.000000Z"}, {"uuid": "caa3345f-4163-4fcd-8e51-be24e017e2ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-11-02T18:10:02.000000Z"}, {"uuid": "ac266326-2d62-49b7-88f1-e59d7b6d90c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/df7b7020-9f17-4a3c-9824-1baa4ff67cb1", "content": "", "creation_timestamp": "2023-11-22T15:35:26.000000Z"}, {"uuid": "cdeee833-383a-490a-820b-968f9dfcdbeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/aaf97b2c-ad16-4ce6-928a-a440112d0fd3", "content": "", "creation_timestamp": "2024-09-16T19:13:31.000000Z"}, {"uuid": "5f7956fd-fdd1-49f2-be9d-64948ed8fe44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/113625512128034806", "content": "", "creation_timestamp": "2024-12-09T23:42:02.020231Z"}, {"uuid": "3a900e42-25b9-43bb-bb9b-e4c253d0bae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971911", "content": "", "creation_timestamp": "2024-12-24T20:35:32.844833Z"}, {"uuid": "d092f13b-e258-4618-87c9-7c7243c1fe43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "c59e7962-9ae4-4a34-8258-abd007e84d2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:48.000000Z"}, {"uuid": "be3f9683-efb8-440f-8f7a-946bbacc7e43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-14", "content": "", "creation_timestamp": "2025-02-13T11:00:00.000000Z"}, {"uuid": "36f67344-774f-40d1-8764-65a50ab87b3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:57.000000Z"}, {"uuid": "f0b1b462-cc99-47a5-b1ec-0eb0d6926df1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-34f40802-640c8f06861ca21f", "content": "", "creation_timestamp": "2025-08-20T09:25:27.869166Z"}, {"uuid": "ce6458dd-7726-4120-aa44-6c8c980ad32b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://gist.github.com/vivek-gopal/7c15a28070e3b6b75c8127f632686585", "content": "", "creation_timestamp": "2025-09-11T08:37:25.000000Z"}, {"uuid": "f609efb1-461f-4380-aa93-8dd5249261ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://gist.github.com/vivek-gopal/3ea5712720c8371a1075b15a27628fc7", "content": "", "creation_timestamp": "2025-09-11T09:20:51.000000Z"}, {"uuid": "e42f3999-d55b-4635-98f6-62d4c6f10715", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3m4p6en3vwv2i", "content": "", "creation_timestamp": "2025-11-03T04:23:53.863456Z"}, {"uuid": "0dce2cf2-9d97-4aca-b426-3217d5c06dd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "4c36b6c9-fdd5-4a34-9577-53f3c0455de1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lwt5qswy2mg2", "content": "", "creation_timestamp": "2025-08-20T09:52:32.957697Z"}, {"uuid": "1d172c7f-e738-4081-a05b-047bded7c1ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3lwtbvy64gh2m", "content": "", "creation_timestamp": "2025-08-20T11:06:45.997719Z"}, {"uuid": "ece54dfc-9f67-4633-8a45-b0f2299d71e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/115060796380277759", "content": "", "creation_timestamp": "2025-08-20T11:13:43.773609Z"}, {"uuid": "45e624d3-d2f0-46f9-9f68-f737eec0affc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/theitnerd.ca/post/3lwtgu6hk3w2k", "content": "", "creation_timestamp": "2025-08-20T12:35:14.281196Z"}, {"uuid": "f8accf45-e523-4b0c-88c2-a42d184f4780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-46604", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4pcnddwi4e2", "content": "", "creation_timestamp": "2025-11-03T05:41:04.380520Z"}, {"uuid": "174ea819-057c-48fe-aa85-070ce8a3a851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lwtls2o6fs2y", "content": "", "creation_timestamp": "2025-08-20T14:03:32.750593Z"}, {"uuid": "63272c1b-6a3f-4ac6-a75a-5e20cee0bb6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3lwtuzyxlkk24", "content": "", "creation_timestamp": "2025-08-20T16:49:06.759023Z"}, {"uuid": "d71c2e5b-f65f-48a5-815a-d7d4f172118d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3lwubwihyzu26", "content": "", "creation_timestamp": "2025-08-20T20:39:42.719908Z"}, {"uuid": "ee490ecd-b29c-4c5a-b4dd-08455358aca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/kpwn.bsky.social/post/3lwuep3pnik2b", "content": "", "creation_timestamp": "2025-08-20T21:29:16.348690Z"}, {"uuid": "07176288-9b45-4f89-a2d3-aa506d131fb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/kpwn.bsky.social/post/3lwufb4hxzs2b", "content": "", "creation_timestamp": "2025-08-20T21:39:20.782919Z"}, {"uuid": "4d8178cd-d04b-4fef-8ce9-74bd37956ca7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lwwgbbfhqhi2", "content": "", "creation_timestamp": "2025-08-21T17:03:03.658278Z"}, {"uuid": "4202631e-ed8c-4157-a3a8-e88a8a510a04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/4ad9ed67-5cc3-5de2-849d-1a1910431785", "content": "", "creation_timestamp": "2025-09-09T11:33:07.000000Z"}, {"uuid": "fad902d7-3732-4314-b193-5656d2996567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3lx7jiyqjxk2e", "content": "", "creation_timestamp": "2025-08-25T07:54:44.125789Z"}, {"uuid": "db3dd172-d6a3-4d1e-9d13-23848988616b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/techwithellyson.bsky.social/post/3lxsfdx55ww2w", "content": "", "creation_timestamp": "2025-09-01T20:00:48.839357Z"}, {"uuid": "ffadccef-4bd5-46db-bb0a-fcbfeb6d7d33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:57.000000Z"}, {"uuid": "235f4024-dc7b-484d-a1bd-6ea907854989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mfrtdlqksq2m", "content": "", "creation_timestamp": "2026-02-26T18:31:11.962774Z"}, {"uuid": "21ce3c94-7bd3-4159-aca3-a274f180bf1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://infosec.exchange/users/VirusBulletin/statuses/116125304066872153", "content": "", "creation_timestamp": "2026-02-24T11:12:08.978492Z"}, {"uuid": "37c59b3c-f1f8-466b-b029-b1b17a2ae9b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/virusbtn.bsky.social/post/3mflzukjcwc2b", "content": "", "creation_timestamp": "2026-02-24T11:12:09.736439Z"}, {"uuid": "c29fa324-740d-47e8-91b3-fe856a9f1a7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/apache_activemq_rce_cve_2023_46604.rb", "content": "", "creation_timestamp": "2023-11-06T15:51:49.000000Z"}, {"uuid": "df303bac-5190-4e00-9a90-9fa53a19faf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/83d4f3af-eb31-483b-8893-5114f7d170fe", "content": "", "creation_timestamp": "2026-02-02T12:25:27.480574Z"}, {"uuid": "11bff85c-ec16-40c3-8635-698414ca9d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mfonschmcw2f", "content": "", "creation_timestamp": "2026-02-25T12:14:03.205146Z"}, {"uuid": "90340260-f66a-4f70-9a42-ab7ad685faa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "MISP/8a5d9ef7-0fae-4fcc-a606-d3701ec5f0e0", "content": "", "creation_timestamp": "2026-01-09T20:17:30.000000Z"}, {"uuid": "0eda1023-2246-4ea1-ba28-3714f8043d93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://gist.github.com/alon710/259ba4448555bfe0e3eb2f75dd2e8a14", "content": "", "creation_timestamp": "2026-02-26T05:00:19.000000Z"}, {"uuid": "45b436a4-e18c-4cc2-a2bd-4192925943b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1153", "content": "", "creation_timestamp": "2023-11-03T04:00:00.000000Z"}, {"uuid": "bd718241-efd4-4410-88d9-380cb9e21d9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/71sICJ2qduNa9p7sy7EcgNRQvBtb-VPS3HuJRrErM7o1_Kg", "content": "", "creation_timestamp": "2026-01-04T21:00:04.000000Z"}, {"uuid": "3369658a-1227-4db0-abcd-7f8eaed8cc58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/eafa255c-065f-41f9-a401-581d793dafd1", "content": "", "creation_timestamp": "2026-02-02T12:26:47.651400Z"}, {"uuid": "45fb7c12-8c76-4b0a-a5f9-1cb90f72f9a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/199", "content": "\u2604\ufe0fCVE-2023-46604: Apache ActiveMQ RCE\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0448\u0435\u043b\u043b-\u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0442\u0438\u043f\u044b \u043a\u043b\u0430\u0441\u0441\u043e\u0432 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 OpenWire\ud83d\udc7a\n\n\ud83d\udce3\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 PoC:\nhttps://github.com/sule01u/CVE-2023-46604\n\n#cve #rce #exploit", "creation_timestamp": "2023-11-09T13:29:46.000000Z"}, {"uuid": "b3fb2193-56d5-4171-b344-5a0436fe11b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/GithubRedTeam/81019", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a ActiveMQ-EXPtools\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Catherines77\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Java\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-20 03:28:09\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u652f\u6301\u68c0\u6d4b\u548c\u5229\u7528ActiveMQ\u6f0f\u6d1e\uff0cCVE-2015-5254\uff0cCVE-2016-3088\uff0cCVE-2022-41678\uff0cCVE-2023-46604\uff0cCVE-2024-32114\uff0cCVE-2026-34197\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-20T04:00:04.000000Z"}, {"uuid": "7bc7049e-85b0-4418-af99-dca21ac9f925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/apache_activemq_cve_2023_46604", "content": "", "creation_timestamp": "2024-01-14T16:41:59.000000Z"}, {"uuid": "5035868e-9615-44c6-97b8-824b5632bbf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://bsky.app/profile/concisecyber.bsky.social/post/3mj3vrjxzxe27", "content": "", "creation_timestamp": "2026-04-09T22:56:58.925106Z"}, {"uuid": "c68f2d9a-d2d0-4ef4-bb28-734b134cabd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5771", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aThis script leverages CVE-2023046604 (Apache ActiveMQ) to generate a pseudo shell. The vulnerability allows for remote code execution due to unsafe deserialization within the OpenWire protocol.\nURL\uff1ahttps://github.com/duck-sec/CVE-2023-46604-ActiveMQ-RCE-pseudoshell\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2023-11-12T12:18:06.000000Z"}, {"uuid": "5f048346-2d77-42ad-a8d3-dd73ac75459f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/sqAkt-abxgQKI93sbGf7iG59__fxfGGzH9B3O7fITix-uxg", "content": "", "creation_timestamp": "2025-11-16T03:00:06.000000Z"}, {"uuid": "c2b82f1e-f36b-4348-9341-7b33d033f186", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6009", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aRepository to exploit CVE-2023-46604 reported for ActiveMQ\nURL\uff1ahttps://github.com/tomasmussi-mulesoft/activemq-cve-2023-46604\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-11-29T18:38:26.000000Z"}, {"uuid": "9278b566-e740-4ccc-98cd-4756839096c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5778", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-46604\u73af\u5883\u590d\u73b0\u5305\nURL\uff1ahttps://github.com/LiritoShawshark/CVE-2023-46604_ActiveMQ_RCE_Recurrence\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-11-13T02:40:58.000000Z"}, {"uuid": "fab783f3-eff7-45bf-b339-0832c7643d09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5770", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1a CVE-2023-46604 ActiveMQ RCE vulnerability verification/exploitation tool\nURL\uff1ahttps://github.com/sule01u/CVE-2023-46604\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2023-11-12T10:42:46.000000Z"}, {"uuid": "b662fdd2-d221-47ff-abe9-e91fe2604751", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5815", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPOC repo for CVE-2023-46604\nURL\uff1ahttps://github.com/vjayant93/CVE-2023-46604-POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-11-15T19:23:04.000000Z"}, {"uuid": "60ac37e8-2f34-49a8-b0d9-8d2d04aa1772", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5663", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-46604\nURL\uff1ahttps://github.com/JaneMandy/ActiveMQ_RCE_Pro_Max\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-11-03T14:30:55.000000Z"}, {"uuid": "e01c99e8-09dd-48f6-a4b1-3a2d4b5d51f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5720", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-46604 Apache ActiveMQ RCE exp\nURL\uff1ahttps://github.com/justdoit-cai/CVE-2023-46604-Apache-ActiveMQ-RCE-exp\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-11-08T07:52:51.000000Z"}, {"uuid": "b301ef9f-b01a-4f62-815d-6152bc6c4006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6275", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-46604 - ApacheMQ Version 5.15.5 Vulnerability  Machine: Broker\nURL\uff1ahttps://github.com/Mudoleto/Broker_ApacheMQ\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-23T08:43:25.000000Z"}, {"uuid": "b32bdd4f-86cb-48ae-a001-5d7cb0cc853d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6125", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aExploit