{"vulnerability": "CVE-2021-40449", "sightings": [{"uuid": "1eed80cb-e621-495c-9586-fac4a22c22ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "8812d9aa-f22e-4a19-82df-cc66047cc34b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "MISP/1923bf2c-1042-4bf1-8f30-b7c658e32478", "content": "", "creation_timestamp": "2021-10-13T12:27:20.000000Z"}, {"uuid": "9bb7dfee-4632-44d2-9daf-7ba51e8af93c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "MISP/63ddead6-4b82-414c-ad8e-c516b950b446", "content": "", "creation_timestamp": "2021-10-25T22:32:43.000000Z"}, {"uuid": "c10c2c3d-ec29-4cc4-b8d3-d5fd416d154f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971174", "content": "", "creation_timestamp": "2024-12-24T20:25:22.271075Z"}, {"uuid": "891d9034-a687-4d21-bde9-cbd2b8f36509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "e79bb167-102f-48a5-a0bb-a73a61857b3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:40.000000Z"}, {"uuid": "2030cc28-0543-4a0c-9edd-a6a3b0bac780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:57.000000Z"}, {"uuid": "ea5e26df-baf2-4d31-909d-3455bc7433e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-919adc8a-067737fcfb8a4ad5", "content": "", "creation_timestamp": "2025-04-17T08:42:19.205320Z"}, {"uuid": "da4684b8-5e99-41d6-93a7-8d63ab63997d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve_2021_40449.rb", "content": "", "creation_timestamp": "2021-11-09T18:01:52.000000Z"}, {"uuid": "0fe931eb-a1f6-4b15-a6b6-109d9ea4d3aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_32/2021", "content": "", "creation_timestamp": "2021-10-13T11:01:48.000000Z"}, {"uuid": "c54ed495-4462-4ce3-8703-4ebb125565fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=672", "content": "", "creation_timestamp": "2021-10-15T04:00:00.000000Z"}, {"uuid": "a298ab59-baae-4d5c-b692-0d4b8e788bd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-40449", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/19b353b2-50ad-4133-a3f8-2f562294a654", "content": "", "creation_timestamp": "2026-02-02T12:28:32.790984Z"}, {"uuid": "4e1dbbc4-dadc-4314-aa90-c69d608747bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/706", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)\nURL\uff1ahttps://github.com/ly4k/CallbackHell", "creation_timestamp": "2021-10-17T13:30:23.000000Z"}, {"uuid": "90585846-0f70-42da-a3dd-9a0e2258bb98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/705", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)\nURL\uff1ahttps://github.com/ollypwn/CallbackHell", "creation_timestamp": "2021-10-16T16:27:58.000000Z"}, {"uuid": "d9be169f-263c-4242-a7f1-98da8486fa44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/738", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aMy exploit for CVE-2021-40449, a Windows LPE via a UAF in win32kfull!GreResetDCInternal.\nURL\uff1ahttps://github.com/hakivvi/CVE-2021-40449", "creation_timestamp": "2021-10-25T06:25:20.000000Z"}, {"uuid": "29646154-a839-4421-80d9-b86f75debd70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/844", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aExploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)\nURL\uff1ahttps://github.com/ly4k/CallbackHell", "creation_timestamp": "2021-11-11T17:14:55.000000Z"}, {"uuid": "f082002b-da67-4dac-a6c8-24a120324c2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7762", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 Exploit for CVE-2021-40449, a Windows LPE via a UAF in win32kfull!GreResetDCInternal.\n\nhttps://github.com/hakivvi/CVE-2021-40449", "creation_timestamp": "2021-10-25T06:31:51.000000Z"}, {"uuid": "0cb08c75-1b05-4c9b-b8a5-33f1e4cf09c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7740", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2021-40449 is a use-after-free in Win32k that allows for local privilege escalation.\n\nhttps://github.com/ly4k/CallbackHell", "creation_timestamp": "2021-10-24T05:09:23.000000Z"}, {"uuid": "67af0aa2-2959-4970-ab52-19d1cc17ed77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7957", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 CVE-2021-40449\n\nhttps://kristal-g.github.io/2021/11/05/CVE-2021-40449_POC.html", "creation_timestamp": "2021-11-08T19:47:08.000000Z"}, {"uuid": "844af125-04a1-4c7e-bc88-653c259c8c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/822", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aExploit for CVE-2021-40449\nURL\uff1ahttps://github.com/Kristal-g/CVE-2021-40449_poc", "creation_timestamp": "2021-11-07T16:20:02.000000Z"}, {"uuid": "8ae2a198-1bc0-488e-9e29-83f9d13d6e19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/orderofsixangles/1672", "content": "\u041d\u043e\u0432\u044b\u0439 \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0439 \u043a\u0443\u0440\u0441 \u043d\u0430 opensecuritytraining - Architecture 4001: x86-64 Intel Firmware Attack &amp; Defense\n\n\u0414\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 Mimikatz Skeleton Key \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e Volatility + \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\n\n\u0418\u0441\u0445\u043e\u0434\u043d\u0438\u043a\u0438 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f HackSys Extreme Vulnerable Driver (\u0432\u0438\u043d \u0434\u0440\u0430\u0439\u0432\u0435\u0440 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438)\n\nLinux Forensics\n\n\u0421\u0442\u0430\u0442\u044c\u044f, \u043e\u0431\u0440\u0430\u0437\u0446\u044b, yara \u0434\u043b\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u0430 NGLite\n\n\u0421\u0442\u0430\u0442\u044c\u044f + poc \u043f\u043e CVE-2021-40449 (use after free \u0432 win32kfull.sys)\n\n\u0414\u0432\u0435 \u043d\u0435 \u043e\u0447\u0435\u043d\u044c \u0436\u0435\u0441\u0442\u043a\u0438\u0435, \u043d\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Mcafee Agent \u0438 McAfee Drive Encryption\n\n\u0415\u0449\u0435 \u043e\u0434\u0438\u043d \u0431\u043b\u043e\u0433 \u0441\u043e \u0441\u0442\u0430\u0442\u044c\u044f\u043c\u0438 \u043f\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0443 \u043c\u0430\u043b\u0432\u0430\u0440\u0438\n\n\u0420\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0430 \u0442\u0440\u0430\u0444\u0444\u0438\u043a\u0430 cobalt strike (\u0441\u0442\u0430\u0442\u044c\u044f + \u0432\u0438\u0434\u0435\u043e)", "creation_timestamp": "2021-11-09T15:26:34.000000Z"}, {"uuid": "84cdc50c-0051-4c4f-8560-71a425291875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/orderofsixangles/1628", "content": "https://bazaar.abuse.ch/browse/tag/CVE-2021-40449/", "creation_timestamp": "2021-10-13T09:10:32.000000Z"}, {"uuid": "aa097344-8b4e-4bbf-a7dc-2db1468aeb99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "exploited", "source": "https://t.me/orderofsixangles/1644", "content": "Reproduction and analysis of Windows local privilege escalation vulnerability (CVE-2021-40449) used in targeted attacks in the wild\n\nhttps://translate.google.com/translate?sl=zh-CN&amp;tl=en&amp;u=https://mp.weixin.qq.com/s/AcFS0Yn9SDuYxFnzbBqhkQ", "creation_timestamp": "2021-10-22T05:24:57.000000Z"}, {"uuid": "20045cd2-01be-41a8-b6f9-6b8c20c61d38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/m1swarr1or/3", "content": "Gonna analyze really cool finding!\n\n0-day in win32k, October patch.\n\nCVE-2021-40449\n\nHere is sample from VX\nhttps://papers.vx-underground.org/archive/APTs/2021/2021.10.12/", "creation_timestamp": "2024-08-30T04:34:48.000000Z"}, {"uuid": "2603a877-7d48-4cfc-b837-e4847789c2c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "exploited", "source": "Telegram/ptU2jOr_NjUJth7vb8j26TK_ilkISYHEFJ0vHcBwW8Ir18lT", "content": "", "creation_timestamp": "2023-11-29T10:20:21.000000Z"}, {"uuid": "afb589f0-ad11-4629-a1ef-8208871ffaf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "Telegram/0wYfslv8t2QNN9-2a2pLpVuKrMhkjy3ao1WFwKHc0JHD5w8R", "content": "", "creation_timestamp": "2023-11-29T10:20:07.000000Z"}, {"uuid": "fa1814ca-4f11-47dd-97c9-802533955c86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "exploited", "source": "Telegram/0N8hYoIZNVMzLz29O1HKlSbPUHPxGySFoEhQpN9rXpV6UQ", "content": "", "creation_timestamp": "2021-10-14T16:21:20.000000Z"}, {"uuid": "b43c422d-08a5-4f1c-86c9-4e39f4887517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/407", "content": "#Exploit for #CVE-2021-40449\nWin32k Elevation\nhttps://github.com/Kristal-g/CVE-2021-40449_poc\n\n#poc for #CVE-2021-36799\nETS5 Password Recovery\nhttps://github.com/robertguetzkow/ets5-password-recovery\n\nA sample #poc for #CVE-2021-30657\naffecting MacOS\nhttps://github.com/shubham0d/CVE-2021-30657\n\n#Exploitation code for #CVE-2021-40539\nZoho ManageEngine ADSelfService Plus\nhttps://github.com/synacktiv/CVE-2021-40539\n\nVMWARE VCENTER SERVER VIRTUAL SAN HEALTH CHECK PLUG-IN RCE #CVE-2021-21985\nhttps://github.com/sknux/CVE-2021-21985_PoC", "creation_timestamp": "2021-11-10T09:32:12.000000Z"}, {"uuid": "0714a195-0cd5-4bd2-9477-959cc9c1d1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/339", "content": "exploit for #CVE-2021-40449, a Windows LPE via a UAF in win32kfull!GreResetDCInternal\n\nhttps://github.com/hakivvi/CVE-2021-40449", "creation_timestamp": "2021-10-25T08:34:30.000000Z"}, {"uuid": "561ae66e-a273-4dd5-a5e6-5b567c007014", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/282", "content": "#poc (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)\n\nhttps://github.com/ollypwn/CallbackHell", "creation_timestamp": "2021-10-16T19:35:23.000000Z"}, {"uuid": "6c81687b-cffd-49c4-bddf-e5d353834ec5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/auraxchan/29075", "content": "MysterySnail attacks with Windows zero-day: In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309, but closer analysis revealed that it was a zero-day. We discovered that it was using a previously unknown vulnerability in the Win32k driver and exploitation relies heavily on a technique to leak the base addresses of kernel modules. We promptly reported these findings to Microsoft. The information disclosure portion of the exploit chain was identified as not bypassing a security boundary, and was therefore not fixed. Microsoft assigned CVE-2021-40449 to the use-after-free vulnerability in the Win32k kernel driver and it was patched on October 12, 2021, as a part of the October Patch Tuesday.\n\nhttps://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/\n\n@auraxchan", "creation_timestamp": "2021-10-13T17:48:51.000000Z"}, {"uuid": "be6527df-04f6-4303-bb7f-e2b0e7ccd670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "exploited", "source": "https://t.me/true_secator/6967", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 IronHusky \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u0438 \u043c\u043e\u043d\u0433\u043e\u043b\u044c\u0441\u043a\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e RAT MysterySnail.\n\n\u041d\u043e\u0432\u044b\u0439 \u0438\u043c\u043f\u043b\u0430\u043d\u0442 \u0431\u044b\u043b \u043d\u0430\u0439\u0434\u0435\u043d \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0432 \u0445\u043e\u0434\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0445 \u0430\u0442\u0430\u043a, \u043a\u043e\u0433\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043b\u0438 \u0442\u0440\u043e\u044f\u043d \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0430 MMC, \u0437\u0430\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u0434 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Word, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430 \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u043b\u0441\u044f \u043d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445.\n\n\u041e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a \u0431\u044b\u043b \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u043c\u043e\u0433\u0430\u043b \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u043c\u0435\u0436\u0434\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 \u04212 \u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u044b\u0435 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438, \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b, \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0438 \u043c\u043d\u043e\u0433\u043e\u0435 \u0434\u0440.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0442\u0435\u043b\u0435\u043c\u0435\u0442\u0440\u0438\u0438, \u044d\u0442\u0438 \u0444\u0430\u0439\u043b\u044b \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u043b\u0435\u0434\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e MysterySnail RAT, \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u041b\u041a \u043e\u043f\u0438\u0441\u0430\u043b\u0430 \u0435\u0449\u0435 \u0432 2021 \u0433\u043e\u0434\u0443.\n\n\u0412 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0439 MysterySnail RAT \u0431\u044b\u043b \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u043d\u0430 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u043d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0441\u043b\u0443\u0436\u0431\u044b.\n\n\u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e \u0432\u0441\u043a\u043e\u0440\u0435 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0435 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u044f, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 MysterySnail RAT, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0438, \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044f \u043c\u043e\u0434\u0435\u0440\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0438 \u0431\u043e\u043b\u0435\u0435 \u043b\u0430\u0439\u0442\u043e\u0432\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e, \u0441\u043e\u0441\u0442\u043e\u044f\u0449\u0443\u044e \u0438\u0437 \u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430, - MysteryMonoSnail.