{"vulnerability": "CVE-2022-3919", "sightings": [{"uuid": "0df47b45-d68c-471d-a932-3460d1e30a42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "bc92be7e-cfb6-45a5-99d6-a2581392ef5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971786", "content": "", "creation_timestamp": "2024-12-24T20:34:03.417605Z"}, {"uuid": "58d1215c-5e4d-4f88-9f85-4a27ac286596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:38.000000Z"}, {"uuid": "a5144b85-07d5-4546-a6cd-b4586fa33e60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-39197", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f656aab1-ee01-4c55-904c-566d2b970d52", "content": "", "creation_timestamp": "2026-02-02T12:27:02.771276Z"}, {"uuid": "ceb735f7-7a70-4b5f-a9ab-95906cc92054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4268", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCobalt Strike\n\u63cf\u8ff0\uff1aCobalt Strike 4.4 \u732a\u732a\u7248 \u53bb\u6697\u6869 \u53bb\u6d41\u91cf\u7279\u5f81  beacon\u4eff\u9020\u771f\u5b9eAPI\u670d\u52a1  \u4fee\u8865CVE-2022-39197\u8865\u4e01\nURL\uff1ahttps://github.com/xiao-zhu-zhu/pig_CS4.4\n\n\u6807\u7b7e\uff1a#Cobalt Strike", "creation_timestamp": "2023-04-28T07:03:34.000000Z"}, {"uuid": "fdd2f58e-f392-4b1a-98ba-d879912e2d8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39193", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10257", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39193\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.\n\ud83d\udccf Published: 2023-01-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T16:11:19.802Z\n\ud83d\udd17 References:\n1. https://phabricator.wikimedia.org/T311337", "creation_timestamp": "2025-04-03T16:34:46.000000Z"}, {"uuid": "9f24b466-e90d-49d4-a06d-2e086f7ce09f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3493", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39197\nURL\uff1ahttps://github.com/adeljck/CVE-2022-39197\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-29T19:12:56.000000Z"}, {"uuid": "88a239d7-8bfc-4b43-bde6-8965fb449ea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6054", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aA testing tool for CobaltStrike-RCE:CVE-2022-39197; Weblogic-RCE:CVE-2023-21839; MinIO:CVE-2023-28432\nURL\uff1ahttps://github.com/Romanc9/Gui-poc-test\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-03T13:47:08.000000Z"}, {"uuid": "c05a3d40-7417-447b-a6c6-5c4e03594f5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39198", "type": "seen", "source": "https://t.me/arpsyndicate/3122", "content": "#ExploitObserverAlert\n\nCVE-2022-39198\n\nDESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2022-39198. A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.\n\nFIRST-EPSS: 0.005760000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-27T23:56:46.000000Z"}, {"uuid": "b95c3127-7fea-4c96-8413-63ba1cb0c6c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1003", "content": "cve-2022-39197\n\u0422\u0430 \u0441\u0430\u043c\u0430\u044f XSS \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u0430\u044f \u0432 Cobalt Strike  4.7 \n\u0415\u0449\u0435 \u0440\u0430\u0437 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u043f\u0440\u043e \u0434\u044b\u0440\u043a\u0443\n\u0421\u043a\u0430\u0447\u0430\u0442\u044c exploit\n\n#cobaltstrike #exploit", "creation_timestamp": "2022-09-23T06:29:01.000000Z"}, {"uuid": "f58c18d8-7eff-4250-a27b-72476c66f8c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1077", "content": "CobaltStrike <= 4.7.1 RCE \n\u043f\u043e\u0440\u0430 \u0431\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0434\u043e 4.7.2 (\u043a\u0430\u043a \u0440\u0430\u0437 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0432\u044b\u0448\u043b\u0430)\nCVE-2022-39197 RCE POC", "creation_timestamp": "2022-10-18T11:44:25.000000Z"}, {"uuid": "8302762a-703c-4fa9-afb9-555207268be7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "https://t.me/proxy_bar/1062", "content": "\u041e\u0434\u043d\u0430\u0436\u0434\u044b \u0412\u0430\u0448\u0438 \u0434\u0435\u0442\u0438 \u0412\u0430\u0441 \u0441\u043f\u0440\u043e\u0441\u044f\u0442: \u043f\u0430\u043f\\\u043c\u0430\u043c, \u0430 \u043a\u0430\u043a \u0432\u044b \u0437\u0430\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0441\u0432\u043e\u0438 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b ? \n\u041f\u0440\u043e\u0441\u0442\u043e \u043f\u043e\u043a\u0430\u0436\u0438\u0442\u0435 \u0438\u043c \u044d\u0442\u043e \u0412\u0418\u0414\u0415\u041e\nCVE-2022-39197 is an XSS vulnerability in Cobalt Strike.