{"vulnerability": "CVE-2022-47966", "sightings": [{"uuid": "38056b00-73ad-4af6-b993-6bdc4fc130cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "5c55a3ad-3ecc-46c0-8d28-2a5265c22f6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "MISP/7d777146-36eb-49c8-bdb9-d5c2e4b1c88a", "content": "", "creation_timestamp": "2023-08-31T12:07:28.000000Z"}, {"uuid": "3d175cbf-a435-40cb-9e5c-736abc10f68b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "MISP/47d2918b-967f-48aa-8680-8e990fa258b3", "content": "", "creation_timestamp": "2023-09-08T02:39:32.000000Z"}, {"uuid": "1b5a047d-1761-496d-a18f-a46b22158518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "MISP/ed88c34e-0808-42f4-916f-ceb10d835abe", "content": "", "creation_timestamp": "2023-09-15T12:08:13.000000Z"}, {"uuid": "641d79bf-28dd-4022-b5c2-fc390803263b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "MISP/e28f2bad-1a27-4139-8882-e8dde8f4a9cb", "content": "", "creation_timestamp": "2023-04-20T12:13:10.000000Z"}, {"uuid": "c793c616-e0d8-4f95-b6eb-adcaeea7850b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "MISP/6b214eb9-2fee-451a-8479-56ba1b875db7", "content": "", "creation_timestamp": "2023-02-27T10:08:52.000000Z"}, {"uuid": "46818967-5904-4be0-a0ac-2d6ea1700910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971756", "content": "", "creation_timestamp": "2024-12-24T20:33:41.400331Z"}, {"uuid": "d7ed6103-433a-456c-ba81-04128fb45787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "d3c1dd79-d377-4858-b2b0-bc2b3e35adac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-22)", "content": "", "creation_timestamp": "2024-12-22T00:00:00.000000Z"}, {"uuid": "932f2830-aa7b-4647-ae91-2c97853dcd13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "3f94e4dc-d615-428d-b50f-aed470645ed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:49.000000Z"}, {"uuid": "ef5fcdb5-a332-401f-9e6b-aa290a41e76d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966.rb", "content": "", "creation_timestamp": "2023-02-08T19:31:52.000000Z"}, {"uuid": "0073ebf3-0b9a-4763-acd2-db669fe5f319", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:40.000000Z"}, {"uuid": "1103572e-0581-488c-a71b-54ac40a6c109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-09)", "content": "", "creation_timestamp": "2025-11-09T00:00:00.000000Z"}, {"uuid": "400c6729-e87c-4b20-9d4c-63cf52e34e84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-04)", "content": "", "creation_timestamp": "2025-08-04T00:00:00.000000Z"}, {"uuid": "6c6d2535-3e14-4d05-b3ac-6b721019a61d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-28)", "content": "", "creation_timestamp": "2025-11-28T00:00:00.000000Z"}, {"uuid": "965471cf-0a63-4c3e-86c2-608c7f1bb8eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:04.000000Z"}, {"uuid": "15fb8b21-35eb-4a78-b505-8e0b76d31385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-27)", "content": "", "creation_timestamp": "2025-11-27T00:00:00.000000Z"}, {"uuid": "417038f1-9dd3-4332-8172-a05da557e730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/manageengine_adselfservice_plus_saml_rce_cve_2022_47966.rb", "content": "", "creation_timestamp": "2023-02-07T23:21:03.000000Z"}, {"uuid": "e2dcc025-37d7-4cd1-9b14-281885816a35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-05)", "content": "", "creation_timestamp": "2025-12-05T00:00:00.000000Z"}, {"uuid": "809c4757-d1a3-4891-807e-251bd9dba232", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/manageengine_servicedesk_plus_saml_rce_cve_2022_47966.rb", "content": "", "creation_timestamp": "2023-02-06T23:52:49.000000Z"}, {"uuid": "e069aa39-736d-493c-a8a7-183ce2b14acb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-31)", "content": "", "creation_timestamp": "2026-03-31T00:00:00.000000Z"}, {"uuid": "c9dd79cc-09a1-4f89-a3cb-32705f3c6b42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-22)", "content": "", "creation_timestamp": "2025-12-22T00:00:00.000000Z"}, {"uuid": "f1483354-a3f3-4128-8e62-f245c99a693a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-04)", "content": "", "creation_timestamp": "2026-03-04T00:00:00.000000Z"}, {"uuid": "9cfe8f65-275e-4040-9a4d-237fd6be1786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "MISP/6b214eb9-2fee-451a-8479-56ba1b875db7", "content": "", "creation_timestamp": "2026-02-06T22:56:36.000000Z"}, {"uuid": "5df60af6-4cc4-4170-98e9-7faac716d745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-28)", "content": "", "creation_timestamp": "2026-01-28T00:00:00.000000Z"}, {"uuid": "31ad335a-830d-4c17-87b5-65b9357fc0df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/bd542cf4-dd01-405e-8963-0cf61a55f22e", "content": "", "creation_timestamp": "2026-02-02T12:27:06.260130Z"}, {"uuid": "df797d9a-9d6d-413e-8b19-7a76bfb2f4e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/cKure/10627", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2022-47966; an unauthenticated remote code execution vulnerability that affects two dozen Zoho ManageEngine products, including ADSelfService Plus, ServiceDesk Plus, and Password Manager Pro, all of which have been exploited in the wild over the past year.