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u041f\u041e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0434\u0435\u0441\u044f\u0442\u043a\u0438 \u043a\u043e\u043c\u0430\u043d\u0434, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u0430\u043c\u0438 \u043d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0438 \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0432\u0435\u0440\u0441\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u043f\u043e\u0445\u043e\u0436\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u044b\u0439 MysterySnail RAT, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u041b\u041a\u00a0\u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2021 \u0433\u043e\u0434\u0430\u00a0\u0432 \u0445\u043e\u0434\u0435 \u0448\u0438\u0440\u043e\u043a\u043e\u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u044b\u0445 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u0445 \u0430\u0442\u0430\u043a \u043d\u0430 \u0418\u0422-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0432\u043e\u0435\u043d\u043d\u044b\u0445 \u043f\u043e\u0434\u0440\u044f\u0434\u0447\u0438\u043a\u043e\u0432 \u0438 \u0434\u0438\u043f\u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0420\u043e\u0441\u0441\u0438\u0438 \u0438 \u041c\u043e\u043d\u0433\u043e\u043b\u0438\u0438.\n\n\u0412 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u0431\u044b\u043b\u043e \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043e, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 IronHusky \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445, \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e 0-day \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u044f\u0434\u0440\u0430 Windows Win32k (CVE-2021-40449).\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0430\u044f APT \u0431\u044b\u043b\u0430\u00a0\u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0432 2017 \u0433\u043e\u0434\u0443\u00a0\u043f\u0440\u0438 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0438 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u0438 \u043c\u043e\u043d\u0433\u043e\u043b\u044c\u0441\u043a\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0441 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e \u0441\u0431\u043e\u0440\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u0434\u0430\u043d\u043d\u044b\u0445 \u043e \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e-\u043c\u043e\u043d\u0433\u043e\u043b\u044c\u0441\u043a\u0438\u0445 \u0432\u043e\u0435\u043d\u043d\u044b\u0445 \u043f\u0435\u0440\u0435\u0433\u043e\u0432\u043e\u0440\u0430\u0445.\n\n\u0413\u043e\u0434 \u0441\u043f\u0443\u0441\u0442\u044f \u041b\u041a \u0442\u0430\u043a\u0436\u0435\u00a0\u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b\u00a0\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438 Microsoft Office (CVE-2017-11882) \u0434\u043b\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f RAT, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u044b\u0447\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u043c\u0438 \u0433\u0440\u0443\u043f\u043f\u0430\u043c\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f PoisonIvy \u0438 PlugX.\n\n\u0418\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a IronHusky \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c MysterySnail RAT - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-04-21T14:22:22.000000Z"}, {"uuid": "460d0605-07df-4a25-8e71-12bae6d6f75d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "Telegram/0rB2Bu1nk-CzrJ1qcJ0oZCcCC9fVdjW0U_6-s1WjUfTmAw", "content": "", "creation_timestamp": "2021-10-26T20:03:27.000000Z"}, {"uuid": "4ab9cde7-4fe9-4c57-a379-cbec76fe7c14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/4986", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e\u0431 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 MATA, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2022 \u043f\u043e \u043c\u0430\u0439 2023 \u0433\u043e\u0434\u0430, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043d\u0435\u0444\u0442\u0435\u0433\u0430\u0437\u043e\u0432\u044b\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0438 \u043e\u0431\u043e\u0440\u043e\u043d\u043d\u0443\u044e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0432 \u0412\u043e\u0441\u0442\u043e\u0447\u043d\u043e\u0439 \u0415\u0432\u0440\u043e\u043f\u0435.\n\n\u0412 \u0445\u043e\u0434\u0435 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0446\u0435\u043b\u0435\u0432\u044b\u0435 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0434\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0436\u0435\u0440\u0442\u0432 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2021-26411 \u0432 Internet Explorer \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0439.