for CVE-2023-46604\nURL\uff1ahttps://github.com/mrpentst/CVE-2023-46604\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-09T19:28:42.000000Z"}, {"uuid": "d534131e-9388-48bd-90d8-4c797e5ff051", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6266", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aInstructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604\nURL\uff1ahttps://github.com/dcm2406/CVE-Lab\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-21T18:27:16.000000Z"}, {"uuid": "e4fe2c77-e075-4cbc-a85c-e32bf62f3de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6204", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aResearch on CVE-2021-44228 and CVE-2023-46604\nURL\uff1ahttps://github.com/dcm2406/CVELab\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-16T12:06:44.000000Z"}, {"uuid": "3a02d1e6-66f2-460f-81b4-47c241450691", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/itsec_news/3587", "content": "\u200b\u26a1\ufe0fHelloKitty \u0432\u0435\u0440\u043d\u0443\u043b\u0430\u0441\u044c: \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache ActiveMQ \u043f\u043e\u0434 \u0430\u0442\u0430\u043a\u043e\u0439 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u044c\u0449\u0438\u043a\u043e\u0432\n\n\ud83d\udcac \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0435\u0440\u0432\u0438\u0441\u0435 \u043e\u0431\u043c\u0435\u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438 Apache ActiveMQ. \u041e\u0448\u0438\u0431\u043a\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\n\u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u0418\u0411-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Rapid7, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u044b\u0442\u0430\u043b\u0438\u0441\u044c \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0442\u0435\u043c \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u0442\u044c \u0432\u044b\u043a\u0443\u043f \u0437\u0430 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439-\u0436\u0435\u0440\u0442\u0432. \u0418\u0437\u0443\u0447\u0438\u0432 \u0437\u0430\u043c\u0435\u0442\u043a\u0443 \u043e \u0432\u044b\u043a\u0443\u043f\u0435 \u0438 \u0438\u043c\u0435\u044e\u0449\u0438\u0435\u0441\u044f \u0434\u0430\u043d\u043d\u044b\u0435, \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u0440\u0438\u043f\u0438\u0441\u0430\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u0443 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u041f\u041e HelloKitty, \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0443\u0442\u0435\u043a \u0432 \u0441\u0435\u0442\u044c \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043e\u043a\u0442\u044f\u0431\u0440\u044f.\n\n\u041e\u0442\u043c\u0435\u0447\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0432\u0437\u043b\u043e\u043c\u044b \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u043b\u0438\u0441\u044c \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-46604 (CVSS 10.0), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Apache ActiveMQ. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0440\u0435\u0448\u0435\u043d\u0430 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0445 ActiveMQ \u0432\u0435\u0440\u0441\u0438\u0439 5.15.16, 5.16.7, 5.17.6, \u0438\u043b\u0438 5.18.3, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0432 \u043a\u043e\u043d\u0446\u0435 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\n\nApache ActiveMQ 5.18.0 \u0434\u043e 5.18.3;\nApache ActiveMQ 5.17.0 \u0434\u043e 5.17.6;\nApache ActiveMQ 5.16.0 \u0434\u043e 5.16.7;\nApache ActiveMQ \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.15.16;\nApache ActiveMQ Legacy OpenWire Module \u0441 5.18.0 \u0434\u043e 5.18.3;\nApache ActiveMQ Legacy OpenWire Module \u0441 5.17.0 \u0434\u043e 5.17.6;\nApache ActiveMQ Legacy OpenWire Module \u0441 5.16.0 \u0434\u043e 5.16.7;\nApache ActiveMQ Legacy OpenWire Module \u0441 5.8.0 \u0434\u043e 5.15.16.\n\u041f\u043e\u0441\u043b\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445, PoC-\u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u043d\u044b \u0432 \u0441\u0435\u0442\u0438. \u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Rapid7, \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0432 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u0432\u0448\u0438\u0445 \u0441\u0435\u0442\u044f\u0445 \u00ab\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0431\u044b \u043e\u0436\u0438\u0434\u0430\u0442\u044c \u043e\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2023-46604\u00bb.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u043f\u044b\u0442\u043a\u043e\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u0443\u044e \u043c\u0430\u0448\u0438\u043d\u0443 \u0444\u0430\u0439\u043b\u044b \u0441 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f\u043c\u0438 M2.png \u0438 M4.png \u0447\u0435\u0440\u0435\u0437 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a Windows (msiexec). \u041e\u0431\u0430 MSI \u0444\u0430\u0439\u043b\u0430 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 32-\u0431\u0438\u0442\u043d\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 .NET-\u0444\u0430\u0439\u043b \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c dllloader, \u043a\u043e\u0442\u043e\u0440\u044b\u0439, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c EncDLL, \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0432 Base64 \u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u0443\u044e\u0449\u0443\u044e \u043a\u0430\u043a \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0435 \u041f\u041e. \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0438\u0449\u0435\u0442 \u0438 \u043f\u0440\u0435\u043a\u0440\u0430\u0449\u0430\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0443 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0430\u0431\u043e\u0440\u0430 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u044f \u043a \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u00ab.locked\u00bb.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Shadowserver Foundation, \u043f\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043d\u0430 1 \u043d\u043e\u044f\u0431\u0440\u044f 2023 \u0433\u043e\u0434\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e 3326 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 ActiveMQ, \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043d\u0438\u0445 \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u044b \u0432 \u041a\u0438\u0442\u0430\u0435, \u0421\u0428\u0410, \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u0438, \u042e\u0436\u043d\u043e\u0439 \u041a\u043e\u0440\u0435\u0435 \u0438 \u0418\u043d\u0434\u0438\u0438. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 ActiveMQ \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0435\u0442\u0438 \u043d\u0430 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-11-02T07:33:20.000000Z"}, {"uuid": "653ce06d-1c34-4206-831a-e95e158cfce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/jW6gAEx0X-7rlKDcpeYmlHPMlF_kfSwPpGXtV0Ykb6N88uc", "content": "", "creation_timestamp": "2026-03-31T03:00:07.000000Z"}, {"uuid": "e3162a7d-f2f2-4389-bc3e-cc09b96d00d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/BleepingComputer/18917", "content": "\u200aKinsing malware exploits Apache ActiveMQ RCE to plant rootkits\n\nThe Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. [...]\n\nhttps://www.bleepingcomputer.com/news/security/kinsing-malware-exploits-apache-activemq-rce-to-plant-rootkits/", "creation_timestamp": "2023-11-20T20:30:48.000000Z"}, {"uuid": "8a156191-df94-4787-acc0-0cf651df2023", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/50778", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aVulnerability Detection and Mitigation Apache ActiveMQ | Security Architectures and Systems Administration - on - Apache ActiveMQ Deserialization Remote Code Execution (RCE) \u2013 CVE-2023-46604\nURL\uff1ahttps://github.com/vaishnavucv/Project-Vuln-Detection-N-Mitigation_101\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-09-08T21:11:41.000000Z"}, {"uuid": "652e8844-345e-4379-a4ef-4a69ca0fc671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/50777", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aVulnerability Detection and Mitigation Apache ActiveMQ | Security Architectures and Systems Administration - on - Apache ActiveMQ Deserialization Remote Code Execution (RCE) \u2013 CVE-2023-46604\nURL\uff1ahttps://github.com/vaishnavucv/Project-Vuln-Detection-N-Mitigation_101\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-09-08T21:05:27.000000Z"}, {"uuid": "2aa88858-b588-4c8b-a60c-61bf42b45694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7452", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1a CVE-2023-46604 (Apache ActiveMQ RCE Vulnerability) and focused on getting Indicators of Compromise.\nURL\uff1ahttps://github.com/mranv/honeypot.rs\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-05-29T15:20:18.000000Z"}, {"uuid": "784e06b4-aa3b-4100-8495-12b00c045aec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/8h8Hof7StAZ6aRznwRxa4merJrUBQ8lRPVMkNJUc9vM2lk4", "content": "", "creation_timestamp": "2025-09-09T03:00:06.000000Z"}, {"uuid": "2e398a14-08fb-4c72-82d8-5a4dc5520c3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/Cyber_Watch_insider/177", "content": "https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/", "creation_timestamp": "2023-11-02T06:01:02.000000Z"}, {"uuid": "713b0cd9-ec6e-4d25-8c7d-6bc6bf2b0ba0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/hackyourmom/12429", "content": "\ud83d\udc7e \u0425\u0430\u043a\u0435\u0440\u0438 \u043c\u0430\u0441\u043e\u0432\u043e \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u044e\u044c\u0442\u044c Apache ActiveMQ (CVE-2023-46604) \u0456 \u0437\u0430\u043b\u0438\u0432\u0430\u044e\u0442\u044c DripDropper. \u0412\u0456\u043d \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0439, \u0445\u043e\u0432\u0430\u0454\u0442\u044c\u0441\u044f \u0437\u0430 Dropbox, \u043b\u0456\u0437\u0435 \u0432 cron \u0456 \u043c\u0456\u043d\u044f\u0454 SSH. \u041d\u0430\u0439\u0446\u0456\u043a\u0430\u0432\u0456\u0448\u0435 \u2014 \u043f\u0456\u0441\u043b\u044f \u0437\u043b\u043e\u043c\u0443 \u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c \u043e\u0444\u0456\u0446\u0456\u0439\u043d\u0438\u0439 \u043f\u0430\u0442\u0447, \u0449\u043e\u0431 \u0437\u0430\u043a\u0440\u0438\u0442\u0438 \u0434\u0456\u0440\u0443 \u0432\u0456\u0434 \u0456\u043d\u0448\u0438\u0445. \u0421\u0435\u0440\u0432\u0435\u0440 \u0432\u0438\u0433\u043b\u044f\u0434\u0430\u0454 \u0447\u0438\u0441\u0442\u0438\u043c, \u0430\u043b\u0435 \u0432\u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0456 \u0432\u0436\u0435 \u0441\u0438\u0434\u0438\u0442\u044c \u0447\u0443\u0436\u0438\u0439 \u043a\u043e\u0434 \u2139\ufe0f #cybernews", "creation_timestamp": "2025-08-20T10:13:16.000000Z"}, {"uuid": "5ee05965-8dab-4062-a682-1e322be61f05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/403", "content": "Top Security News for 16/11/2023\n\nNovel espionage tool leveraged by pro-Palestinian hacking operation\nhttps://malware.news/t/novel-espionage-tool-leveraged-by-pro-palestinian-hacking-operation/75720#post_1 \n\nExecuting from Memory Using ActiveMQ CVE-2023-46604\nhttps://www.reddit.com/r/netsec/comments/17vv5rq/executing_from_memory_using_activemq_cve202346604/ \n\nRansomware review: November 2023\nhttps://www.malwarebytes.com/blog/threat-intelligence/2023/11/ransomware-review-november-2023 \n\nISC Stormcast For Thursday, November 16th, 2023 https://isc.sans.edu/podcastdetail/8748, (Thu, Nov 16th)\nhttps://isc.sans.edu/diary/rss/30406 \n\nUpload Additional Files into Active Tasks in ANY.RUN\nhttps://malware.news/t/upload-additional-files-into-active-tasks-in-any-run/75725#post_1 \n\nBolstering economic security.\nhttps://thecyberwire.com/podcasts/caveat/195/notes \n\nNew hospital cyber rules mulled in New York\nhttps://malware.news/t/new-hospital-cyber-rules-mulled-in-new-york/75723#post_1 \n\nMicrosoft unveils expansion of AI for security and security for AI at Microsoft Ignite\nhttps://www.microsoft.com/en-us/security/blog/2023/11/15/microsoft-unveils-expansion-of-ai-for-security-and-security-for-ai-at-microsoft-ignite/ \n\nA Simple Python Redirection Container for Red Team Operations\nhttps://www.reddit.com/r/netsec/comments/17vwpes/a_simple_python_redirection_container_for_red/ \n\nSentinelOne acquires Krebs Stamos Group. Radiant Security raises $15 million. RADICL secures an additional $9 million.