\n\nhttps://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis", "creation_timestamp": "2023-01-23T06:07:15.000000Z"}, {"uuid": "196d8f15-bb64-487e-ae6b-82215a3a9615", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/cKure/11538", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Iranian hackers breach United States' aviation org via Zoho, Fortinet bugs.\n\nhttps://www.cisa.gov/news-events/alerts/2023/09/07/cisa-fbi-and-cnmf-release-advisory-multiple-nation-state-threat-actors-exploit-cve-2022-47966-and\n\nhttps://www.bleepingcomputer.com/news/security/iranian-hackers-breach-us-aviation-org-via-zoho-fortinet-bugs/", "creation_timestamp": "2023-09-09T09:27:40.000000Z"}, {"uuid": "8cd55b54-67d9-433e-96d0-12131cd4bfb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10614", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 PoC for cve-2022-47966 affecting ManageEngine Products.\n\nhttps://github.com/shameem-testing/PoC-for-ME-SAML-Vulnerability\n\nhttps://twitter.com/_M_Shahnawaz/status/1616039880894648320", "creation_timestamp": "2023-01-20T06:23:19.000000Z"}, {"uuid": "da5fbb1f-773a-40aa-83e4-84ddfd4c5f1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10683", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Zoho Manage Engine: A Different Payload for CVE-2022-47966.\n\nhttps://vulncheck.com/blog/cve-2022-47966-payload", "creation_timestamp": "2023-02-18T08:41:56.000000Z"}, {"uuid": "e8c741c4-aad1-4439-a4f0-44f155489cf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://t.me/itsec_news/3241", "content": "\u200b\u26a1\ufe0f\u0412\u043e\u0441\u0442\u043e\u0447\u043d\u044b\u0435 \u0441\u043a\u0430\u0437\u043a\u0438: Peach Sandstorm \u0438 \u0438\u0441\u043a\u0443\u0441\u0441\u0442\u0432\u043e \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438.\n\n\ud83d\udcac\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Microsoft \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0441\u0435\u0440\u0438\u044e \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0441\u043e\u0431\u043e\u0433\u043e \u043c\u0435\u0442\u043e\u0434\u0430 \u043f\u043e\u0434\u0431\u043e\u0440\u0430 \u043f\u0430\u0440\u043e\u043b\u0435\u0439, \u043f\u0440\u043e\u0432\u0435\u0434\u0451\u043d\u043d\u0443\u044e \u0433\u0440\u0443\u043f\u043f\u043e\u0439 APT33, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f\u043c\u0438 Peach Sandstorm, Holmium, Elfin \u0438 Magic Hound. \u041e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0446\u0435\u043b\u0438 \u2014 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0441\u0444\u0435\u0440\u0435 \u043a\u043e\u0441\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u0438, \u043e\u0431\u043e\u0440\u043e\u043d\u044b \u0438 \u0444\u0430\u0440\u043c\u0430\u0446\u0435\u0432\u0442\u0438\u043a\u0438.\n\n\u0413\u0440\u0443\u043f\u043f\u0430 APT33 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430 \u0441 2013 \u0433\u043e\u0434\u0430. \u0418\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043e\u043d\u0430 \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0430\u0432\u0438\u0430\u0446\u0438\u043e\u043d\u043d\u0443\u044e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0438 \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u043e\u043c \u043d\u0435\u0444\u0442\u0435\u0445\u0438\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0440\u043e\u0434\u0443\u043a\u0446\u0438\u0438. \u041f\u043e\u0434\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0435 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0436\u0435\u0440\u0442\u0432 \u043d\u0430\u0445\u043e\u0434\u0438\u043b\u043e\u0441\u044c \u043d\u0430 \u0411\u043b\u0438\u0436\u043d\u0435\u043c \u0412\u043e\u0441\u0442\u043e\u043a\u0435, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043c\u0435\u0447\u0430\u043b\u0438\u0441\u044c \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0432 \u0421\u0428\u0410, \u042e\u0436\u043d\u043e\u0439 \u041a\u043e\u0440\u0435\u0435 \u0438 \u0415\u0432\u0440\u043e\u043f\u0435.\n\n\u0421 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u043f\u043e \u0438\u044e\u043b\u044c 2023 \u0445\u0430\u043a\u0435\u0440\u044b \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0438 \u0442\u044b\u0441\u044f\u0447\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443. \u00ab\u041f\u043e \u043e\u0446\u0435\u043d\u043a\u0430\u043c Microsoft, \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u044d\u0442\u0430\u043f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u044b\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0430\u0445 \u0418\u0440\u0430\u043d\u0430\u00bb, \u2014 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f \u0432 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u043e\u0442\u0447\u0435\u0442\u0435.