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 MATA \u0441\u043e\u0447\u0435\u0442\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u0435 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a, \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0442\u0440\u043e\u044f\u043d \u0438 \u0438\u043d\u0444\u043e\u043a\u0440\u0430\u0434 \u0434\u043b\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u0432 \u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0441\u0442\u0438 \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0441\u0435\u0442\u044f\u0445. \u041f\u0440\u0438\u0447\u0435\u043c \u0432\u0435\u0440\u0441\u0438\u044f MATA \u0432 \u044d\u0442\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u0431\u044b\u043b\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0430 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u043c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u043c \u0441 \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u043e\u0439 Lazarus, \u043d\u043e \u0441 \u043d\u043e\u0432\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u043c\u0438.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u043f\u0430\u043b\u0430 \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430 \u043f\u043e\u0441\u043b\u0435 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u043e\u0431\u0440\u0430\u0437\u0446\u043e\u0432 MATA, \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0441 C2 \u0432\u043d\u0443\u0442\u0440\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0438 \u0441\u043e\u0431\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u0433\u043e \u041f\u041e, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0435 \u043a \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0447\u0435\u0440\u043d\u0438\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0420\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u043e, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u043b\u0438 \u0437\u043e\u043d\u0443 \u0441\u0432\u043e\u0435\u0433\u043e \u0432\u043b\u0438\u044f\u043d\u0438\u044f \u0441 \u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0434\u043e\u043c\u0435\u043d\u0430 \u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u043c \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0438 \u0434\u043e \u0432\u0441\u0435\u0439 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0435\u0442\u0438.\n\n\u0410\u0442\u0430\u043a\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u043b\u0430\u0441\u044c \u0438 \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u043e\u043b\u0443\u0447\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0432\u0443\u043c \u043f\u0430\u043d\u0435\u043b\u044f\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438: \u043e\u0434\u043d\u0430 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u0435\u043a, \u0430 \u0434\u0440\u0443\u0433\u0430\u044f \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u044f, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u044f \u0438\u043c \u043e\u043d\u0438 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0438 \u0437\u0430 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0441\u0440\u0435\u0434\u0438 \u0435\u0435 \u0434\u043e\u0447\u0435\u0440\u043d\u0438\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439.\n\n\u0412 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445, \u043a\u043e\u0433\u0434\u0430 \u0446\u0435\u043b\u044c\u044e \u0431\u044b\u043b\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u044b Linux, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 MATA \u0434\u043b\u044f Linux \u0432 \u0432\u0438\u0434\u0435 \u0444\u0430\u0439\u043b\u0430 ELF, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u0435\u043d 3-\u043c\u0443 \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044e \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430\u0442\u0430 Windows.\n\n\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u044f \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0438\u0437\u0443\u0447\u0438\u043b\u0430 \u0442\u0440\u0438 \u043d\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 MATA: \u043e\u0434\u043d\u0430 (v3) \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0438\u0437 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u043e\u0441\u044c \u0432 \u043f\u0440\u043e\u0448\u043b\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u0432\u0442\u043e\u0440\u0430\u044f (v4) \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 MataDoor \u0438 \u0442\u0440\u0435\u0442\u044c\u044f (v5) \u0431\u044b\u043b\u0430 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0430 \u0441 \u043d\u0443\u043b\u044f.