\nhttps://thecyberwire.com/newsletters/business-briefing/5/46 \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2023-11-16T08:00:06.000000Z"}, {"uuid": "b8dfaed2-b293-4cfb-8fb8-70a0d576d98f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/CyberBulletin/1718", "content": "\u26a1\ufe0fMauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604).\n\n#CyberBulletin", "creation_timestamp": "2024-12-09T13:14:22.000000Z"}, {"uuid": "059f503d-ae7a-4497-bfb8-d656b04d4a69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/250", "content": "\u2604\ufe0fCVE-2023-46604: Apache ActiveMQ RCE\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0448\u0435\u043b\u043b-\u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0442\u0438\u043f\u044b \u043a\u043b\u0430\u0441\u0441\u043e\u0432 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 OpenWire\ud83d\udc7a\n\n\ud83d\udce3\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 PoC:\nhttps://github.com/sule01u/CVE-2023-46604\n\n#cve #rce #exploit", "creation_timestamp": "2023-11-09T13:29:46.000000Z"}, {"uuid": "3672687c-0bfb-4770-8b22-eb7035f28b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/bh_cat/188", "content": "\ud83d\udcd5 \u041f\u043e\u0434\u0431\u043e\u0440\u043e\u0447\u043a\u0430 \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\u042d\u0442\u043e \u043f\u0440\u043e\u0431\u043d\u0438\u043a.\n\n\ud83d\udca1 F5 BIG-IP Unauth RCE via AJP Smuggling\n\n\u041e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435:\nCVE-2023-46747\n\u0421\u043a\u043e\u0440\u0438\u043d\u0433 CVSS3.x:\n\u270d\ufe0f\u270d\ufe0f\u270d\ufe0f\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435:\n- \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u0438\u043c\u0435\u044e\u0449\u0438\u043c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435 BIG-IP \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0440\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438/\u0438\u043b\u0438 \u0441\u0430\u043c\u043e\u043f\u0438\u0441\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b.\nPOC\n\ud83c\udf10 \u0421\u0441\u044b\u043b\u043a\u0430\n\ud83c\udf10 \u0421\u0441\u044b\u043b\u043a\u0430\n\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\n\n\n\ud83d\udca1 ActiveMQ Remote Code Execution\n\n\u041e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435:\nCVE-2023-46604\n\u0421\u043a\u043e\u0440\u0438\u043d\u0433 CVSS3.x:\n\u270d\ufe0f\u270d\ufe0f\u270d\ufe0f\u270d\ufe0f\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: \n- \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u0438\u043c\u0435\u044e\u0449\u0435\u043c\u0443 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0431\u0440\u043e\u043a\u0435\u0440\u0443, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438, \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u0443\u044f \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0442\u0438\u043f\u0430\u043c\u0438 \u043a\u043b\u0430\u0441\u0441\u043e\u0432 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 OpenWire, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0431\u0440\u043e\u043a\u0435\u0440 \u0438\u043d\u0441\u0442\u0430\u043d\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u043a\u043b\u0430\u0441\u0441 \u0432 \u043f\u0443\u0442\u0438 \u043a\u043b\u0430\u0441\u0441\u0430.\nPOC\n\ud83c\udf10 \u0421\u0441\u044b\u043b\u043a\u0430\n\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\n\n\ud83d\udca1 \u041f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 UI Cisco IOS XE\n\n\u041e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435:\n- CVE-2023-20198\n\u0421\u043a\u043e\u0440\u0438\u043d\u0433 CVSS3.x: \n\u270d\ufe0f\u270d\ufe0f\u270d\ufe0f\u270d\ufe0f\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435:\n- \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e, \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0441 \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 15.\nPOC\n\ud83c\udf10 \u0421\u0441\u044b\u043b\u043a\u0430\n\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\u27bf\n\n\ud83d\udca1 Microsoft Exchange Server Remote Code Execution\n\n\u041e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435:\nCVE-2023-36745\n\u0421\u043a\u043e\u0440\u0438\u043d\u0433 CVSS3.x:\n\u270d\ufe0f\u270d\ufe0f\u270d\ufe0f\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435:\n- \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0438 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0436\u0435\u0440\u0442\u0432\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u0440\u043e\u0441\u0442\u043e\u044e \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\nPOC\n\ud83c\udf10 \u0421\u0441\u044b\u043b\u043a\u0430\n\ud83c\udf10 \u0421\u0441\u044b\u043b\u043a\u0430\n\n#poc", "creation_timestamp": "2023-11-10T10:57:44.000000Z"}, {"uuid": "9c7a3f43-85bb-407b-a92f-2886999e03fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/ctinow/146981", "content": "https://ift.tt/MKBP7mi\nSuspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware", "creation_timestamp": "2023-11-02T15:19:46.000000Z"}, {"uuid": "618af9e3-77df-473c-b046-7ce2e6115d73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6723", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aActiveMQ RCE (CVE-2023-46604) \u56de\u663e\u5229\u7528\u5de5\u5177\nURL\uff1ahttps://github.com/Arlenhiack/ActiveMQ-RCE-Exploit\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-03-05T08:31:17.000000Z"}, {"uuid": "66f7eb26-2f74-47eb-8a4b-ea15ce434d9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/kasperskyb2b/978", "content": "\u2699\ufe0f \u0420\u0430\u043d\u0441\u043e\u043c\u0432\u0430\u0440\u0449\u0438\u043a\u0438 \u0432\u0437\u044f\u043b\u0438\u0441\u044c \u0437\u0430 Apache ActiveMQ\n\n\u041d\u0435\u0434\u0430\u0432\u043d\u043e \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0451\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0431\u0440\u043e\u043a\u0435\u0440\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 Apache ActiveMQ (CVE-2023-46604, CVSS 10), \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u0431\u044b\u043b\u0430 \u0432\u0437\u044f\u0442\u0430 \u043d\u0430 \u0432\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u0438\u0435 ransomware-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 HelloKitty. \u041f\u043e\u0441\u043b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Java.exe, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0449\u0430\u044f ActiveMQ, \u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u0437\u0430\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u0434 PNG-\u0444\u0430\u0439\u043b\u044b. \n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043f\u0440\u043e\u0441\u0442\u043e\u0442\u0443 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0437\u0430 HelloKitty \u044f\u0432\u043d\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0434\u0440\u0443\u0433\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u044b \u2014 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u0443\u044e \u0441\u0435\u0442\u044c \u0437\u0430\u0447\u0435\u043c-\u0442\u043e \u0441\u043c\u043e\u0442\u0440\u044f\u0442 \u0442\u044b\u0441\u044f\u0447\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 ActiveMQ. \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 ActiveMQ \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u0440\u043e\u0447\u043d\u043e, \u0430 \u0432 \u0431\u043e\u043b\u0435\u0435 \u0441\u043f\u043e\u043a\u043e\u0439\u043d\u043e\u0439 \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u2014 \u0438\u0437\u0443\u0447\u0438\u0442\u044c \u0438 \u0432\u043e\u043f\u043b\u043e\u0442\u0438\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 Apache \u043f\u043e \u0443\u0441\u0438\u043b\u0435\u043d\u0438\u044e \u0437\u0430\u0449\u0438\u0442\u044b ActiveMQ, \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u0432 \u0447\u0430\u0441\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2023-11-03T11:51:24.000000Z"}, {"uuid": "1e407f1f-6b50-4844-8111-08aeb89190ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/Blackhat_Officials/831", "content": "https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html\n\nCVE-2023-46604(Apache ActiveMQ)\u88ab\u5229\u7528\u6765\u611f\u67d3\u5bc6\u7801\u5668\u548cRootkit\u7cfb\u7edf\n#\u65b0\u95fb", "creation_timestamp": "2023-11-23T11:23:59.000000Z"}, {"uuid": "be7db5f7-c8cf-4bca-8a56-248469332753", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/CkqWcB2-9bV8ckxbIWhMB5p9N1JH4cVPNSmWsfsHUZk6uQ", "content": "", "creation_timestamp": "2023-11-06T18:48:47.000000Z"}, {"uuid": "168ed7b9-2c27-40d0-b4c5-73702d3eba3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/Teamx1945x/1030", "content": "\u200b\u200bActiveMQ RCE (CVE-2023-46604)\n\n Apache ActiveMQ \u0639\u0631\u0636\u0629 \u0644\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u0639\u062f. \u0642\u062f \u062a\u0633\u0645\u062d \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0644\u0645\u0647\u0627\u062c\u0645 \u0639\u0646 \u0628\u0639\u062f \u0644\u062f\u064a\u0647 \u0625\u0645\u0643\u0627\u0646\u064a\u0629 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0634\u0628\u0643\u0629 \u0625\u0644\u0649 \u0648\u0633\u064a\u0637 \u0628\u062a\u0634\u063a\u064a\u0644 \u0623\u0648\u0627\u0645\u0631 shell \u0639\u0634\u0648\u0627\u0626\u064a\u0629 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0645\u0639\u0627\u0644\u062c\u0629 \u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0641\u0626\u0627\u062a \u0627\u0644\u0645\u062a\u0633\u0644\u0633\u0644\u0629 \u0641\u064a \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 OpenWire \u0644\u062c\u0639\u0644 \u0627\u0644\u0648\u0633\u064a\u0637 \u064a\u0642\u0648\u0645 \u0628\u0625\u0646\u0634\u0627\u0621 \u0645\u062b\u064a\u0644 \u0644\u0623\u064a \u0641\u0626\u0629 \u0639\u0644\u0649 \u0645\u0633\u0627\u0631 \u0627\u0644\u0641\u0635\u0644.\n\n https://github.com/X1r0z/ActiveMQ-RCE", "creation_timestamp": "2024-03-29T18:27:12.000000Z"}, {"uuid": "69ca2e59-e3fc-4bf4-8b1b-fba3817a7bc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/eIAKKKujGGX1YtMrhCJdc0NGCUPUvr8Sx3WcOruhN7yC3w", "content": "", "creation_timestamp": "2023-12-14T14:59:58.000000Z"}, {"uuid": "e11baa6b-875d-4b0c-9a7a-659ae068a484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/ctinow/150442", "content": "https://ift.tt/Gmbod9z\nCVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits", "creation_timestamp": "2023-11-20T10:18:22.000000Z"}, {"uuid": "88159f18-f7dd-442b-be6b-c7613eb10392", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/ctinow/150438", "content": "https://ift.tt/Gmbod9z\nCVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits", "creation_timestamp": "2023-11-20T09:42:16.000000Z"}, {"uuid": "f63890e3-23ee-49b5-8a8b-afde3a8ab73e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/WkCj478u4G58ojIUL87WPLotrcOV3WzYpuImpssFRSo1Uw", "content": "", "creation_timestamp": "2023-11-02T20:48:31.000000Z"}, {"uuid": "51ac71a2-43fd-46ed-b740-0a9642eb05fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/tengkorakcybercrewz/3257", "content": "Hackers Feast on Unpatched ActiveMQ!  CVE-2023-46604, a critical remote code execution flaw, is back in the spotlight. \n \nLearn more: https://thehackernews.com/2024/01/apache-activemq-flaw-exploited-in-new.html \n \nUpdate your Apache ASAP or risk ransomware, rootkits, and botnets.", "creation_timestamp": "2024-01-22T16:59:24.000000Z"}, {"uuid": "246bc288-df13-487f-85f3-15e9de13a4ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/4637", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 154 entries in 17 file formats related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.972480000\nNVD-IS: 5.9\nNVD-ES: 3.9\nARPS-EXPLOITABILITY: 0.7831866", "creation_timestamp": "2024-04-13T02:42:19.000000Z"}, {"uuid": "f1c6bcfc-85dd-46a4-be96-a61d19e98c77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/pt_soft/171", "content": "\ud83d\udca3 PoC in GitHub\n\n\ud83d\udcbb \u041e\u0433\u0440\u043e\u043c\u043d\u0430\u044f \u0430\u0432\u0442\u043e-\u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c\u0430\u044f \u043a\u043e\u043b\u043b\u0435\u043a\u0446\u0438\u044f PoC. \u041f\u043e \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443 \u043e\u0447\u0435\u043d\u044c \u0443\u0434\u043e\u0431\u043d\u044b\u0439 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u0438\u043a \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432.