\n\n\u0414\u043b\u044f \u0430\u0442\u0430\u043a \u0432\u044b\u0431\u0440\u0430\u043b\u0438 \u043c\u0435\u0442\u043e\u0434 \u00ab\u0440\u0430\u0441\u043f\u044b\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u0435\u0439\u00bb, \u043f\u0440\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043e\u0434\u043d\u0430 \u0438 \u0442\u0430 \u0436\u0435 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044f \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u043a \u0431\u043e\u043b\u044c\u0448\u043e\u043c\u0443 \u0447\u0438\u0441\u043b\u0443 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439. \u0422\u0430\u043a\u043e\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0437\u0431\u0435\u0433\u0430\u0442\u044c \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0431\u044b\u0447\u043d\u043e \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u0438 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u044b\u0445 \u043f\u043e\u043f\u044b\u0442\u043a\u0430\u0445 \u0432\u0432\u043e\u0434\u0430 \u043f\u0430\u0440\u043e\u043b\u044f. \u041f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0434\u043b\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u0446\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432\u043d\u0443\u0442\u0440\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u041a\u043b\u044e\u0447\u0435\u0432\u0430\u044f \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u043b\u0430\u0441\u044c \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0430\u043d\u043e\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 TOR IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0438 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0430\u0433\u0435\u043d\u0442\u0430 \u00abgo-http-client\u00bb, \u0447\u0442\u043e \u0443\u0441\u043b\u043e\u0436\u043d\u044f\u043b\u043e \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0438 \u043f\u0440\u0435\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432.\n\n\u0425\u0430\u043a\u0435\u0440\u044b \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043b\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b AzureHound \u0438 Roadtools \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438 \u0432 Microsoft Entra ID (\u0431\u044b\u0432\u0448\u0438\u0439 Azure Active Directory).\n\n\u041d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u043b\u0438 \u043a\u043b\u0438\u0435\u043d\u0442 Azure Arc \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u043b\u0438 \u0435\u0433\u043e \u043a \u043f\u043e\u0434\u043f\u0438\u0441\u043a\u0435 Azure, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0439 Peach Sandstorm. \u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e Azure Arc \u043c\u043e\u0436\u043d\u043e \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438\u0437 \u0441\u0432\u043e\u0435\u0433\u043e \u043e\u0431\u043b\u0430\u043a\u0430.\n\n\u0413\u0440\u0443\u043f\u043f\u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u044b\u0442\u0430\u043b\u0430\u0441\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Zoho ManageEngine ( CVE-2022-47966 ) \u0438 Atlassian Confluence ( CVE-2022-26134 ) \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-09-18T21:06:28.000000Z"}, {"uuid": "35bda2d1-5b39-476a-8fd0-b1a58ad3c3de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "Telegram/uoTeqCA2N_y32-_6_00KPM0JMqwUCQaUGgxkpq735FI1pw", "content": "", "creation_timestamp": "2025-08-08T18:21:56.000000Z"}, {"uuid": "13a962e7-61d5-49f9-b399-97c523a971ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://t.me/itsec_news/2081", "content": "\u200b\u26a1\ufe0f\u0411\u0435\u043b\u044b\u0435 \u0445\u0430\u043a\u0435\u0440\u044b \u0432\u044b\u043d\u0443\u0434\u044f\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 ManageEngine \u0437\u0430\u043a\u0440\u044b\u0442\u044c \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\n\ud83d\udcac \u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Horizon3 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Zoho ManageEngine. \u0412 \u043a\u043e\u043d\u0446\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u043e\u043d\u0438 \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u044e\u0442 \u0432\u044b\u043b\u043e\u0436\u0438\u0442\u044c \u0435\u0433\u043e \u0432 \u0441\u0435\u0442\u044c, \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f. \u0422\u0430\u043a, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0431\u0435\u043b\u044b\u0435 \u0445\u0430\u043a\u0435\u0440\u044b \u0445\u043e\u0442\u044f\u0442 \u043f\u0440\u0438\u0432\u043b\u0435\u0447\u044c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432, \u0447\u0442\u043e\u0431\u044b \u0442\u0435 \u00ab\u0437\u0430\u043b\u0430\u0442\u0430\u043b\u0438\u00bb \u0434\u044b\u0440\u0443 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430 \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2022-47966. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 ManageEngine, \u0442\u043e \u0435\u0441\u0442\u044c \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c RCE-\u0430\u0442\u0430\u043a\u0438.\n\n\u0412 \u0441\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0432\u0445\u043e\u0434\u044f\u0442 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b ManageEngine. \u041e\u0434\u043d\u0430\u043a\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Zoho \u0443\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0430 \u0438\u0437 \u043d\u0438\u0445.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u044b Horizon3\u2019s Attack Team \u0443\u0436\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u0435\u0439 Zoho, \u0447\u0442\u043e \u043e\u043d\u0438 \u0441\u043e\u0437\u0434\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0432\u044b\u0448\u0435\u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0425\u043e\u0442\u044f \u043e\u043d\u0438 \u0435\u0449\u0435 \u043d\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438, \u0430 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0431\u0449\u0438\u0435 \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 (IOC), Horizon3 \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u043e\u0437\u0436\u0435 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Horizon3 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u043e\u043c, \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0449\u0438\u043c \u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0432 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438. \u0415\u0433\u043e \u0440\u0430\u0431\u043e\u0442\u043e\u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u0430 \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 ManageEngine ServiceDesk Plus.\n\n\u0414\u0436\u0435\u0439\u043c\u0441 \u0425\u043e\u0440\u0441\u043c\u0430\u043d, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438\u0437 Horizon3, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b, \u0447\u0442\u043e \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 10% \u0432\u0441\u0435\u0445 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 ManageEngine \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a CVE-2022-47966.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043d\u0435\u0442 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0430\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 GreyNoise, \u0437\u0430\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e, \u0431\u044b\u0441\u0442\u0440\u043e \u043f\u0435\u0440\u0435\u0439\u0434\u0443\u0442 \u043a \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0441\u0432\u043e\u0438\u0445 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 RCE, \u043a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e Horizon3 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u0443\u0435\u0442 \u0441\u0432\u043e\u0439 PoC-\u043a\u043e\u0434.\n\n\u0420\u0430\u043d\u0435\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u0438 Horizon3 \u0443\u0436\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\nCVE-2022-28219 \u2014 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Zoho ManageEngine ADAudit Plus, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 Active Directory.\nCVE-2022-1388 \u2014 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 F5 BIG-IP.\nCVE-2022-22972 \u2014 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 VMware, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\u0416\u0451\u0441\u0442\u043a\u043e, \u043d\u043e \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e \u2014 \u043f\u043e\u0441\u043b\u0435 \u0443\u043b\u044c\u0442\u0438\u043c\u0430\u0442\u0443\u043c\u0430, \u0432\u044b\u0434\u0432\u0438\u043d\u0443\u0442\u043e\u0433\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c, \u043c\u043e\u0436\u043d\u043e \u043d\u0435 \u0441\u043e\u043c\u043d\u0435\u0432\u0430\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u043b\u044e\u0431\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0443\u0434\u0443\u0442 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u043a\u0440\u0430\u0442\u0447\u0430\u0439\u0448\u0438\u0435 \u0441\u0440\u043e\u043a\u0438.\n\n#\u0425\u0430\u043a\u0435\u0440\u044b #ManageEngine #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-01-18T13:54:27.000000Z"}, {"uuid": "4a7f5aba-fc7b-41f1-9570-e332236de397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/itsec_news/3148", "content": "\u200b\u26a1\ufe0f\u0413\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0437 \u0418\u0440\u0430\u043d\u0430 \u2014 \u043d\u0435\u0432\u0438\u0434\u0438\u043c\u0430\u044f \u0443\u0433\u0440\u043e\u0437\u0430 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u043e\u0439 \u0430\u0432\u0438\u0430\u0446\u0438\u0438.