\n\u0414\u044b\u0440\u0430 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0430 -  \u043f\u043e\u043a\u0430 \u0432 \u043f\u0430\u0431\u043b\u0438\u043a\u0435 \u043d\u0430 \u0445\u0430\u043b\u044f\u0432\u0443 \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 \u043f\u0430\u0442\u0447\u0435\u043c \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e\n\n#\u0440\u044b\u0431\u0430\u043a_\u0440\u044b\u0431\u0430\u043a\u0430 #cobaltstrike", "creation_timestamp": "2022-10-16T12:27:23.000000Z"}, {"uuid": "fe8a1918-a2c9-4504-b417-31995c84e46c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2812", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nMCPTool\n\nFeatures:\n\u25ab\ufe0f See information of a server\n\u25ab\ufe0f View player information\n\u25ab\ufe0f Port scanning\n\u25ab\ufe0f QuboScanner\n\u25ab\ufe0f Scanning of nodes of a hosting\n\u25ab\ufe0f Create a local bungee\n\u25ab\ufe0f Listening command\n\u25ab\ufe0f Checker\n\u25ab\ufe0f Show mods on this server.\n\n\nhttps://github.com/wrrulos/MCPTool\n\nvbackdoor\n\nHide process,port,self under Linux using the LD_PRELOAD rootkit.\n\nhttps://github.com/veo/vbackdoor\n\nWebKiller V2\n\nTool Information Gathering Write With Python.\n\nhttps://github.com/ultrasecurity/webkiller\n\nFilelessRemotePE\n\nLoading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique.\n\nhttps://github.com/D1rkMtr/FilelessRemotePE\n\nJuicyPotatoNG\n\nJust another Windows Local Privilege Escalation from Service Account to System. \n\nhttps://github.com/antonioCoco/JuicyPotatoNG\n\nDetails:\nhttps://decoder.cloud/2022/09/21/giving-juicypotato-a-second-chance-juicypotatong/\n\nBluffy \n\nA utility which was used in experiments to bypass Anti-Virus products (statically) by formatting shellcode into realistic looking data formats.\n\nSo far, we implemented:\n\n\u25ab\ufe0f UUID\n\u25ab\ufe0f CLSID\n\u25ab\ufe0f SVG\n\u25ab\ufe0f CSS\n\u25ab\ufe0f CSV\n\nhttps://github.com/preemptdev/bluffy\n\nCVE-2022-38577\n\nProcessMaker - User Profile Privilege Escalation\n\nhttps://github.com/sornram9254/CVE-2022-38577-Processmaker\n\n#cve\n\nAV-Bypass-Learning\n\nhttps://github.com/colind0pe/AV-Bypass-Learning\n\nLockBit-Black-Builder\n\nhttps://github.com/3xp0rt/LockBit-Black-Builder\n\nLockBit ransomware builder leaked online by \u201cangry developer\u201d\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/\n\nPaybag\n\nCreate metasploit payload easily using Paybag\n\nhttps://github.com/Deadpool2000/Paybag\n\nDNS_Enumerator\n\nhttps://github.com/crypticq/DNS_Enumerator\n\nShotDroid v2\n\nPentesting tool for android. There are 3 tools that have their respective functions:\n\nAndroid Files: Get files from Android directory, internal and external storage (Images, Videos, Whatsapp, ..)\nAndroid Keylogger: Android Keylogging Keyboard + Reverse Shell.\nTake Face Webcam: Take face shot from the target phone's front camera and PC webcam.\n\nFeatures:\n\u25ab\ufe0f Hide apps in android files.\n\u25ab\ufe0f Custom android directory.\n\u25ab\ufe0f For Android Keylogger -> you can see it here: Simple-keyboard or LokiBoard.\n\u25ab\ufe0f Automatic html template in take face webcam.\n\u25ab\ufe0f Custom html or custom your html folder in take face webcam tool.\n\u25ab\ufe0f etc.\n\nhttps://github.com/kp300/shotdroid\n\nFakeBurpCert\n\nBurp suite Certificate modification tool.\n\nThis tool is used to modify or add information that is not included in the dynamically generated certificates in PortSwiggers Burp Suite.\n\nCurrently working:\n\n\u25ab\ufe0f Modification of CN\n\u25ab\ufe0f Set the serial number\n\u25ab\ufe0f Set the date of the certificate\n\u25ab\ufe0f Modification or add a SAN (Subject Alternative Name).\n\u25ab\ufe0f Add an OCSP URI.\n\nhttps://github.com/raise-isayan/FakeCert\n\nBufferOverflowKiller v1.0\n\nA tool for buffer overflow attacks\n\nhttps://github.com/baimao-box/BufferOverflowKiller\n\nLeonidas\n\nThis is the repository containing Leonidas, a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties.\n\nhttps://github.com/WithSecureLabs/leonidas\n\nRustChain\n\nThis tool is a simple PoC of how to hide memory artifacts using a ROP chain in combination with hardware breakpoints. The ROP chain will change the main module memory page's protections to N/A while sleeping (i.e. when the function Sleep is called). \n\nFor more detailed information about this memory scanning evasion technique check out the original project Gargoyle. x64 only.\n\nhttps://github.com/Kudaes/RustChain\n\nCVE-2022-39197\n\ncritical Cobalt Strike bug could lead to RCE attacks.\n\nhttps://github.com/burpheart/cve-2022-39197\n\nDetails:\nhttps://securityonline.info/cve-2022-39197-critical-cobalt-strike-bug-could-lead-to-rce-attacks/\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org", "creation_timestamp": "2023-05-25T16:56:29.000000Z"}, {"uuid": "028647e4-9f94-406f-9a0c-ec5ffc8878a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "Telegram/xEW3L7faxxCz9jI6Q8ptQb_DvS9w0RJHBd44f4st0wu5Y_8", "content": "", "creation_timestamp": "2022-10-11T08:10:28.000000Z"}, {"uuid": "61cae4f5-73bb-46a8-87a1-2fd9b7c90713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "Telegram/due5ZbGEH9kWXucvTKyGo-jEbTFPwhilL4AH3D6DGO8Xiwg", "content": "", "creation_timestamp": "2023-01-29T14:22:33.000000Z"}, {"uuid": "0cd2ba74-01e4-4274-a500-68361a49924f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "https://t.me/true_secator/3577", "content": "\u041d\u0435\u0440\u0435\u0434\u043a\u043e \u043d\u043e \u043c\u0435\u0442\u043a\u043e, \u043a\u043e\u0433\u0434\u0430 \u0438 \u0441\u0430\u043c \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0439 \u0441\u043e\u0444\u0442 \u043d\u0435 \u043b\u0438\u0448\u0435\u043d \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0441 \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \n\n\u041d\u0435 \u043f\u0440\u043e\u0448\u043b\u043e \u0438 \u043c\u0435\u0441\u044f\u0446\u0430 \u043f\u043e\u0441\u043b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0433\u0438 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 Cobalt Strike, \u043a\u0430\u043a \u043d\u0430 \u0435\u0435 \u043c\u0435\u0441\u0442\u0435 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f HelpSystems, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u0432\u0448\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u0443\u044e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 Cobalt Strike, \u0443\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u043d\u0435\u043f\u043b\u0430\u043d\u043e\u0432\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0446\u0435\u043b\u0435\u0432\u044b\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438.\n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 RCE, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a CVE-2022-42948, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Cobalt Strike \u0432\u0435\u0440\u0441\u0438\u0438 4.7.1 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u043e\u043b\u043d\u044b\u043c \u043f\u0430\u0442\u0447\u0435\u043c, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u043c 20 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-39197.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f XSS-\u0443\u0437\u044f\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0441 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u043f\u043e\u043b\u044f\u043c\u0438 \u0432\u0432\u043e\u0434\u0430 \u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u0438\u043c\u0438\u0442\u0430\u0446\u0438\u0438 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430\u0442\u0430 Cobalt Strike, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u0433\u043e \u043d\u0430 \u0445\u043e\u0441\u0442\u0435.\n\n\u041e\u0434\u043d\u0430\u043a\u043e, \u0432 \u0445\u043e\u0434\u0435 \u00a0\u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 \u0438\u0437 IBM X-Force \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e, \u0447\u0442\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043e \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u0440\u0435\u0434\u044b Java Swing - \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 Cobalt Strike.