\n\n\u041f\u043e\u0438\u0441\u043a \u043f\u043e \u043d\u043e\u043c\u0435\u0440\u0443 CVE:\ncurl 'https://poc-in-github.motikan2010.net/api/v1/?cve_id=CVE-2023-46604' | jq\n\n\u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u0441\u0432\u0435\u0436\u0430\u044f RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Apache ActiveMQ. \u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0443\u0434\u043e\u0431\u043d\u044b\u0439 JSON \u0432\u044b\u0432\u043e\u0434 \u043d\u0430 \u0432\u0441\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430\n\n{\n      \"id\": \"725243332\",\n      \"cve_id\": \"CVE-2023-46604\",\n      \"name\": \"activemq-cve-2023-46604\",\n      \"owner\": \"tomasmussi-mulesoft\",\n      \"full_name\": \"tomasmussi-mulesoft/activemq-cve-2023-46604\",\n      \"html_url\": \"https://github.com/tomasmussi-mulesoft/activemq-cve-2023-46604\",\n      \"description\": \"Repository to exploit CVE-2023-46604 reported for ActiveMQ\",\n      \"stargazers_count\": \"0\",\n      \"vuln_description\": \"Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate\u00a0any class on the classpath.\u00a0\\n\\nUsers are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.\",\n      \"created_at\": \"2023-11-30 03:30:02\",\n      \"updated_at\": \"2023-11-30 03:30:02\",\n      \"pushed_at\": \"2023-11-30 03:30:02\",\n      \"inserted_at\": \"2023-11-30 09:37:18\"\n    }\n\n\u041a\u0430\u043a \u0432\u043e\u0434\u0438\u0442\u0441\u044f, \u043f\u0440\u0438\u043a\u0440\u0443\u0442\u0438\u043b \u043a \u0431\u043e\u0442\u0443:\n\n!poc CVE-2023-46604\n\n\ud83d\udcbb GitHub\n\ud83d\udcbb Home\n\n#poc #github #exploit #cve\n\n\u2708\ufe0f // Pentest HaT \ud83c\udfa9", "creation_timestamp": "2023-12-04T12:23:11.000000Z"}, {"uuid": "c34cdaf9-7a83-448e-9bd5-345bdf08c24e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/1834", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 102 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.968050000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-16T15:14:15.000000Z"}, {"uuid": "d928baf4-ab01-47e2-a9a1-c1d73e1c92eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/874", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 102 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.968050000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-02T01:26:35.000000Z"}, {"uuid": "a9c29888-a606-4642-bd12-075be23c7ff9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/1788", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 102 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.968050000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-12T01:39:05.000000Z"}, {"uuid": "bfa5b3f8-ae77-411b-8a59-d8bee84bd093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/922", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 96 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.968050000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-03T11:35:49.000000Z"}, {"uuid": "ff34c93e-f59e-4db9-9ae1-b69654e3f975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/839", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 101 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.968050000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-01T07:46:40.000000Z"}, {"uuid": "152e53f5-7d12-440b-a065-9f0b2a51edef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/790", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 99 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.966470000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-30T07:18:49.000000Z"}, {"uuid": "fdda3710-1547-46a6-93c5-c0ef76f8bc7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/826", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 100 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.966470000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-30T19:35:02.000000Z"}, {"uuid": "bfabca09-a9dc-4de8-932b-c87789a8613e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/645", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 97 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.966470000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-28T13:32:56.000000Z"}, {"uuid": "4c5343da-3f58-433e-a48a-82559ba138dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "Telegram/KWy9x43_m_4oS4p8sjBIZiJ2agceiLXJ74W7PzvhYs8QAQ", "content": "", "creation_timestamp": "2023-11-29T06:37:12.000000Z"}, {"uuid": "45072c1c-fea1-4011-bc02-97c1a94b019c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/561", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 30 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.966470000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-25T02:03:40.000000Z"}, {"uuid": "2b5229ab-61fa-44fd-ba99-6e52cea1a6dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/296", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 23 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.965740000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-20T15:55:09.000000Z"}, {"uuid": "af8fffb6-ea8c-49b9-9b94-82a16ca227a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/284", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 22 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.\n\nFIRST-EPSS: 0.965740000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-19T16:28:56.000000Z"}, {"uuid": "dc2212c4-9c03-40bf-a78a-593becf7b1ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4585", "content": "https://system32.ink/apache-activemq-rce-cve-2023-46604-exploit/", "creation_timestamp": "2023-11-05T03:42:35.000000Z"}, {"uuid": "2706cd6a-cedf-4a73-a149-285b01039a7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/1660", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 102 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.968050000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T16:58:02.000000Z"}, {"uuid": "802cad46-2cb5-468b-abc6-c7c5c25f6141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/9_hSQ5H_XCdMIWoxBCsN5onf45I8pzWT1rnfQOk1J6gzkg", "content": "", "creation_timestamp": "2023-11-15T18:25:32.000000Z"}, {"uuid": "45306d84-42f0-4469-b20f-548f2b3880fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/KomunitiSiber/1077", "content": "New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar\nhttps://thehackernews.com/2023/11/new-poc-exploit-for-apache-activemq.html\n\nCybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory.\nTracked as\u00a0CVE-2023-46604\u00a0(CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands.\nIt was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6,", "creation_timestamp": "2023-11-15T15:58:54.000000Z"}, {"uuid": "229facb1-36f5-4634-921c-65b3134e7013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/KomunitiSiber/1136", "content": "GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability\nhttps://thehackernews.com/2023/11/gotitan-botnet-spotted-exploiting.html\n\nThe recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called\u00a0GoTitan\u00a0as well as a .NET program known as\u00a0PrCtrl Rat\u00a0that's capable of remotely commandeering the infected hosts.\nThe attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0) that has been\u00a0", "creation_timestamp": "2023-11-29T06:24:16.000000Z"}, {"uuid": "1fe36503-66f4-4c06-a5f8-ddc3b5dcbf11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/lG6pt5UtBUCzn-IF2Ytstw8S3_g1FpOFh4eJ9RqNUd8P9lg", "content": "", "creation_timestamp": "2023-11-29T19:53:49.000000Z"}, {"uuid": "ef3e280e-82d5-41fd-a819-349da1914410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "Telegram/7koUXiQYjANVreQRymdkTng-drcHtTeg6KyrU5xTB_ps-oE", "content": "", "creation_timestamp": "2023-11-22T22:32:00.000000Z"}, {"uuid": "f3af79c6-8e3f-49c0-9bcc-435864361c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/breachdetector/491278", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"What is CVE-2023-46604 Apache ActiveMQ ?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"09 Apr 2024\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2024-04-09T11:09:38.000000Z"}, {"uuid": "2f9b78bb-ae7f-4803-8fed-9910fcb5cd8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/breachdetector/491262", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2023-46604 Apache ActiveMQ Nedir ?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"09 Apr 2024\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2024-04-09T10:44:14.000000Z"}, {"uuid": "c7c133fd-11dc-4393-b6c8-1987fc389d3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/AactUrH-EIy6JdXWM4VPE9pcjyt1yqOYuT7uQixSUbYBJC0", "content": "", "creation_timestamp": "2023-11-08T03:49:03.000000Z"}, {"uuid": "2d1f5020-76e4-402b-9d03-d42411b205a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/true_secator/5145", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 AhnLab \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442, \u0447\u0442\u043e\u00a0\u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u0430\u044f \u0410\u0420\u0422 Andariel \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u0438\u043b\u0430\u0441\u044c \u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Apache ActiveMQ \u0447\u0435\u0440\u0435\u0437 CVE-2023-46604 \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u0432 NukeSped \u0438 TigerRat.\n\n\u042f\u0432\u043b\u044f\u044f\u0441\u044c \u043f\u043e\u0434\u0433\u0440\u0443\u043f\u043f\u043e\u0439 Lazarus, \u0445\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u042e\u0436\u043d\u0443\u044e \u041a\u043e\u0440\u0435\u044e \u0441 2008 \u0433\u043e\u0434\u0430, \u0430 \u0432 \u0447\u0438\u0441\u043b\u0435 \u0438\u0445 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u0446\u0435\u043b\u0435\u0439 - \u043e\u0431\u044a\u0435\u043a\u0442\u044b \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u043e\u0431\u043e\u0440\u043e\u043d\u044b, \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438, \u0441\u0443\u0434\u043e\u0441\u0442\u0440\u043e\u0435\u043d\u0438\u044f, \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0438, \u043b\u043e\u0433\u0438\u0441\u0442\u0438\u043a\u0438 \u0438 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0439, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0430\u0443\u0447\u043d\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0438 IT-\u0441\u0435\u043a\u0442\u043e\u0440.\n\nAndariel \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0444\u0438\u0448\u0438\u043d\u0433, \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0432\u043e\u0434\u043e\u043f\u043e\u0438 \u0438 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u0430 \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445 \u0433\u0440\u0443\u043f\u043f\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 Log4Shell \u0438 TeamCity, \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b MS-SQL \u0438\u043b\u0438 \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u043b\u0430 \u0437\u0430\u043a\u043e\u043d\u043d\u044b\u043c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435\u043c.\n\n\u041e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0438 \u0433\u0440\u0443\u043f\u043f\u044b Andariel, AhnLab \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0441\u043b\u0435\u0434\u043e\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 NukeSped \u0432 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0438\u0441\u0442\u0435\u043c. \u0414\u043e \u043a\u043e\u043d\u0446\u0430 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u0442\u044c, \u0447\u0442\u043e \u0438\u043c\u0435\u043d\u043d\u043e CVE-2023-46604 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0435\u043a\u0442\u043e\u0440\u0430, \u0442\u0430\u043a \u0438 \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c, \u0430 \u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u043c\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u043f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0447\u0435\u0433\u043e \u0431\u044b\u043b\u0430 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043d\u0430 HelloKitty.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u043e, \u0447\u0442\u043e \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0430\u0442\u0430\u043a\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u043a\u043b\u0430\u0441\u0441\u0430 Java, \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u043c\u044b\u0439 \u0432 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u043c \u043e\u0442\u0447\u0435\u0442\u0435 Huntress, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0432 \u0441\u0440\u0435\u0434\u0430\u0445 Windows \u0438\u043b\u0438 Linux. \u0422\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0436\u0443\u0440\u043d\u0430\u043b\u044b \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Stager CobaltStrike \u0438 Metasploit Meterpreter.