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0432\u0435\u0440\u0441\u0438\u044f MATA \u043f\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432 \u0444\u043e\u0440\u043c\u0435 DLL \u0438 \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043c\u043d\u043e\u0433\u043e\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044c\u043d\u044b\u0435 (TCP, SSL, PSSL, PDTLS) \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u043a\u0441\u0438 (SOCKS4, SOCKS5, HTTP+web, HTTP+NTLM) \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.\n\n23 \u043a\u043e\u043c\u0430\u043d\u0434\u044b MATA \u043f\u044f\u0442\u043e\u0433\u043e \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044f \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043f\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430\u0442\u043e\u043c \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0435\u0449\u0435 75 \u043a\u043e\u043c\u0430\u043d\u0434, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441\u043e \u0441\u0431\u043e\u0440\u043e\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438 \u0438 \u0444\u0430\u0439\u043b\u0430\u043c\u0438, \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u043e\u0439, \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u043a\u0441\u0438 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438.\n\n\u0418\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u043d\u0430\u0445\u043e\u0434\u043e\u043a - \u043d\u043e\u0432\u044b\u0439 \u043c\u043e\u0434\u0443\u043b\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u044a\u0435\u043c\u043d\u044b\u0435 \u043d\u043e\u0441\u0438\u0442\u0435\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u043b\u0435\u0440\u044b, \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b\u0435 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0444\u0430\u0439\u043b\u044b cookie, \u0441\u043d\u0438\u043c\u043a\u0438 \u044d\u043a\u0440\u0430\u043d\u0430 \u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u043e\u0431\u043c\u0435\u043d\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b EDR/\u043e\u0431\u0445\u043e\u0434\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u043e\u0431\u043e\u0448\u043b\u0438 EDR \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f CVE-2021-40449, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0439 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u00a0CallbackHell. \u0415\u0441\u043b\u0438 \u044d\u0442\u043e\u0442 \u043c\u0435\u0442\u043e\u0434 \u043e\u0431\u0445\u043e\u0434\u0430 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u043b, \u043e\u043d\u0438 \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0430\u043b\u0438\u0441\u044c \u043d\u0430\u00a0\u0440\u0430\u043d\u0435\u0435 \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435\u00a0\u043c\u0435\u0442\u043e\u0434\u044b BYOVD.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u041b\u041a \u0440\u0430\u043d\u0435\u0435 \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u043b\u0430\u00a0MATA \u0441 Lazarus, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441\u043b\u043e\u0436\u043d\u043e \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u0442\u044c \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c.\n\n\u041d\u043e\u0432\u044b\u0435 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u0438 \u043c\u0435\u0442\u043e\u0434\u044b MATA, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f TTLV, \u043c\u043d\u043e\u0433\u043e\u0443\u0440\u043e\u0432\u043d\u0435\u0432\u044b\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b \u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0440\u0443\u043a\u043e\u043f\u043e\u0436\u0430\u0442\u0438\u044f, \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0445\u043e\u0436\u0438 \u043d\u0430 \u0442\u0435, \u0447\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0410\u0420\u0422 Purple, Magenta \u0438 Green Lambert.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u043e\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0438 \u0432\u0435\u0440\u0441\u0438\u0439 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 MATA \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043e\u0434\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u0435\u0442\u0441\u044f \u043e\u0447\u0435\u043d\u044c \u0440\u0435\u0434\u043a\u043e, \u0447\u0442\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u043d\u043e\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430.\n\n\u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u0432 \u043f\u043e\u043b\u043d\u043e\u043c \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2023-10-19T19:40:05.000000Z"}, {"uuid": "1227aa27-c77f-4477-9357-4fa53cf566ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "https://t.me/true_secator/2209", "content": "Mayday! Mayday! \u0438\u0437 \u0420\u0435\u0434\u043c\u043e\u043d\u0434\u0430, \u0448\u0442\u0430\u0442\u0430 \u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d.