{"vulnerability": "CVE-2022-39197", "sightings": [{"uuid": "0df47b45-d68c-471d-a932-3460d1e30a42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "bc92be7e-cfb6-45a5-99d6-a2581392ef5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971786", "content": "", "creation_timestamp": "2024-12-24T20:34:03.417605Z"}, {"uuid": "58d1215c-5e4d-4f88-9f85-4a27ac286596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:38.000000Z"}, {"uuid": "ceb735f7-7a70-4b5f-a9ab-95906cc92054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4268", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCobalt Strike\n\u63cf\u8ff0\uff1aCobalt Strike 4.4 \u732a\u732a\u7248 \u53bb\u6697\u6869 \u53bb\u6d41\u91cf\u7279\u5f81  beacon\u4eff\u9020\u771f\u5b9eAPI\u670d\u52a1  \u4fee\u8865CVE-2022-39197\u8865\u4e01\nURL\uff1ahttps://github.com/xiao-zhu-zhu/pig_CS4.4\n\n\u6807\u7b7e\uff1a#Cobalt Strike", "creation_timestamp": "2023-04-28T07:03:34.000000Z"}, {"uuid": "a5144b85-07d5-4546-a6cd-b4586fa33e60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-39197", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f656aab1-ee01-4c55-904c-566d2b970d52", "content": "", "creation_timestamp": "2026-02-02T12:27:02.771276Z"}, {"uuid": "9f24b466-e90d-49d4-a06d-2e086f7ce09f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3493", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39197\nURL\uff1ahttps://github.com/adeljck/CVE-2022-39197\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-29T19:12:56.000000Z"}, {"uuid": "88a239d7-8bfc-4b43-bde6-8965fb449ea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6054", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aA testing tool for CobaltStrike-RCE:CVE-2022-39197; Weblogic-RCE:CVE-2023-21839; MinIO:CVE-2023-28432\nURL\uff1ahttps://github.com/Romanc9/Gui-poc-test\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-03T13:47:08.000000Z"}, {"uuid": "b95c3127-7fea-4c96-8413-63ba1cb0c6c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1003", "content": "cve-2022-39197\n\u0422\u0430 \u0441\u0430\u043c\u0430\u044f XSS \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u0430\u044f \u0432 Cobalt Strike  4.7 \n\u0415\u0449\u0435 \u0440\u0430\u0437 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u043f\u0440\u043e \u0434\u044b\u0440\u043a\u0443\n\u0421\u043a\u0430\u0447\u0430\u0442\u044c exploit\n\n#cobaltstrike #exploit", "creation_timestamp": "2022-09-23T06:29:01.000000Z"}, {"uuid": "f58c18d8-7eff-4250-a27b-72476c66f8c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1077", "content": "CobaltStrike <= 4.7.1 RCE \n\u043f\u043e\u0440\u0430 \u0431\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0434\u043e 4.7.2 (\u043a\u0430\u043a \u0440\u0430\u0437 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0432\u044b\u0448\u043b\u0430)\nCVE-2022-39197 RCE POC", "creation_timestamp": "2022-10-18T11:44:25.000000Z"}, {"uuid": "8302762a-703c-4fa9-afb9-555207268be7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "https://t.me/proxy_bar/1062", "content": "\u041e\u0434\u043d\u0430\u0436\u0434\u044b \u0412\u0430\u0448\u0438 \u0434\u0435\u0442\u0438 \u0412\u0430\u0441 \u0441\u043f\u0440\u043e\u0441\u044f\u0442: \u043f\u0430\u043f\\\u043c\u0430\u043c, \u0430 \u043a\u0430\u043a \u0432\u044b \u0437\u0430\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0441\u0432\u043e\u0438 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b ? \n\u041f\u0440\u043e\u0441\u0442\u043e \u043f\u043e\u043a\u0430\u0436\u0438\u0442\u0435 \u0438\u043c \u044d\u0442\u043e \u0412\u0418\u0414\u0415\u041e\nCVE-2022-39197 is an XSS vulnerability in Cobalt Strike.\n\u0414\u044b\u0440\u0430 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0430 -  \u043f\u043e\u043a\u0430 \u0432 \u043f\u0430\u0431\u043b\u0438\u043a\u0435 \u043d\u0430 \u0445\u0430\u043b\u044f\u0432\u0443 \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 \u043f\u0430\u0442\u0447\u0435\u043c \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e\n\n#\u0440\u044b\u0431\u0430\u043a_\u0440\u044b\u0431\u0430\u043a\u0430 #cobaltstrike", "creation_timestamp": "2022-10-16T12:27:23.000000Z"}, {"uuid": "fe8a1918-a2c9-4504-b417-31995c84e46c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2812", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nMCPTool\n\nFeatures:\n\u25ab\ufe0f See information of a server\n\u25ab\ufe0f View player information\n\u25ab\ufe0f Port scanning\n\u25ab\ufe0f QuboScanner\n\u25ab\ufe0f Scanning of nodes of a hosting\n\u25ab\ufe0f Create a local bungee\n\u25ab\ufe0f Listening command\n\u25ab\ufe0f Checker\n\u25ab\ufe0f Show mods on this server.