otx.alienvault.com
Open in
urlscan Pro
13.32.121.88
Public Scan
URL:
https://otx.alienvault.com/pulse/63fcbc1269038b02157140e7
Submission: On February 27 via api from US — Scanned from DE
Submission: On February 27 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (220591) Suggest Edit Clone Embed Download Report Spam TECHNICAL ADVISORY: VARIOUS THREAT ACTORS TARGETING MANAGEENGINE EXPLOIT CVE-2022-47966 * Created 1 hour ago by AlienVault * Public * TLP: White Bitdefender Labs has issued a technical advisory to warn the public about a new wave of opportunistic attacks using a vulnerability in Zoho ManageEngine servers, which could affect tens of thousands of businesses. Reference: https://businessinsights.bitdefender.com/tech-advisory-manageengine-cve-2022-47966 Tags: Buhti, Cobalt Strike, ManageEngine, ransomware, CVE-2022-47966, Netcat, Initial Access Brokers, DarkComet, RAT-el, Cyber espionage Malware Families: Cobalt Strike , Buhti , DarkComet , RAT-el Att&ck IDs: T1195 - Supply Chain Compromise , T1190 - Exploit Public-Facing Application , T1210 - Exploitation of Remote Services Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (50) * Related Pulses (22) * Comments (0) * History (0) CVE (1)Other (2)FileHash-SHA1 (4)FileHash-MD5 (19)FileHash-SHA256 (4)IPv4 (18) TYPES OF INDICATORS Hong Kong (1)Other (5)Russia (2)United States (5)Germany (2)Netherlands (2) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses hostnameicy51j1b6sbewpauivxwfrmcu30vok.oastify.comFeb 27, 2023, 2:20:03 PM5 hostname0xx1.kaspenskyupdates.comFeb 27, 2023, 2:20:03 PM9 URLhttps://tmpfiles.org/dl/788858/any.txtFeb 27, 2023, 2:20:03 PM5 URLhttps://tmpfiles.org/dl/765036/enc.txtFeb 27, 2023, 2:20:03 PM5 IPv480.85.154.180Feb 27, 2023, 2:20:03 PM5 IPv479.141.162.36Feb 27, 2023, 2:20:03 PM5 IPv45.255.107.19Feb 27, 2023, 2:20:03 PM5 IPv445.154.14.194Feb 27, 2023, 2:20:03 PM6 IPv445.146.7.20Feb 27, 2023, 2:20:03 PM3 IPv4212.192.246.232Feb 27, 2023, 2:20:03 PM5 SHOWING 1 TO 10 OF 50 ENTRIES 1 2 3 4 5 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2023 AlienVault, Inc. * Legal * Status