\n \n\u041f\u043e\u0434\u044a\u0435\u0445\u0430\u043b \u0432\u0430\u0433\u043e\u043d \u0438 \u043c\u0430\u043b\u0435\u043d\u044c\u043a\u0430\u044f \u0442\u0435\u043b\u0435\u0436\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u043e\u0442 Microsoft \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c 71 \u043e\u0448\u0438\u0431\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445 Windows. \u041d\u043e \u0432\u0438\u0448\u0435\u043d\u043a\u043e\u0439 \u043d\u0430 \u0442\u043e\u0440\u0442\u0435 \u0441\u0442\u0430\u043b\u043e \u0441\u0440\u043e\u0447\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0444\u0430\u043a\u0442\u0430\u0445 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n \n- CVE-2021-40449 (CVSS: 7,8) - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Win32k, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n- CVE-2021-41335 (CVSS: 7,8) - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044f\u0434\u0440\u0430 Windows, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n- CVE-2021-40469 (CVSS: 7,2) - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows DNS Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430.\n- CVE-2021-41338 (CVSS: 5,5) - \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u0430\u0432\u0438\u043b\u0430\u0445 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 Windows AppContainer.\n \n\u041f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e CVE-2021-40449 \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u043e\u043e\u0442\u0435\u0447\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0438\u0437 Kaspersky. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u044f\u043c\u043e \u043d\u0435 \u0437\u0430\u0432\u0435\u0440\u0438\u043b\u0438 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u0432\u0441\u0435 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c APT IronHusky \u0438\u0437 \u041f\u043e\u0434\u043d\u0435\u0431\u0435\u0441\u043d\u043e\u0439, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0418\u0422-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0434\u0438\u043f\u043b\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u043e\u0435\u043d\u043d\u044b\u0435 \u0438 \u043e\u0431\u043e\u0440\u043e\u043d\u043d\u044b\u0435 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f. \u0412 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0438 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f, \u0447\u0442\u043e \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044e \u0442\u0440\u043e\u044f\u043d\u0430 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0433\u043e \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u0438 \u0444\u0438\u043b\u044c\u0442\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u043e\u0432, \u043f\u0440\u0435\u0436\u0434\u0435 \u0447\u0435\u043c \u043e\u0431\u0440\u0430\u0449\u0430\u0442\u044c\u0441\u044f \u043a \u0441\u0432\u043e\u0435\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 C2 \u0437\u0430 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u043c\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f\u043c\u0438.\n \n\u0414\u0432\u0435 \u0438\u0437 71 \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u043c\u0435\u044e\u0442 \u043d\u0430\u0438\u0432\u044b\u0441\u0448\u0438\u0439 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043f\u043e \u0432\u0435\u0440\u0441\u0438\u0438 Microsoft. \u0414\u0440\u0443\u0433\u0438\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0435 \u043d\u0430 Microsoft Exchange Server (CVE-2021-26427), Windows Hyper-V (CVE-2021-38672 \u0438 CVE-2021-40461), SharePoint Server (CVE-2021-40487 \u0438 CVE- 2021-41344) \u0438 Microsoft Word (CVE-2021-40486), \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0448\u0438\u0431\u043a\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 Rich Text Edit Control (CVE-2021-40454).\n \n\u0410 CVE-2021-26427 \u0441 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u043e\u043c CVSS 9,0 \u043f\u0440\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043a\u043e \u0432\u043e\u0448\u043b\u0430 \u0445\u0430\u043a\u0435\u0440\u0430\u043c, \u0447\u0442\u043e \u0437\u0430\u0441\u0443\u0435\u0442\u0438\u043b\u0438\u0441\u044c \u0434\u0430\u0436\u0435 \u0440\u0435\u0431\u044f\u0442\u0430 \u0438\u0437 \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430 \u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 (NSA), \u043e\u0441\u043e\u0431\u043e \u043e\u0442\u043c\u0435\u0447\u0430\u044f \u0442\u0440\u0435\u043d\u0434 \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u043d\u0438\u044f \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Exchange \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0430 \u0432 \u043f\u0435\u0440\u0438\u043c\u0435\u0442\u0440 \u0441\u0432\u043e\u0438\u0445 \u0436\u0435\u0440\u0442\u0432.