\n\n\nhttps://github.com/wrrulos/MCPTool\n\nvbackdoor\n\nHide process,port,self under Linux using the LD_PRELOAD rootkit.\n\nhttps://github.com/veo/vbackdoor\n\nWebKiller V2\n\nTool Information Gathering Write With Python.\n\nhttps://github.com/ultrasecurity/webkiller\n\nFilelessRemotePE\n\nLoading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique.\n\nhttps://github.com/D1rkMtr/FilelessRemotePE\n\nJuicyPotatoNG\n\nJust another Windows Local Privilege Escalation from Service Account to System. \n\nhttps://github.com/antonioCoco/JuicyPotatoNG\n\nDetails:\nhttps://decoder.cloud/2022/09/21/giving-juicypotato-a-second-chance-juicypotatong/\n\nBluffy \n\nA utility which was used in experiments to bypass Anti-Virus products (statically) by formatting shellcode into realistic looking data formats.\n\nSo far, we implemented:\n\n\u25ab\ufe0f UUID\n\u25ab\ufe0f CLSID\n\u25ab\ufe0f SVG\n\u25ab\ufe0f CSS\n\u25ab\ufe0f CSV\n\nhttps://github.com/preemptdev/bluffy\n\nCVE-2022-38577\n\nProcessMaker - User Profile Privilege Escalation\n\nhttps://github.com/sornram9254/CVE-2022-38577-Processmaker\n\n#cve\n\nAV-Bypass-Learning\n\nhttps://github.com/colind0pe/AV-Bypass-Learning\n\nLockBit-Black-Builder\n\nhttps://github.com/3xp0rt/LockBit-Black-Builder\n\nLockBit ransomware builder leaked online by \u201cangry developer\u201d\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/\n\nPaybag\n\nCreate metasploit payload easily using Paybag\n\nhttps://github.com/Deadpool2000/Paybag\n\nDNS_Enumerator\n\nhttps://github.com/crypticq/DNS_Enumerator\n\nShotDroid v2\n\nPentesting tool for android. There are 3 tools that have their respective functions:\n\nAndroid Files: Get files from Android directory, internal and external storage (Images, Videos, Whatsapp, ..)\nAndroid Keylogger: Android Keylogging Keyboard + Reverse Shell.\nTake Face Webcam: Take face shot from the target phone's front camera and PC webcam.\n\nFeatures:\n\u25ab\ufe0f Hide apps in android files.\n\u25ab\ufe0f Custom android directory.\n\u25ab\ufe0f For Android Keylogger -> you can see it here: Simple-keyboard or LokiBoard.\n\u25ab\ufe0f Automatic html template in take face webcam.\n\u25ab\ufe0f Custom html or custom your html folder in take face webcam tool.\n\u25ab\ufe0f etc.\n\nhttps://github.com/kp300/shotdroid\n\nFakeBurpCert\n\nBurp suite Certificate modification tool.\n\nThis tool is used to modify or add information that is not included in the dynamically generated certificates in PortSwiggers Burp Suite.\n\nCurrently working:\n\n\u25ab\ufe0f Modification of CN\n\u25ab\ufe0f Set the serial number\n\u25ab\ufe0f Set the date of the certificate\n\u25ab\ufe0f Modification or add a SAN (Subject Alternative Name).\n\u25ab\ufe0f Add an OCSP URI.\n\nhttps://github.com/raise-isayan/FakeCert\n\nBufferOverflowKiller v1.0\n\nA tool for buffer overflow attacks\n\nhttps://github.com/baimao-box/BufferOverflowKiller\n\nLeonidas\n\nThis is the repository containing Leonidas, a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties.\n\nhttps://github.com/WithSecureLabs/leonidas\n\nRustChain\n\nThis tool is a simple PoC of how to hide memory artifacts using a ROP chain in combination with hardware breakpoints. The ROP chain will change the main module memory page's protections to N/A while sleeping (i.e. when the function Sleep is called). \n\nFor more detailed information about this memory scanning evasion technique check out the original project Gargoyle. x64 only.\n\nhttps://github.com/Kudaes/RustChain\n\nCVE-2022-39197\n\ncritical Cobalt Strike bug could lead to RCE attacks.\n\nhttps://github.com/burpheart/cve-2022-39197\n\nDetails:\nhttps://securityonline.info/cve-2022-39197-critical-cobalt-strike-bug-could-lead-to-rce-attacks/\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org", "creation_timestamp": "2023-05-25T16:56:29.000000Z"}, {"uuid": "028647e4-9f94-406f-9a0c-ec5ffc8878a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "Telegram/xEW3L7faxxCz9jI6Q8ptQb_DvS9w0RJHBd44f4st0wu5Y_8", "content": "", "creation_timestamp": "2022-10-11T08:10:28.000000Z"}, {"uuid": "1d139dc9-4587-4b79-aeb8-9f4c9e40aadd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/Cobalt_Strike_info/323", "content": "Cobalt Strike - XSS Exploit Explained CVE-2022-39197 is a simple XSS vulnerability but it's possible to get RCE from this because you can define an account username in the Beacon configuration.