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432 \u043e\u0442\u0447\u0435\u0442\u0435 Huntress \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043b\u043e\u0441\u044c \u043a\u0430\u043a\u043e\u0435-\u043b\u0438\u0431\u043e \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e, \u0432 \u043e\u0434\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u0441 hxxp://27.102.128[.]152:8098/bit[.]ico, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u043b URL-\u0430\u0434\u0440\u0435\u0441\u0443, \u0441 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d TigerRat.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0439 NukeSped \u2014 \u044d\u0442\u043e \u0431\u044d\u043a\u0434\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u0435\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u043c\u0430\u043d\u0434, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0445 \u043e\u0442 \u04212, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u0438\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Andariel, \u0434\u043b\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043e\u0431\u0440\u0430\u0437\u0435\u0446 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u043b \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u0440\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b: \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0444\u0430\u0439\u043b\u043e\u0432, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432, \u0432 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445  \u0432\u0435\u0440\u0441\u0438\u0439, \u0438\u043c\u0435\u044e\u0449\u0438\u0445 \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u043d\u0430\u0431\u043e\u0440 \u043a\u043e\u043c\u0430\u043d\u0434.\n\n\u041a\u0430\u043a \u0438 \u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u0442\u0438\u043f\u0438\u0447\u043d\u044b\u0445 \u0442\u0438\u043f\u0430\u0445 NukeSped, \u0432\u0441\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 API \u0438 \u0441\u0442\u0440\u043e\u043a\u0438 \u0448\u0438\u0444\u0440\u0443\u044e\u0442\u0441\u044f, \u0437\u0430\u0442\u0435\u043c \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f.\u00a0\u041c\u0435\u0442\u043e\u0434 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 1-\u0431\u0430\u0439\u0442\u043e\u0432\u044b\u0439 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c XOR \u0441\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435\u043c \u043a\u043b\u044e\u0447\u0430 0xA1.\u00a0\u041f\u043e\u043c\u0438\u043c\u043e 0xA1, \u0432 \u043f\u0440\u043e\u0448\u043b\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0430\u0442\u0430\u043a \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043a\u043b\u044e\u0447\u0435\u0439 0x97 \u0438 0xAB.\n\n\u0412\u0441\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438, \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0435 \u0432 \u0445\u043e\u0434\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0410\u0420\u0422 - \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043e\u0442\u0447\u0435\u0442\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0430 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u0438\u0445 \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u0445\u043e\u0442\u044f \u0441 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e CVE-2023-46604 \u043f\u0440\u043e\u0448\u043b\u043e \u043d\u0435 \u0442\u0430\u043a \u043c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0432 \u0441\u0442\u043e\u043b\u044c \u043a\u043e\u0440\u043e\u0442\u043a\u0439\u0438 \u0441\u0440\u043e\u043a \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u0430\u043c\u0438 \u0430\u0442\u0430\u043a, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438\u043d\u0441\u043f\u0438\u0440\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0410\u0420\u0422.", "creation_timestamp": "2023-11-30T09:31:26.000000Z"}, {"uuid": "150a322d-5fe9-463a-93bc-324f861748e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/true_secator/5118", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Trend Micro \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Apache ActiveMQ \u043f\u043e\u043c\u0438\u043c\u043e \u0431\u0430\u043d\u0434 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 HelloKitty\u00a0\u0438\u00a0TellYouThePass \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u0431\u043e\u0442\u043d\u0435\u0442\u0430 Kinsing.\n\n\u041e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 CVE-2023-46604 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 ActiveMQ \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c Linux \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043c\u0430\u0439\u043d\u0435\u0440\u043e\u0432 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b.\n\n\u041e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b\u00a0Kinsing\u00a0\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b \u0442\u0435\u043c, \u0447\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0447\u0430\u0441\u0442\u043e \u0443\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u0438\u0437 \u0432\u0438\u0434\u0443 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b, \u043a\u0430\u043a \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 Log4Shell\u00a0\u0438\u043b\u0438\u00a0Atlassian Confluence RCE.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0442 \u043c\u0435\u0442\u043e\u0434 ProcessBuilder \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f bash-\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0438\u0437 \u0432\u043d\u043e\u0432\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f.\n\n\u041f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u043e \u043c\u0435\u0442\u043e\u0434\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043e\u043d \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c\u0443 \u041f\u041e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0441\u043b\u043e\u0436\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0438 \u0433\u0438\u0431\u043a\u043e\u0441\u0442\u0438, \u0438\u0437\u0431\u0435\u0433\u0430\u044f \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f.\n\n\u041f\u0440\u0435\u0436\u0434\u0435 \u0447\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u044b, Kinsing \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u043c\u0430\u0448\u0438\u043d\u0443 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043c\u0430\u0439\u043d\u0435\u0440\u043e\u0432 Monero, \u0443\u043d\u0438\u0447\u0442\u043e\u0436\u0430\u044f \u0432\u0441\u0435 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b, crontab \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f.\n\n\u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e  \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u0441\u0442\u0432\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e cronjob, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0435\u0442 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442 \u0440\u0443\u0442\u043a\u0438\u0442 \u0432 /etc/ld.so.preload.\n\n\u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0440\u0443\u0442\u043a\u0438\u0442\u0430 \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u0443\u0435\u0442, \u0447\u0442\u043e \u0435\u0433\u043e \u043a\u043e\u0434 \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c\u0441\u044f \u043f\u0440\u0438 \u043a\u0430\u0436\u0434\u043e\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u043d \u043e\u0441\u0442\u0430\u043d\u0435\u0442\u0441\u044f \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043a\u0440\u044b\u0442\u044b\u043c \u0438 \u0442\u0440\u0443\u0434\u043d\u043e\u0443\u0434\u0430\u043b\u044f\u0435\u043c\u044b\u043c.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0447\u0438\u0441\u043b\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 CVE-2023-46604, \u043f\u0440\u043e\u0433\u0440\u0435\u0441\u0441\u0438\u0432\u043d\u043e \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f, \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u0435\u043a\u0442\u043e\u0440\u0430\u0445 \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0438\u0445 \u0443\u0447\u0430\u0441\u0442\u0438\u044f \u0432 \u0430\u0442\u0430\u043a\u0435 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043c\u0443\u0434\u0430\u043a\u043e\u0432 \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u043b\u0438  \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.", "creation_timestamp": "2023-11-22T17:59:33.000000Z"}, {"uuid": "85fdfca0-6c85-49bc-be60-9e5fd83a0b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/true_secator/5091", "content": "\u041f\u043e\u044f\u0432\u0438\u0432\u0448\u0438\u0439\u0441\u044f \u043d\u043e\u0432\u044b\u0439 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Apache ActiveMQ \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0441\u0442\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0435\u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u043c\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 VulnCheck \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043d\u043e\u0432\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u043a\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e CVE-2023-46604\u00a0(\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 10,0) \u0432 Apache ActiveMQ \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 Apache \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 5.15.16, 5.16.7, 5.17.6 \u0438\u043b\u0438 5.18.3, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u0435\u0449\u0435 \u0432 \u043a\u043e\u043d\u0446\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u00a0\u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u0442\u0430\u043a\u0438\u0445 ransomware \u043a\u0430\u043a HelloKitty \u0438 TellYouThePass, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f SparkRAT.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u043d\u043e\u0432\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c\u00a0VulnCheck, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442\u0441\u044f\u00a0\u043d\u0430 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u044b\u043b \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442 25 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2023 \u0433\u043e\u0434\u0430.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f ClassPathXmlApplicationContext, \u0441\u0440\u0435\u0434\u044b Spring \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u0432 ActiveMQ, \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 XML-\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u00a0\u0447\u0435\u0440\u0435\u0437 HTTP \u0438 \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f RCE \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, VulnCheck \u0441\u043c\u043e\u0433\u043b\u0438 \u043f\u0440\u0438\u0434\u0443\u043c\u0430\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u0441\u043a\u0440\u044b\u0442\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438 \u0434\u0430\u0436\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u043f\u0438\u0440\u0430\u0435\u0442\u0441\u044f \u043d\u0430\u00a0FileSystemXmlApplicationContext\u00a0\u0438 \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0435 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0435 SpEL\u00a0\u0432\u043c\u0435\u0441\u0442\u043e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 init-method, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0441\u0431\u0440\u043e\u0441\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043d\u0430 \u0434\u0438\u0441\u043a.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0441\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432 \u0444\u0430\u0439\u043b\u0435 activemq.log \u043f\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u043e\u0431 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438, \u0447\u0442\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0442\u0430\u043a\u0436\u0435 \u043e\u0447\u0438\u0441\u0442\u043a\u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0441\u043b\u0435\u0434\u0430.