\n\n\ud83d\udcac \u0414\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e\u0434\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Zoho \u0438 Fortinet.\n\n\u0410\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u0435 \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430 \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u0438\u0440\u0430\u043d\u0441\u043a\u0438\u043c \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u043e\u043c \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0445 \u0433\u0440\u0443\u043f\u043f \u0432 \u043d\u0435\u043d\u0430\u0437\u0432\u0430\u043d\u043d\u0443\u044e \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0443\u044e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e \u0432 \u0430\u0432\u0438\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0444\u0435\u0440\u0435. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Zoho \u0438 Fortinet \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0442\u0438 \u0438 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u043f\u043e \u043d\u0435\u0439.\n\n\u0412 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u043c \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u0438 , \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u043e\u043c 7-\u0433\u043e \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f, \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u0421\u0428\u0410 (CISA), \u0424\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u043e\u0435 \u0431\u044e\u0440\u043e \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439 (\u0424\u0411\u0420) \u0438 \u041a\u043e\u043c\u0430\u043d\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0443 \u0421\u0428\u0410 (USCYBERCOM) \u043d\u0435 \u043d\u0430\u0437\u0432\u0430\u043b\u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u0433\u0440\u0443\u043f\u043f, \u0441\u0442\u043e\u044f\u0449\u0438\u0445 \u0437\u0430 \u044d\u0442\u0438\u043c \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435\u043c, \u043d\u043e \u0441\u0432\u044f\u0437\u0430\u043b\u0438 \u0438\u0445 \u0441 \u0438\u0440\u0430\u043d\u0441\u043a\u0438\u043c \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e\u043c.\n\nCISA \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u043b\u043e \u0443\u0447\u0430\u0441\u0442\u0438\u0435 \u0432 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442 \u0441 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u043f\u043e \u0430\u043f\u0440\u0435\u043b\u044c \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u043e, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0445\u043e\u0434\u0438\u043b\u0438\u0441\u044c \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0430\u0432\u0438\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0441 \u044f\u043d\u0432\u0430\u0440\u044f. \u041e\u043d\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043b\u0438 \u0441\u0435\u0440\u0432\u0435\u0440, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 Zoho ManageEngine ServiceDesk Plus \u0438 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u044d\u043a\u0440\u0430\u043d Fortinet.\n\n\u00ab\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-47966 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u043c\u0443 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e (Zoho ManageEngine ServiceDesk Plus), \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u0441\u0442\u0432\u0430 \u0438 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u043f\u043e \u0441\u0435\u0442\u0438. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 ManageEngine\u00bb, \u2014 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f \u0432 \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u0438.\n\n\u00ab\u0414\u0440\u0443\u0433\u0438\u0435 \u0445\u0430\u043a\u0435\u0440\u044b \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0438 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u044b \u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-42475 \u0432 FortiOS SSL-VPN \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438\u00bb.