\nThis exploit targets the client a user uses to connect to a C2 server, displaying all infected systems to the user. It is a cross site scripting attack written in Java which payload contains HTML tags.", "creation_timestamp": "2022-10-22T02:11:56.000000Z"}, {"uuid": "61cae4f5-73bb-46a8-87a1-2fd9b7c90713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "Telegram/due5ZbGEH9kWXucvTKyGo-jEbTFPwhilL4AH3D6DGO8Xiwg", "content": "", "creation_timestamp": "2023-01-29T14:22:33.000000Z"}, {"uuid": "ae34d75e-c770-436e-8989-58bd73f7bdc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/Cobalt_Strike_info/303", "content": "Critical Cobalt Strike bug could lead to RCE attacks.\n\nCVE-2022-39197\n\nhttps://github.com/burpheart/cve-2022-39197\n\nDetails:\nhttps://securityonline.info/cve-2022-39197-critical-cobalt-strike-bug-could-lead-to-rce-attacks\n\n#\u0441\u0442\u0430\u0442\u044c\u0438_\u0441\u0441\u044b\u043b\u043a\u0438_scripts", "creation_timestamp": "2022-10-15T02:50:00.000000Z"}, {"uuid": "544c961a-d805-4b06-89c4-e43d33534337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/Cobalt_Strike_info/319", "content": "CobaltStrike <= 4.7.1 RCE \n\u043f\u043e\u0440\u0430 \u0431\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0434\u043e 4.7.2 (\u043a\u0430\u043a \u0440\u0430\u0437 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0432\u044b\u0448\u043b\u0430)\nCVE-2022-39197 RCE POC\n\n#soft_script", "creation_timestamp": "2022-10-19T04:45:58.000000Z"}, {"uuid": "c3bc3b73-a024-4647-b26a-99779b1fed28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/intelexch/24209", "content": "https://github.com/burpheart/CVE-2022-39197-patch", "creation_timestamp": "2022-09-27T15:08:49.000000Z"}, {"uuid": "c2089f7e-02f8-4bbf-9fc9-e98aad30955a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/573", "content": "CVE-2022-39197 : CobaltStrike <= 4.7.1- Remote Code Execution\nhttps://github.com/TheCryingGame/CVE-2022-39197-RCE", "creation_timestamp": "2022-11-08T09:30:41.000000Z"}, {"uuid": "0cd2ba74-01e4-4274-a500-68361a49924f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "https://t.me/true_secator/3577", "content": "\u041d\u0435\u0440\u0435\u0434\u043a\u043e \u043d\u043e \u043c\u0435\u0442\u043a\u043e, \u043a\u043e\u0433\u0434\u0430 \u0438 \u0441\u0430\u043c \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0439 \u0441\u043e\u0444\u0442 \u043d\u0435 \u043b\u0438\u0448\u0435\u043d \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0441 \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \n\n\u041d\u0435 \u043f\u0440\u043e\u0448\u043b\u043e \u0438 \u043c\u0435\u0441\u044f\u0446\u0430 \u043f\u043e\u0441\u043b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0433\u0438 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 Cobalt Strike, \u043a\u0430\u043a \u043d\u0430 \u0435\u0435 \u043c\u0435\u0441\u0442\u0435 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f HelpSystems, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u0432\u0448\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u0443\u044e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 Cobalt Strike, \u0443\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u043d\u0435\u043f\u043b\u0430\u043d\u043e\u0432\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0446\u0435\u043b\u0435\u0432\u044b\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438.\n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 RCE, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a CVE-2022-42948, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Cobalt Strike \u0432\u0435\u0440\u0441\u0438\u0438 4.7.1 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u043e\u043b\u043d\u044b\u043c \u043f\u0430\u0442\u0447\u0435\u043c, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u043c 20 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-39197.