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u0442\u0435\u043f\u0435\u0440\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u0441\u043a\u0440\u044b\u0442\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2023-46604, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 ActiveMQ \u0438\u043c\u0435\u0435\u0442 \u043e\u0441\u043e\u0431\u044b\u0439 \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442.", "creation_timestamp": "2023-11-16T11:53:57.000000Z"}, {"uuid": "8696900f-f214-470e-b5f2-c7bc337587ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/729", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 98 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.966470000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-29T11:59:53.000000Z"}, {"uuid": "ec3d9964-96dc-4c52-be95-ebdc09818457", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/314", "content": "Hackers Feast on Unpatched ActiveMQ!  CVE-2023-46604, a critical remote code execution flaw, is back in the spotlight. \n \nLearn more: https://thehackernews.com/2024/01/apache-activemq-flaw-exploited-in-new.html \n \nUpdate your Apache ASAP or risk ransomware, rootkits, and botnets.", "creation_timestamp": "2024-01-22T16:59:24.000000Z"}, {"uuid": "812fd797-6317-4515-b3f2-8653216deb31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/uT9sUuLzJ7mljLMv83o-xR7L3rBffmKTpZTwj9jnFA3DQA", "content": "", "creation_timestamp": "2023-11-05T03:43:59.000000Z"}, {"uuid": "04798a89-cc81-46b2-9b1c-62eca34f4adf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1818", "content": "CVE-2023-46604 ActiveMQ RCE\nexploit + xml\n\n#activemq", "creation_timestamp": "2023-11-08T10:50:29.000000Z"}, {"uuid": "e02cb43c-aff8-475e-8da2-1bcf8d588c43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/cybersecs/2770", "content": "Invicti Professional v24.3.0 - 12 Mar 2024\n\nDownload: https://ponies.cloud/scanner_web/invicti/Invicti-Professional-v24.3.0-Pwn3rzs-CyberArsenal.rar\nPassword: Pwn3rzs\n\nChangelog:\n\nNEW FEATURES\n\nAdded the ability to force authentication verifier agents to use incognito mode by default on Chromium browsers\n\nNEW SECURITY CHECKS\n\nAdded detection for ActiveMQ RCE to the OOB RCE Attack Pattern (CVE-2023-46604)\n\nFIXES\n\nAdded a Cookie Source field to the Knowledge Base Cookies screen", "creation_timestamp": "2024-03-17T20:51:21.000000Z"}, {"uuid": "4ea3849f-069a-438b-8b61-3699d856d73f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/true_secator/5054", "content": "\u041f\u043e\u043c\u0438\u043c\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0430\u0433\u0438 Atlassian Confluence \u0432 \u0430\u043a\u0442\u0438\u0432\u0435 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Apache ActiveMQ RCE, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430 \u0434\u0432\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u0434\u043e \u0432\u044b\u0445\u043e\u0434\u0430 \u043f\u0430\u0442\u0447\u0430 \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 0-day.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 ArcticWolf \u0438 Huntress Labs \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 CVE-2023-46604 \u0430\u0442\u0430\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e SparkRAT \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 ActiveMQ \u0435\u0449\u0435 10 \u043e\u043a\u0442\u044f\u0431\u0440\u044f, \u0437\u0430\u0434\u043e\u043b\u0433\u043e \u0434\u043e \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Apache \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c 25 \u043e\u043a\u0442\u044f\u0431\u0440\u044f. \n\n\u0410 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0432 \u0441\u0435\u0442\u0438 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u043e\u0441\u044c \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u00a0\u0431\u043e\u043b\u0435\u0435 9200\u00a0\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Apache ActiveMQ, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445\u00a0\u0431\u043e\u043b\u0435\u0435 4770\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 CVE-2023-46604 \u0434\u0430\u0436\u0435 \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u0445\u043e\u0434\u0430 \u043f\u0430\u0442\u0447\u0430, \u043a \u0430\u0442\u0430\u043a\u0430\u043c \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u0438\u043b\u0438\u0441\u044c \u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438.\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u043a\u0430\u043a \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Huntress Labs \u0438 Rapid7, \u0431\u044b\u043b\u0438 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e HelloKitty, \u0430 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0438 \u043a \u043d\u0438\u043c \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438\u0441\u044c TellYouThePass.\n\n\u0427\u0442\u043e \u043d\u0435 \u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0432\u0435\u0434\u044c Apache ActiveMQ \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0431\u0440\u043e\u043a\u0435\u0440\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445. \n\n\u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0432\u0441\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043e\u0431\u043d\u043e\u0432\u0438\u0432 ActiveMQ \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0439 5.15.16, 5.16.7, 5.17.6 \u0438 5.18.3.", "creation_timestamp": "2023-11-07T14:50:21.000000Z"}, {"uuid": "d17c4593-4cfc-4507-a60a-09c6243ca82a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/true_secator/5041", "content": "\u0411\u043e\u043b\u0435\u0435 3000 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Apache ActiveMQ \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\nApache ActiveMQ \u2014 \u044d\u0442\u043e \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0431\u0440\u043e\u043a\u0435\u0440 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 Java \u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043c\u0435\u0436\u044a\u044f\u0437\u044b\u043a\u043e\u0432\u044b\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f AMQP, MQTT, OpenWire \u0438 STOMP.\n\n\u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0435 \u0440\u0430\u0437\u043d\u043e\u043e\u0431\u0440\u0430\u0437\u043d\u043e\u0433\u043e \u043d\u0430\u0431\u043e\u0440\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0445 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u043e\u043d \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445, \u0433\u0434\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043e\u0431\u043c\u0435\u043d\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0431\u0435\u0437 \u043f\u0440\u044f\u043c\u043e\u0433\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f CVE-2023-46604 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS v3: 10,0 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0442\u0438\u043f\u044b \u043a\u043b\u0430\u0441\u0441\u043e\u0432 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 OpenWire.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044e Apache\u00a0\u043e\u0442 27 \u043e\u043a\u0442\u044f\u0431\u0440\u044f, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Apache Active MQ \u0438 Legacy OpenWire Module \u0432\u0435\u0440\u0441\u0438\u0438 5.18.x \u0434\u043e 5.18.3, 5.17.x \u0434\u043e 5.17.6, 5.16.x \u0434\u043e 5.16.7 \u0438 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043e 5.15.16.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0432 \u0442\u043e\u0442 \u0436\u0435 \u0434\u0435\u043d\u044c \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0439 5.15.16, 5.16.7, 5.17.6 \u0438 5.18.3.\n\n\u041d\u043e \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u044d\u0442\u043e, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 ShadowServer\u00a0\u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u043b\u0438 7249 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0441 ActiveMQ, \u0438\u0437 \u043d\u0438\u0445 3329 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0432\u0435\u0440\u0441\u0438\u044e ActiveMQ, \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0434\u043b\u044f CVE-2023-4660, \u043f\u0440\u0438\u0447\u0435\u043c \u0432\u0441\u0435 \u044d\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f RCE.\n\n\u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 (1400) \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u044b \u0432 \u041a\u0438\u0442\u0430\u0435, \u0437\u0430\u0442\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0421\u0428\u0410 \u0441 530, \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u044f \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442 \u0442\u0440\u0435\u0442\u044c\u0435 \u0441 153, \u0430 \u0418\u043d\u0434\u0438\u044f, \u041d\u0438\u0434\u0435\u0440\u043b\u0430\u043d\u0434\u044b, \u0420\u043e\u0441\u0441\u0438\u044f, \u0424\u0440\u0430\u043d\u0446\u0438\u044f \u0438 \u042e\u0436\u043d\u0430\u044f \u041a\u043e\u0440\u0435\u044f \u0438\u043c\u0435\u044e\u0442 \u043f\u043e 100 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043a\u0430\u0436\u0434\u0430\u044f.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0440\u043e\u043b\u044c Apache ActiveMQ \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0431\u0440\u043e\u043a\u0435\u0440\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2023-46604 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438 \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0432 \u0441\u0435\u0442\u0438.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f CVE-2023-46604 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b, \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043a\u0430\u043a \u0431\u0435\u0437\u043e\u0442\u043b\u0430\u0433\u0430\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0438 \u043a\u0440\u0430\u043d\u0435 \u0441\u0440\u043e\u0447\u043d\u0443\u044e \u043c\u0435\u0440\u0443.", "creation_timestamp": "2023-11-02T14:24:42.000000Z"}, {"uuid": "c27a9813-29a1-41b3-84cd-8234a36cc20f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/cibsecurity/73057", "content": "\u203c CVE-2023-46604 \u203c\n\nApache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate\u00c2\u00a0any class on the classpath.\u00c2\u00a0Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-27T18:17:07.000000Z"}, {"uuid": "d3d0efef-69c8-46e6-b4fb-91598c910dc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/ctinow/214463", "content": "https://ift.tt/Wu5jSmd\nThe Threat That Can\u2019t Be Ignored: CVE-2023-46604 in Apache ActiveMQ", "creation_timestamp": "2024-04-09T13:56:57.000000Z"}, {"uuid": "b657f4ba-5927-4497-86a3-9f908a03ce4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/ctinow/180720", "content": "https://ift.tt/yqInvtf\nCVE-2023-46604 | Oracle Communications Element Manager up to 9.0.2.0.1 Security deserialization", "creation_timestamp": "2024-02-07T14:46:53.000000Z"}, {"uuid": "1f44a1dc-5609-489a-a95f-f5d4530d1876", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/ctinow/180722", "content": "https://ift.tt/B6V9hWQ\nCVE-2023-46604 | Oracle Communications Session Report Manager up to 9.0.2.0.1 Security deserialization", "creation_timestamp": "2024-02-07T14:46:55.000000Z"}, {"uuid": "c3987506-6929-4411-9af4-9d53b17b58af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/ctinow/181257", "content": "https://ift.tt/rkIvRzL\nCVE-2023-46604 | Oracle Banking Digital Experience 22.1.0/22.2.0 UI General deserialization", "creation_timestamp": "2024-02-08T10:11:44.000000Z"}, {"uuid": "ebd621f0-df15-4d9c-9b06-5ef869bd391f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/ctinow/181755", "content": "https://ift.tt/AtR0dJ9\nCVE-2023-46604 | Oracle Enterprise Data Quality 12.2.1.4.0 General deserialization", "creation_timestamp": "2024-02-09T01:46:29.000000Z"}, {"uuid": "4549408c-b790-4249-bc86-86921d3cd96f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/ctinow/181254", "content": "https://ift.tt/smBXJHQ\nCVE-2023-46604 | Oracle Banking APIs 22.1.0/22.2.0 IDM - Authentication deserialization", "creation_timestamp": "2024-02-08T10:11:38.000000Z"}, {"uuid": "4abdd6ec-0842-4dfe-be81-4cf9914d59a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/ctinow/181280", "content": "https://ift.tt/8my7WFI\nCVE-2023-46604 | Oracle Financial Services Analytical Applications Infrastructure deserialization", "creation_timestamp": "2024-02-08T11:07:10.000000Z"}, {"uuid": "b2bde30e-c053-4ab1-bc8c-ba6048cd4b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/xakep_ru/14940", "content": "\u0412\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Apache ActiveMQ\n\n\u041d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0431\u043e\u043b\u0435\u0435 3000 \u0442\u044b\u0441\u044f\u0447 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Apache ActiveMQ, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442, \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043f\u0435\u0440\u0435\u0434 \u0441\u0432\u0435\u0436\u0435\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e (CVE-2023-46604). \u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0431\u0430\u0433 \u0443\u0436\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u0435\u0442\u0441\u044f \u0430\u0442\u0430\u043a\u0430\u043c. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043f\u044b\u0442\u0430\u044e\u0442\u0441\u044f \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u044c\u0449\u0438\u043a\u0430 HelloKitty.\n\nhttps://xakep.ru/2023/11/03/apache-activemq-rce/", "creation_timestamp": "2023-11-03T18:35:37.000000Z"}, {"uuid": "72552591-1f61-48ee-8d1b-017b661a2cef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/thehackernews/4206", "content": "\ud83d\udea8 Apache ActiveMQ's CVE-2023-46604 flaw is under active exploitation by  hackers to distribute two dangerous programs: GoTitan, a Go-based botnet, and PrCtrl Rat, a .NET threat. \n \nRead details: https://thehackernews.com/2023/11/gotitan-botnet-spotted-exploiting.html", "creation_timestamp": "2023-11-29T06:11:47.000000Z"}, {"uuid": "ad062c47-902d-41be-a6ad-466c0ed3bd82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/thehackernews/4088", "content": "\ud83d\udea8 Urgent: Thousands of internet-accessible ActiveMQ instances are at risk. \n \nHelloKitty ransomware group is actively exploiting a critical Remote Code Execution (RCE) flaw, CVE-2023-46604, in Apache ActiveMQ. \n \nFind details here \u27a1\ufe0f https://thehackernews.com/2023/11/hellokitty-ransomware-group-exploiting.html", "creation_timestamp": "2023-11-02T05:37:58.000000Z"}, {"uuid": "acabf689-21f6-417b-bb7e-82870f0c5309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/4152", "content": "\u26a0\ufe0f New PoC exploit for CVE-2023-46604 flaw in Apache ActiveMQ could let attackers stealthily execute malicious code. \n \nCVSS score: 10.0! Are your servers secure? \n \nLearn more about this critical vulnerability: https://thehackernews.com/2023/11/new-poc-exploit-for-apache-activemq.html", "creation_timestamp": "2023-11-15T14:51:30.000000Z"}, {"uuid": "2c235cef-762d-49b4-8533-ec8869fe33a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/thehackernews/4434", "content": "Hackers Feast on Unpatched ActiveMQ!  CVE-2023-46604, a critical remote code execution flaw, is back in the spotlight. \n \nLearn more: https://thehackernews.com/2024/01/apache-activemq-flaw-exploited-in-new.html \n \nUpdate your Apache ASAP or risk ransomware, rootkits, and botnets.", "creation_timestamp": "2024-01-22T16:55:39.000000Z"}, {"uuid": "18acb2aa-4a91-4b7c-9785-d4837854428a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/xakep_ru/15019", "content": "\u041c\u0430\u043b\u0432\u0430\u0440\u044c Kinsing \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Apache ActiveMQ \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0440\u0443\u0442\u043a\u0438\u0442\u0430\n\n\u041e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u043c\u0430\u043b\u0432\u0430\u0440\u0438 Kinsing \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-46604 \u0432 Apache ActiveMQ \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 Linux-\u0441\u0438\u0441\u0442\u0435\u043c. \u041a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u043d\u044b\u0445 \u043c\u0430\u0439\u043d\u0435\u0440\u043e\u0432 \u043d\u0430 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445.\n\nhttps://xakep.ru/2023/11/22/kinsing-apache-activemq/", "creation_timestamp": "2023-11-22T17:05:26.000000Z"}, {"uuid": "cb2b30d8-02cd-437b-9feb-6bef20e8c4c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9351", "content": "#tools\n#Blue_Team_Techniques\n1. ActiveMQ RCE vulnerability (CVE-2023-46604) verification/exploitation tool\nhttps://github.com/sule01u/CVE-2023-46604\n2. A comprehensive tool that provides an insightful analysis of MS monthly security updates\nhttps://github.com/xaitax/PatchaPalooza", "creation_timestamp": "2023-11-08T10:59:01.000000Z"}, {"uuid": "2506f6af-a44d-49b9-8ff2-110db2775629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "Telegram/FLV6t7Va3c__w7z9N_mSu7nucQbg4vUfz1QpezNhFqmT_OM", "content": "", "creation_timestamp": "2026-05-02T21:00:04.000000Z"}, {"uuid": "2b237a2b-2259-41a9-b61d-c5a1bb879ff7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/CyberBulletin/26743", "content": "\u26a1\ufe0fMauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604).\n\n#CyberBulletin", "creation_timestamp": "2024-12-09T13:14:22.000000Z"}, {"uuid": "f8130e7f-ba1c-466b-91e4-d48248ca3b61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1462", "content": "https://github.com/sule01u/CVE-2023-46604\n#github #exploit", "creation_timestamp": "2023-11-08T14:05:09.000000Z"}, {"uuid": "942273fc-45a2-44bb-b4a7-87791c34f244", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/CNArsenal/1569", "content": "https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html\n\nCVE-2023-46604(Apache ActiveMQ)\u88ab\u5229\u7528\u6765\u611f\u67d3\u5bc6\u7801\u5668\u548cRootkit\u7cfb\u7edf\n#\u65b0\u95fb", "creation_timestamp": "2023-11-23T05:01:48.000000Z"}, {"uuid": "1a564445-e9b4-4b26-a39d-039fb5ca8640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/9449", "content": "#Malware_analysis\n1. Diamond Sleet supply chain compromise distributes a modified CyberLink installer\nhttps://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer\n2. HrServ - malware web shell DLL\nhttps://securelist.com/hrserv-apt-web-shell/111119\n3. CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits\nhttps://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html", "creation_timestamp": "2023-11-23T10:58:01.000000Z"}, {"uuid": "53f70451-93af-44a9-b766-89cbf1c23921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9336", "content": "#exploit\n1. CVE-2023-22518:\nAn Exploitation tool to exploit the confluence server (Improper Authorization)\nhttps://github.com/sanjai-AK47/CVE-2023-22518\n\n2. CVE-2023-46604:\nAchieving a Reverse Shell Exploit for Apache ActiveMQ\nhttps://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ\n\n3. CVE-2023-37903:\nvm2 Sandbox Escape vulnerability\nhttps://github.com/7h3h4ckv157/CVE-2023-37903", "creation_timestamp": "2025-02-04T15:50:46.000000Z"}, {"uuid": "eb8addc4-2708-49f8-a13c-bf9e634a82bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1642", "content": "#exploit\n1. CVE-2023-22518:\nAn Exploitation tool to exploit the confluence server (Improper Authorization)\nhttps://github.com/sanjai-AK47/CVE-2023-22518\n\n2. CVE-2023-46604:\nAchieving a Reverse Shell Exploit for Apache ActiveMQ\nhttps://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ\n\n3. CVE-2023-37903:\nvm2 Sandbox Escape vulnerability\nhttps://github.com/7h3h4ckv157/CVE-2023-37903", "creation_timestamp": "2024-08-16T08:43:34.000000Z"}, {"uuid": "ace32a34-1c8c-4edd-9897-71e73eba87de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/Rootsec_2/2000", "content": "#Malware_analysis\n1. Diamond Sleet supply chain compromise distributes a modified CyberLink installer\nhttps://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer\n2. HrServ - malware web shell DLL\nhttps://securelist.com/hrserv-apt-web-shell/111119\n3. CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits\nhttps://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html", "creation_timestamp": "2024-08-16T08:51:05.000000Z"}, {"uuid": "d4cb2bd1-3c98-44a8-b728-7098bf54e5b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/Rootsec_2/2005", "content": "https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html\n\nCVE-2023-46604(Apache ActiveMQ)\u88ab\u5229\u7528\u6765\u611f\u67d3\u5bc6\u7801\u5668\u548cRootkit\u7cfb\u7edf\n#\u65b0\u95fb", "creation_timestamp": "2024-08-16T08:51:06.000000Z"}, {"uuid": "785265e4-d5a3-4afd-b33f-fb75a4db8dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "exploited", "source": "https://t.me/Rootsec_2/2053", "content": "#Malware_analysis\n1. Diamond Sleet supply chain compromise distributes a modified CyberLink installer\nhttps://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer\n2. HrServ - malware web shell DLL\nhttps://securelist.com/hrserv-apt-web-shell/111119\n3. CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits\nhttps://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html", "creation_timestamp": "2024-08-16T08:51:14.000000Z"}, {"uuid": "47029d1b-07f7-4903-aa10-960d3e1e664f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1662", "content": "#tools\n#Blue_Team_Techniques\n1. ActiveMQ RCE vulnerability (CVE-2023-46604) verification/exploitation tool\nhttps://github.com/sule01u/CVE-2023-46604\n2. A comprehensive tool that provides an insightful analysis of MS monthly security updates\nhttps://github.com/xaitax/PatchaPalooza", "creation_timestamp": "2024-08-16T08:43:35.000000Z"}, {"uuid": "57122be3-4547-45cb-9c48-a709fa6f0da7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "published-proof-of-concept", "source": "Telegram/kcBXGeNIBmGVCv-daF2D_otXD8QiKxFj_3wywFGQYSfa", "content": "", "creation_timestamp": "2024-11-11T18:25:20.000000Z"}, {"uuid": "ae054f20-e365-4926-9a2d-9e45b66f697f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "Telegram/yjUnQ6hKYXBxzaCr4Cr42UE0MHqi1VzU3UchLcz_NxtZwAY", "content": "", "creation_timestamp": "2026-04-30T09:00:04.000000Z"}, {"uuid": "0337446f-ea8a-4c68-8969-2e15f8839fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/sysodmins/20037", "content": "\u0421\u043e\u0437\u0434\u0430\u043d \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 Apache ActiveMQ \u2328\ufe0f\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f VulnCheck \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043d\u043e\u0432\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u043a\u0443 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-46604 (CVSS: 10.0) \u0432 Apache ActiveMQ, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438. Apache \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 ActiveMQ 5.15.16, 5.16.7, 5.17.6 \u0438 5.18.3 \u2013 \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0433\u0440\u0443\u043f\u043f\u0430\u043c\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 VulnCheck \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u043e\u0435 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0435 SpEL \u0432\u043c\u0435\u0441\u0442\u043e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 \u00abinit-method\u00bb \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f \u0442\u0435\u0445 \u0436\u0435 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u0438 \u0434\u0430\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0448\u0435\u043b\u043b\u0430 (Reverse Shell). \u0422\u0435\u043f\u0435\u0440\u044c, \u043a\u043e\u0433\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0441\u043a\u0440\u044b\u0442\u044b\u0435 \u0430\u0442\u0430\u043a\u0438, \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u0435\u0449\u0435 \u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u044b\u043c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u044b ActiveMQ \ud83d\udda5\n\n\u0422\u0438\u043f\u0438\u0447\u043d\u044b\u0439 \ud83e\udd78 \u0421\u0438\u0441\u0430\u0434\u043c\u0438\u043d", "creation_timestamp": "2023-11-17T02:42:33.000000Z"}, {"uuid": "ea81e2b9-cf42-44c4-a509-1109ecf9e4fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-e8c8129d-b09e02c4de9c4f4a", "content": "Exploits and vulnerabilities in Q1 2026\nDuring Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems.\nIn this report, we dive into the statistics on published vulnerabilities and exploits, as well as the known vulnerabilities leveraged by popular C2 frameworks throughout Q1 2026.\nStatistics on registered vulnerabilities\nThis section provides statistical data on registered vulnerabilities. The data is sourced from cve.org.\nWe examine the number of registered CVEs for each month starting from January 2022. The total volume of vulnerabilities continues rising and, according to current reports, the use of AI agents for discovering security issues is expected to further reinforce this upward trend.\nTotal published vulnerabilities per month from 2022 through 2026 (download)\nNext, we analyze the number of new critical vulnerabilities (CVSS > 8.9) over the same period.