\n\n\u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u0432\u0435\u0434\u043e\u043c\u0441\u0442\u0432\u0430, \u043f\u0440\u0438\u0447\u0430\u0441\u0442\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0447\u0430\u0441\u0442\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u044e\u0442 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430, \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0438 \u043b\u0435\u0433\u043a\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u0432 \u0441\u0435\u0442\u044c \u0446\u0435\u043b\u0438 \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u0441\u0442\u0432\u043e \u043d\u0430 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043a\u0430\u043a \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u044b\u0435 \u0437\u0432\u0435\u043d\u044c\u044f \u0438\u043b\u0438 \u043a\u0430\u043a \u0437\u043b\u043e\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u0430\u044f \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0435\u0442\u0435\u0439 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u043c\u0435\u0440\u044b \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u0432 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u043c \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043b\u0443\u0447\u0448\u0438\u0435 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0438 NSA \u043f\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b.\n\n\u0414\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432\u0441\u0435\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0442 \u0432\u0441\u0435\u0445 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u0437\u0430 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u043d\u0443\u0436\u043d\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0438 \u0433\u0440\u0443\u043f\u043f.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-09-08T09:59:44.000000Z"}, {"uuid": "3001940c-a6bb-4e57-83e6-6c5de64d472f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-28)", "content": "", "creation_timestamp": "2026-04-28T00:00:00.000000Z"}, {"uuid": "0699c615-03ce-4877-a92d-538b0bb04f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/BleepingComputer/17910", "content": "Latest news and stories from BleepingComputer.com\nHackers use public ManageEngine exploit to breach internet org\n\nThe North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk\u00a0to compromise an internet backbone infrastructure provider and healthcare organizations. [...]", "creation_timestamp": "2023-08-24T14:26:02.000000Z"}, {"uuid": "5180c64f-da22-499d-8733-c13a9101bd57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/BleepingComputer/17911", "content": "\u200aHackers use public ManageEngine exploit to breach internet org\n\nThe North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk\u00a0to compromise an internet backbone infrastructure provider and healthcare organizations. [...]\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-public-manageengine-exploit-to-breach-internet-org/", "creation_timestamp": "2023-08-24T16:09:10.000000Z"}, {"uuid": "e77a356f-a938-4d65-9b26-9a524c1d2830", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/256", "content": "Top Security News for 15/02/2023\n\nThreat activity in the industrial sector. New information-stealing malware targets Ukraine. MortalKombat ransomware.\nhttps://thecyberwire.com/podcasts/research-briefing/155/notes \n\nA Different Payload for ManageEngine's CVE-2022-47966\nhttps://www.reddit.com/r/netsec/comments/1127arf/a_different_payload_for_manageengines_cve202247966/ \n\nPYbot DDoS Malware Being Distributed Disguised as a Discord Nitro Code Generator\nhttps://malware.news/t/pybot-ddos-malware-being-distributed-disguised-as-a-discord-nitro-code-generator/67209#post_1 \n\nMeasuring cybersecurity: The what, why, and how\nhttps://www.csoonline.com/article/3687733/measuring-cybersecurity-the-what-why-and-how.html#tk.rss_all \n\nISC Stormcast For Wednesday, February 15th, 2023 https://isc.sans.edu/podcastdetail.html?id=8370, (Wed, Feb 15th)\nhttps://isc.sans.edu/diary/rss/29550 \n\nShould you share passwords with your partner?\nhttps://www.malwarebytes.com/blog/news/2023/02/should-you-share-passwords-with-your-partner \n\nExpel announces MDR for Kubernetes with MITRE ATT&CK framework alignment\nhttps://www.csoonline.com/article/3687677/expel-announces-mdr-for-kubernetes-with-mitre-attandck-framework-alignment.html#tk.rss_all \n\nThe Pixel phones may be getting a long overdue feature\nhttps://malware.news/t/the-pixel-phones-may-be-getting-a-long-overdue-feature/67206#post_1 \n\nEnterpriseDB adds Transparent Data Encryption to PostgreSQL\nhttps://www.infoworld.com/article/3687813/enterprisedb-adds-transparent-data-encryption-to-postgresql.html#tk.rss_all \n\nHow to deal with developers' fatigue? - Having a long list of vulnerabilities to fix\nhttps://www.reddit.com/r/netsec/comments/11291qt/how_to_deal_with_developers_fatigue_having_a_long/ \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2023-02-15T08:00:04.000000Z"}, {"uuid": "20294a54-0d54-406c-bd1b-ad43f16cfc10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/kasperskyb2b/840", "content": "\ud83d\udc68\u200d\ud83d\udcbb \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT  \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83d\udcb2 \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0443\u0442\u0435\u043a\u0448\u0435\u0433\u043e \u0431\u0438\u043b\u0434\u0435\u0440\u0430 \u0434\u043b\u044f \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 Lockbit