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f XSS-\u0443\u0437\u044f\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0441 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u043f\u043e\u043b\u044f\u043c\u0438 \u0432\u0432\u043e\u0434\u0430 \u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u0438\u043c\u0438\u0442\u0430\u0446\u0438\u0438 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430\u0442\u0430 Cobalt Strike, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u0433\u043e \u043d\u0430 \u0445\u043e\u0441\u0442\u0435.\n\n\u041e\u0434\u043d\u0430\u043a\u043e, \u0432 \u0445\u043e\u0434\u0435 \u00a0\u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 \u0438\u0437 IBM X-Force \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e, \u0447\u0442\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043e \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u0440\u0435\u0434\u044b Java Swing - \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 Cobalt Strike.\n\n\u0424\u0438\u0448\u043a\u0430 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0432 Java Swing \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u044e\u0442 \u043b\u044e\u0431\u043e\u0439 \u0442\u0435\u043a\u0441\u0442 \u043a\u0430\u043a HTML-\u043a\u043e\u043d\u0442\u0435\u043d\u0442, \u0435\u0441\u043b\u0438 \u043e\u043d \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0442\u0441\u044f \u0441 , \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u043e \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e HTML-\u0442\u0435\u0433\u0430  \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u0435\u0435 \u0432 \u043f\u043e\u043b\u0435 \"\u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f\", \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043c\u0435\u043d\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u043d\u0438\u043a\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 Cobalt Strike.\n\n\u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 IBM \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u043d\u043e\u0432\u0443\u044e \u0431\u0430\u0433\u0443 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043f\u043e\u043b\u043d\u043e\u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0439 \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e \u043e\u0442 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b.", "creation_timestamp": "2022-10-18T19:20:04.000000Z"}, {"uuid": "2f744f1b-8107-4e96-84be-34c71b92560d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "seen", "source": "https://t.me/cibsecurity/50256", "content": "\u203c CVE-2022-39197 \u203c\n\nAn XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-22T07:11:51.000000Z"}, {"uuid": "f4eca25a-d121-48e0-be65-e97278e8e4eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1248", "content": "", "creation_timestamp": "2022-10-18T17:08:55.000000Z"}, {"uuid": "ac161760-74e2-42a9-b555-5cce256b98e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "Telegram/GCK1P-EBo7Y1wNSuahWWNDYJV0bTI8Do0fvIbhPs8cGhtg", "content": "", "creation_timestamp": "2023-01-29T13:23:04.000000Z"}, {"uuid": "9e12f5bf-748c-466c-8b84-d26fb53b317f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/intelexch/23631", "content": "https://github.com/xzajyjs/CVE-2022-39197-POC", "creation_timestamp": "2022-09-24T13:33:46.000000Z"}, {"uuid": "5e662b34-d649-4ac3-9da3-62c791b9d48a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/275", "content": "https://github.com/burpheart/cve-2022-39197", "creation_timestamp": "2022-09-23T07:06:47.000000Z"}, {"uuid": "70758b95-26ea-492a-bac5-c7fcd6296597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/288", "content": "https://github.com/burpheart/cve-2022-39197    cs4.7poc\n#github", "creation_timestamp": "2022-09-30T09:36:28.000000Z"}, {"uuid": "a682ba8e-7144-447b-a204-394567d6cb1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2510", "content": "#CVE-2022\nCVE-2022-39197\n\nhttps://github.com/adeljck/CVE-2022-39197\n\n@BlueRedTeam", "creation_timestamp": "2022-12-06T20:11:51.000000Z"}, {"uuid": "276b004c-8174-4daa-82b8-6e16aa9137da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7034", "content": "#exploit\n1. CVE-2022-36663:\nInternal network scanner through Gluu IAM blind ssrf\nhttps://github.com/Qeisi/CVE-2022-36663-PoC\n\n2. CVE-2022-21970:\nMicrosoft Edge (Chromium-based) EoP Vulnerability\nhttps://github.com/Malwareman007/CVE-2022-21970\n\n3. CVE-2022-39197:\nCobaltStrike <= 4.7.1 RCE\nhttps://github.com/TheCryingGame/CVE-2022-39197-RCE", "creation_timestamp": "2022-10-23T19:30:28.000000Z"}]}