\n\n\u0424\u0438\u0448\u043a\u0430 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0432 Java Swing \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u044e\u0442 \u043b\u044e\u0431\u043e\u0439 \u0442\u0435\u043a\u0441\u0442 \u043a\u0430\u043a HTML-\u043a\u043e\u043d\u0442\u0435\u043d\u0442, \u0435\u0441\u043b\u0438 \u043e\u043d \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0442\u0441\u044f \u0441 , \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u043e \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e HTML-\u0442\u0435\u0433\u0430  \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u0435\u0435 \u0432 \u043f\u043e\u043b\u0435 \"\u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f\", \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043c\u0435\u043d\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u043d\u0438\u043a\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 Cobalt Strike.\n\n\u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 IBM \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u043d\u043e\u0432\u0443\u044e \u0431\u0430\u0433\u0443 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043f\u043e\u043b\u043d\u043e\u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0439 \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e \u043e\u0442 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b.", "creation_timestamp": "2022-10-18T19:20:04.000000Z"}, {"uuid": "ae34d75e-c770-436e-8989-58bd73f7bdc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/Cobalt_Strike_info/303", "content": "Critical Cobalt Strike bug could lead to RCE attacks.\n\nCVE-2022-39197\n\nhttps://github.com/burpheart/cve-2022-39197\n\nDetails:\nhttps://securityonline.info/cve-2022-39197-critical-cobalt-strike-bug-could-lead-to-rce-attacks\n\n#\u0441\u0442\u0430\u0442\u044c\u0438_\u0441\u0441\u044b\u043b\u043a\u0438_scripts", "creation_timestamp": "2022-10-15T02:50:00.000000Z"}, {"uuid": "1d139dc9-4587-4b79-aeb8-9f4c9e40aadd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/Cobalt_Strike_info/323", "content": "Cobalt Strike - XSS Exploit Explained CVE-2022-39197 is a simple XSS vulnerability but it's possible to get RCE from this because you can define an account username in the Beacon configuration.\nThis exploit targets the client a user uses to connect to a C2 server, displaying all infected systems to the user. It is a cross site scripting attack written in Java which payload contains HTML tags.", "creation_timestamp": "2022-10-22T02:11:56.000000Z"}, {"uuid": "544c961a-d805-4b06-89c4-e43d33534337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/Cobalt_Strike_info/319", "content": "CobaltStrike <= 4.7.1 RCE \n\u043f\u043e\u0440\u0430 \u0431\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0434\u043e 4.7.2 (\u043a\u0430\u043a \u0440\u0430\u0437 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0432\u044b\u0448\u043b\u0430)\nCVE-2022-39197 RCE POC\n\n#soft_script", "creation_timestamp": "2022-10-19T04:45:58.000000Z"}, {"uuid": "c2089f7e-02f8-4bbf-9fc9-e98aad30955a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/573", "content": "CVE-2022-39197 : CobaltStrike <= 4.7.1- Remote Code Execution\nhttps://github.com/TheCryingGame/CVE-2022-39197-RCE", "creation_timestamp": "2022-11-08T09:30:41.000000Z"}, {"uuid": "f4eca25a-d121-48e0-be65-e97278e8e4eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1248", "content": "", "creation_timestamp": "2022-10-18T17:08:55.000000Z"}, {"uuid": "c3bc3b73-a024-4647-b26a-99779b1fed28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/intelexch/24209", "content": "https://github.com/burpheart/CVE-2022-39197-patch", "creation_timestamp": "2022-09-27T15:08:49.000000Z"}, {"uuid": "6bc425c5-f9b0-4384-88f1-99ae92677026", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39198", "type": "seen", "source": "https://t.me/cibsecurity/51692", "content": "\u203c CVE-2022-39198 \u203c\n\nA deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T22:14:18.000000Z"}, {"uuid": "ac161760-74e2-42a9-b555-5cce256b98e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "Telegram/GCK1P-EBo7Y1wNSuahWWNDYJV0bTI8Do0fvIbhPs8cGhtg", "content": "", "creation_timestamp": "2023-01-29T13:23:04.000000Z"}, {"uuid": "dc5a1024-6331-4986-9ab4-2b4b6b3125e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39195", "type": "seen", "source": "https://t.me/cibsecurity/56619", "content": "\u203c CVE-2022-39195 \u203c\n\nA cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-02T14:41:46.000000Z"}, {"uuid": "4d53e515-e8d5-4674-b63f-df8db0f715fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3919", "type": "seen", "source": "https://t.me/cibsecurity/54337", "content": "\u203c CVE-2022-3919 \u203c\n\nThe Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-12T20:21:00.000000Z"}, {"uuid": "9e12f5bf-748c-466c-8b84-d26fb53b317f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/intelexch/23631", "content": "https://github.com/xzajyjs/CVE-2022-39197-POC", "creation_timestamp": "2022-09-24T13:33:46.000000Z"}, {"uuid": "a57fdad9-cf93-4e0b-a6ab-288f8eb108b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39193", "type": "seen", "source": "https://t.me/cibsecurity/56792", "content": "\u203c CVE-2022-39193 \u203c\n\nAn issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with checkuser access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-20T22:28:58.000000Z"}, {"uuid": "3f68a4ac-c5a2-4e25-8a88-f8d834979033", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39199", "type": "seen", "source": "https://t.me/cibsecurity/53376", "content": "\u203c CVE-2022-39199 \u203c\n\nimmudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value reported by the server. A malicious server can change the reported UUID tricking the client to treat it as a different server thus accepting a state completely irrelevant to the one previously retrieved from the server. This issue has been patched in version 1.4.1. As a workaround, when initializing an immudb client object a custom state handler can be used to store the state. Providing custom implementation that ignores the server UUID can be used to ensure that even if the server changes the UUID, client will still consider it to be the same server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-22T22:13:20.000000Z"}, {"uuid": "70758b95-26ea-492a-bac5-c7fcd6296597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/288", "content": "https://github.com/burpheart/cve-2022-39197    cs4.7poc\n#github", "creation_timestamp": "2022-09-30T09:36:28.000000Z"}, {"uuid": "2f744f1b-8107-4e96-84be-34c71b92560d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "https://t.me/cibsecurity/50256", "content": "\u203c CVE-2022-39197 \u203c\n\nAn XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-22T07:11:51.000000Z"}, {"uuid": "22053282-023a-4b90-bfb6-d1813ec6ba84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39196", "type": "seen", "source": "https://t.me/cibsecurity/49279", "content": "\u203c CVE-2022-39196 \u203c\n\nBlackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-05T07:11:44.000000Z"}, {"uuid": "5e662b34-d649-4ac3-9da3-62c791b9d48a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/275", "content": "https://github.com/burpheart/cve-2022-39197", "creation_timestamp": "2022-09-23T07:06:47.000000Z"}, {"uuid": "a682ba8e-7144-447b-a204-394567d6cb1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2510", "content": "#CVE-2022\nCVE-2022-39197\n\nhttps://github.com/adeljck/CVE-2022-39197\n\n@BlueRedTeam", "creation_timestamp": "2022-12-06T20:11:51.000000Z"}, {"uuid": "250a40fd-7057-45a9-ad16-1145cb359dc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39198", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7381", "content": "#exploit\n1. CVE-2022-41050:\nA vulnerability in the MS Windows' User-Mode Printer Drivers\nhttps://ssd-disclosure.com/win32k-user-mode-printer-drivers-startdoc-uaf\n\n2. CVE-2022-46689:\nmacOS Dirty Cow bug\nhttps://github.com/zhuowei/MacDirtyCowDemo\n\n3. CVE-2022-39198:\nApache Dubbo Hession Deserialization Vulnerability Gadgets Bypass\nhttps://xz.aliyun.com/t/11961", "creation_timestamp": "2022-12-18T20:23:10.000000Z"}, {"uuid": "276b004c-8174-4daa-82b8-6e16aa9137da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7034", "content": "#exploit\n1. CVE-2022-36663:\nInternal network scanner through Gluu IAM blind ssrf\nhttps://github.com/Qeisi/CVE-2022-36663-PoC\n\n2. CVE-2022-21970:\nMicrosoft Edge (Chromium-based) EoP Vulnerability\nhttps://github.com/Malwareman007/CVE-2022-21970\n\n3. CVE-2022-39197:\nCobaltStrike <= 4.7.1 RCE\nhttps://github.com/TheCryingGame/CVE-2022-39197-RCE", "creation_timestamp": "2022-10-23T19:30:28.000000Z"}]}