\nTotal critical vulnerabilities published per month from 2022 through 2026 (download)\nThe graph indicates that while the volume of critical vulnerabilities slightly decreased compared to previous years, an upward trend remained clearly visible. At present, we attribute this to the fact that the end of last year was marked by the disclosure of several severe vulnerabilities in web frameworks. The current growth is driven by high-profile issues like React2Shell, the release of exploit frameworks for mobile platforms, and the uncovering of secondary vulnerabilities during the remediation of previously discovered ones. We will be able to test this hypothesis in the next quarter; if correct, the second quarter will show a significant decline, similar to the pattern observed in the previous year.\nExploitation statistics\nThis section presents statistics on vulnerability exploitation for Q1 2026. The data draws on open sources and our telemetry.\nWindows and Linux vulnerability exploitation\nIn Q1 2026, threat actor toolsets were updated with exploits for new, recently registered vulnerabilities. However, we first examine the list of veteran vulnerabilities that consistently account for the largest share of detections:\n\nCVE-2018-0802: a remote code execution (RCE) vulnerability in the Equation Editor component\nCVE-2017-11882: another RCE vulnerability also affecting Equation Editor\nCVE-2017-0199: a vulnerability in Microsoft Office and WordPad that allows an attacker to gain control over the system\nCVE-2023-38831: a vulnerability resulting from the improper handling of objects contained within an archive\nCVE-2025-6218: a vulnerability allowing the specification of relative paths to extract files into arbitrary directories, potentially leading to malicious command execution\nCVE-2025-8088: a directory traversal bypass vulnerability during file extraction utilizing NTFS Streams\nAmong the newcomers, we have observed exploits targeting the Microsoft Office platform and Windows OS components. Notably, these new vulnerabilities exploit logic flaws arising from the interaction between multiple systems, making them technically difficult to isolate within a specific file or library. A list of these vulnerabilities is provided below:\n\nCVE-2026-21509 and CVE-2026-21514: security feature bypass vulnerabilities: despite Protected View being enabled, a specially crafted file can still execute malicious code without the user\u2019s knowledge. Malicious commands are executed on the victim\u2019s system with the privileges of the user who opened the file.\nCVE-2026-21513: a vulnerability in the Internet Explorer MSHTML engine, which is used to open websites and render HTML markup. The vulnerability involves bypassing rules that restrict the execution of files from untrusted network sources. Interestingly, the data provider for this vulnerability was an LNK file.\nThese three vulnerabilities were utilized together in a single chain during attacks on Windows-based user systems. While this combination is noteworthy, we believe the widespread use of the entire chain as a unified exploit will likely decline due to its instability. We anticipate that these vulnerabilities will eventually be applied individually as initial entry vectors in phishing campaigns.\nBelow is the trend of exploit detections on user Windows systems starting from Q1 2025.\nDynamics of the number of Windows users encountering exploits, Q1 2025 \u2013 Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)\nThe vulnerabilities listed here can be leveraged to gain initial access to a vulnerable system and for privilege escalation. This underscores the critical importance of timely software updates.\nOn Linux devices, exploits for the following vulnerabilities were detected most frequently:\n\nCVE-2022-0847: a vulnerability known as Dirty Pipe, which enables privilege escalation and the hijacking of running applications\nCVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation\nCVE-2021-22555: a heap out-of-bounds write vulnerability in the Netfilter kernel subsystem\nCVE-2023-32233: a vulnerability in the Netfilter subsystem that allows for Use-After-Free conditions and privilege escalation through the improper processing of network requests\nDynamics of the number of Linux users encountering exploits, Q1 2025 \u2013 Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)\nIn the first quarter of 2026, we observed a decrease in the number of detected exploits; however, the detection rates are on the rise relative to the same period last year. For the Linux operating system, the installation of security patches remains critical.\nMost common published exploits\nThe distribution of published exploits by software type in Q1 2026 features an updated set of categories; once again, we see exploits targeting operating systems and Microsoft Office suites.\nDistribution of published exploits by platform, Q1 2026 (download)\nVulnerability exploitation in APT attacks\nWe analyzed which vulnerabilities were utilized in APT attacks during Q1 2026. The ranking provided below includes data based on our telemetry, research, and open sources.\nTOP 10 vulnerabilities exploited in APT attacks, Q1 2026 (download)\nIn Q1 2026, threat actors continued to utilize high-profile vulnerabilities registered in the previous year for APT attacks. The hypothesis we previously proposed has been confirmed: security flaws affecting web applications remain heavily exploited in real-world attacks. However, we are also observing a partial refresh of attacker toolsets. Specifically, during the first quarter of the year, APT campaigns leveraged recently discovered vulnerabilities in Microsoft Office products, edge networking device software, and remote access management systems. Although the most recent vulnerabilities are being exploited most heavily, their general characteristics continue to reinforce established trends regarding the categories of vulnerable software. Consequently, we strongly recommend applying the security patches provided by vendors.\nC2 frameworks\nIn this section, we examine the most popular C2 frameworks used by threat actors and analyze the vulnerabilities targeted by the exploits that interacted with C2 agents in APT attacks.\nThe chart below shows the frequency of known C2 framework usage in attacks against users during Q1 2026, according to open sources.\nTOP 10 C2 frameworks used by APTs to compromise user systems, Q1 2026 (download)\nMetasploit has returned to the top of the list of the most common C2 frameworks, displacing Sliver, which now shares the second position with Havoc. These are followed by Covenant and Mythic, the latter of which previously saw greater popularity. After studying open sources and analyzing samples of malicious C2 agents that contained exploits, we determined that the following vulnerabilities were utilized in APT attacks involving the C2 frameworks mentioned above:\n\nCVE-2023-46604: an insecure deserialization vulnerability allowing for arbitrary code execution within the server process context if the Apache ActiveMQ service is running\nCVE-2024-12356 and CVE-2026-1731: command injection vulnerabilities in BeyondTrust software that allow an attacker to send malicious commands even without system authentication\nCVE-2023-36884: a vulnerability in the Windows Search component that enables command execution on the system, bypassing security mechanisms built into Microsoft Office applications\nCVE-2025-53770: an insecure deserialization vulnerability in Microsoft SharePoint that allows for unauthenticated command execution on the server\nCVE-2025-8088 and CVE-2025-6218: similar directory traversal vulnerabilities that allow files to be extracted from an archive to a predefined path, potentially without the archiving utility displaying any alerts to the user\nThe nature of the described vulnerabilities indicates that they were exploited to gain initial access to the system. Notably, the majority of these security issues are targeted to bypass authentication mechanisms. This is likely due to the fact that C2 agents are being detected effectively, prompting threat actors to reduce the probability of discovery by utilizing bypass exploits.\nNotable vulnerabilities\nThis section highlights the most significant vulnerabilities published in Q1 2026 that have publicly available descriptions.\nCVE-2026-21519: Desktop Window Manager vulnerability\nAt the core of this vulnerability is a Type Confusion flaw. By attempting to access a resource within the Desktop Window Manager subsystem, an attacker can achieve privilege escalation. A necessary condition for exploiting this issue is existing authorization on the system.\nIt is worth noting that the DWM subsystem has been under close scrutiny by threat actors for quite some time. Historically, the primary attack vector involves interacting with the NtDComposition* function set.\nRegPwn (CVE-2026-21533): a system settings access control vulnerability\nCVE-2026-21533 is essentially a logic vulnerability that enables privilege escalation. It stems from the improper handling of privileges within Remote Desktop Services (RDS) components. By modifying service parameters in the registry and replacing the configuration with a custom key, an attacker can elevate privileges to the SYSTEM level. This vulnerability is likely to remain a fixture in threat actor toolsets as a method for establishing persistence and gaining high-level privileges.\nCVE-2026-21514: a Microsoft Office vulnerability\nThis vulnerability was discovered in the wild during attacks on user systems. Notably, an LNK file is used to initiate the exploitation process. CVE-2026-21514 is also a logic issue that allows for bypassing OLE technology restrictions on malicious code execution and the transmission of NetNTLM authentication requests when processing untrusted input.\nClawdbot (CVE-2026-25253): an OpenClaw vulnerability\nThis vulnerability in the AI agent leaks credentials (authentication tokens) when queried via the WebSocket protocol. It can lead to the compromise of the infrastructure where the agent is installed: researchers have confirmed the ability to access local system data and execute commands with elevated privileges. The danger of CVE-2026-25253 is further compounded by the fact that its exploitation has generated numerous attack scenarios, including the use of prompt injections and ClickFix techniques to install stealers on vulnerable systems.\nCVE-2026-34070: LangChain framework vulnerability\nLangChain is an open-source framework designed for building applications powered by large language models (LLMs). A directory traversal vulnerability allowed attackers to access arbitrary files within the infrastructure where the framework was deployed. The core of CVE-2026-34070 lies in the fact that certain functions within langchain_core/prompts/loading.py handled configuration files insecurely. This could potentially lead to the processing of files containing malicious data, which could be leveraged to execute commands and expose critical system information or other sensitive files.\nCVE-2026-22812: an OpenCode vulnerability\nCVE-2026-22812 is another vulnerability identified in AI-assisted coding software. By default, the OpenCode agent provided local access for launching authorized applications via an HTTP server that did not require authentication. Consequently, attackers could execute malicious commands on a vulnerable device with the privileges of the current user.\nConclusion and advice\nWe observe that the registration of vulnerabilities is steadily gaining momentum in Q1 2026, a trend driven by the widespread development of AI tools designed to identify security flaws across various software types. This trajectory is likely to result not only in a higher volume of registered vulnerabilities but also in an increase in exploit-driven attacks, further reinforcing the critical necessity of timely security patch deployment. Additionally, organizations must prioritize vulnerability management and implement effective defensive technologies to mitigate the risks associated with potential exploitation.\nTo ensure the rapid detection of threats involving exploit utilization and to prevent their escalation, it is essential to deploy a reliable security solution. Key features of such a tool include continuous infrastructure monitoring, proactive protection, and vulnerability prioritization based on real-world relevance. These mechanisms are integrated into Kaspersky Next, which also provides endpoint security and protection against cyberattacks of any complexity. \nsecurelist.com/vulnerabilities\u2026", "creation_timestamp": "2026-05-07T10:52:25.889083Z"}]}