\n \nMicrosoft \u0438 \u043f\u0435\u0440\u0435\u0434\u043e\u0432\u043e\u0439 \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u0438\u0441\u0442\u0435\u0431\u043b\u0438\u0448\u043c\u0435\u043d\u0442 \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044e\u0442 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0430\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0445 \u043d\u0435\u0433\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439. \u041d\u0443, \u0430 \u043c\u044b, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u043f\u043e\u0434\u043e\u0436\u0434\u0451\u043c \u0432\u0435\u0441\u0442\u0435\u0439 \u043e\u0442 \u0442\u0435\u0445, \u043a\u0442\u043e \u043d\u0435 \u0443\u0441\u043f\u0435\u043b \u044d\u0442\u043e\u0433\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0432\u043e\u0432\u0440\u0435\u043c\u044f.", "creation_timestamp": "2021-10-13T15:52:05.000000Z"}, {"uuid": "98d3bfbf-a7ab-48c6-a2de-df9d2ee9eaac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "seen", "source": "https://t.me/reverse_dungeon/919", "content": "https://bazaar.abuse.ch/browse/tag/CVE-2021-40449/", "creation_timestamp": "2021-10-13T11:26:25.000000Z"}, {"uuid": "0a9ffae6-4cc8-4996-97da-3f7ee89bb9f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/S_E_Reborn/1264", "content": "\u041d\u043e\u0432\u044b\u0439 \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0439 \u043a\u0443\u0440\u0441 \u043d\u0430 opensecuritytraining - Architecture 4001: x86-64 Intel Firmware Attack &amp; Defense\n\n\u0414\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 Mimikatz Skeleton Key \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e Volatility + \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\n\n\u0418\u0441\u0445\u043e\u0434\u043d\u0438\u043a\u0438 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f HackSys Extreme Vulnerable Driver (\u0432\u0438\u043d \u0434\u0440\u0430\u0439\u0432\u0435\u0440 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438)\n\nLinux Forensics\n\n\u0421\u0442\u0430\u0442\u044c\u044f, \u043e\u0431\u0440\u0430\u0437\u0446\u044b, yara \u0434\u043b\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u0430 NGLite\n\n\u0421\u0442\u0430\u0442\u044c\u044f + poc \u043f\u043e CVE-2021-40449 (use after free \u0432 win32kfull.sys)\n\n\u0414\u0432\u0435 \u043d\u0435 \u043e\u0447\u0435\u043d\u044c \u0436\u0435\u0441\u0442\u043a\u0438\u0435, \u043d\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Mcafee Agent \u0438 McAfee Drive Encryption\n\n\u0415\u0449\u0435 \u043e\u0434\u0438\u043d \u0431\u043b\u043e\u0433 \u0441\u043e \u0441\u0442\u0430\u0442\u044c\u044f\u043c\u0438 \u043f\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0443 \u043c\u0430\u043b\u0432\u0430\u0440\u0438\n\n\u0420\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0430 \u0442\u0440\u0430\u0444\u0444\u0438\u043a\u0430 cobalt strike (\u0441\u0442\u0430\u0442\u044c\u044f + \u0432\u0438\u0434\u0435\u043e)", "creation_timestamp": "2021-11-09T16:33:13.000000Z"}, {"uuid": "5a9bbce6-67e4-4c60-82c0-6ade8279492c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4701", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Oct 1-31)\nCVE-2021-41773 - Apache 2.4.49 Path Traversal\nhttps://t.me/cybersecuritytechnologies/4454\nCVE-2021-26084 - Confluence Server Webwork OGNL Inj\nhttps://t.me/cybersecuritytechnologies/4202\nCVE-2021-42013 - Apache 2.4.50 Path Traversal\nhttps://t.me/cybersecuritytechnologies/4475\nCVE-2021-22205 - GitLab CE/EE RCE\nhttps://t.me/cybersecuritytechnologies/4602\nCVE-2021-40449 - UaF in the NtGdiResetDC function of the Win32k driver\nhttps://t.me/cybersecuritytechnologies/4535\nCVE-2021-40438 - SSRF in Apache2 mod_proxy\nhttps://t.me/cybersecuritytechnologies/4529\nCVE-2021-30858 - UaF in WebKit\nhttps://t.me/cybersecuritytechnologies/4545\nCVE-2021-30883 - iOS IOMFB vulnerability\nhttps://t.me/cybersecuritytechnologies/4497\nCVE-2021-30892 - Shrootless Vulnerability in MacOS\nhttps://t.me/cybersecuritytechnologies/4623\nCVE-2022-1337 - \"View Source\"\nhttps://mobile.twitter.com/megab0t_/status/1452848917205458945\nPoC: JavaScript:https://#%0aalert('xss')", "creation_timestamp": "2021-11-08T11:07:01.000000Z"}, {"uuid": "0f8aa120-8ddc-40d2-8284-183e202dcc7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4535", "content": "#exploit\nCVE-2021-40449:\nUse-after-free vulnerability in the NtGdiResetDC\nfunction of the Win32k driver\nhttps://github.com/ollypwn/CallbackHell", "creation_timestamp": "2021-10-17T14:12:01.000000Z"}]}