black (\u043e\u043d \u0436\u0435 Lockbit v3). \u0418\u043d\u0442\u0435\u0440\u0435\u0441 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043c\u0435\u043d\u044f\u0442\u044c \u00ab\u043f\u0430\u0440\u0442\u043d\u0451\u0440\u044b\u00bb Lockbit \u0438 \u0442\u043e, \u043a\u0430\u043a \u043f\u043e-\u0440\u0430\u0437\u043d\u043e\u043c\u0443 \u0438\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435. \u0420\u0430\u0437\u0443\u043c\u0435\u0435\u0442\u0441\u044f, \u0443\u0442\u0435\u0447\u043a\u0430 \u0431\u0438\u043b\u0434\u0435\u0440\u0430 \u043f\u0440\u0438\u0432\u0435\u043b\u0430 \u043a \u043d\u043e\u0432\u044b\u043c \u0430\u0442\u0430\u043a\u0430\u043c \u043d\u0430 \u0435\u0433\u043e \u043e\u0441\u043d\u043e\u0432\u0435. \n\n\ud83d\udc40 \u041d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u043e\u0442 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u043d\u0435 \u0441\u043a\u0430\u0436\u0435\u043c \u043a\u0430\u043a\u043e\u0439 \u0441\u0442\u0440\u0430\u043d\u044b, \u0438\u0441\u043f\u044b\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u0445 \u043f\u0440\u0438\u0441\u0442\u0440\u0430\u0441\u0442\u0438\u0435 \u043a \u0431\u044d\u043a\u0434\u043e\u0440\u0443 PlugX. \u041a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e \u0430\u0442\u0430\u043a\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0432 \u0413\u043e\u043d\u043a\u043e\u043d\u0433\u0435, \u0430 \u0434\u043b\u044f \u0438\u0445 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0442\u0440\u043e\u044f\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435  \u041f\u041e Cobra DocGuard \u043e\u0442 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 EsafeNet. \u0415\u0433\u043e, \u043a\u0441\u0442\u0430\u0442\u0438, \u0443\u0436\u0435 \u043d\u0435 \u0432 \u043f\u0435\u0440\u0432\u044b\u0439 \u0440\u0430\u0437 \u0432\u0437\u043b\u0430\u043c\u044b\u0432\u0430\u044e\u0442. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0432\u0438\u0448\u0435\u043d\u043a\u0438 \u043d\u0430 \u0442\u043e\u0440\u0442\u0435 \u2014 \u0432 \u0440\u044f\u0434\u0435 \u0430\u0442\u0430\u043a \u0434\u0440\u043e\u043f\u043f\u0435\u0440 PlugX/Korplug \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c Microsoft.  \u0412\u0441\u0435\u0433\u043e \u0442\u0440\u043e\u044f\u043d\u0441\u043a\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438 \u043d\u0430 2000 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432, \u043d\u043e PlugX \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u043b\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 100. \u041f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 \u0432 \u044d\u0442\u043e\u043c \u0436\u0430\u043d\u0440\u0435 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435 LuckyMouse, \u043d\u043e \u043d\u044b\u043d\u0435\u0448\u043d\u044e\u044e \u0430\u0442\u0430\u043a\u0443 \u043d\u0435\u043b\u044c\u0437\u044f \u043e\u0434\u043d\u043e\u0437\u043d\u0430\u0447\u043d\u043e \u043f\u0440\u0438\u043f\u0438\u0441\u0430\u0442\u044c \u0442\u043e\u0439 \u0436\u0435 \u0433\u0440\u0443\u043f\u043f\u0435, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0430\u0432\u0442\u043e\u0440\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430\u0437\u0432\u0430\u043b\u0438 \u0435\u0451 Carderbee.\n\n\u0420\u0430\u0437\u0431\u043e\u0440 TTP \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 Flax Tycoon.  \u041e\u043d\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0442 \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043d\u0430 \u0422\u0430\u0439\u0432\u0430\u043d\u0435, \u043d\u043e \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u0447\u0438\u0441\u043b\u043e \u0430\u0442\u0430\u043a \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u0438 \u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u0440\u0435\u0433\u0438\u043e\u043d\u0430\u0445. \u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u043e\u0431\u044b\u0447\u043d\u043e \u0432\u044b\u0431\u0438\u0440\u0430\u044e\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044f \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u0441\u043f\u0435\u043a\u0442\u0440 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 VPN, Java, SQL \u0438 \u0442.\u043f.  \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u043f\u043e\u0447\u0442\u0438 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0412\u041f\u041e \u0438 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442 LOLbins, \u0438\u043d\u043e\u0433\u0434\u0430 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u044f Metasploit, Juicy potato \u0438 \u0432\u0435\u0431-\u0448\u0435\u043b\u043b China Chopper. \u0426\u0435\u043b\u044c\u044e \u0433\u0440\u0443\u043f\u043f\u044b \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u0443\u0433\u0443\u0431\u043e \u0448\u043f\u0438\u043e\u043d\u0430\u0436.\n\n\ud83d\udc6e\u200d\u2642\ufe0f \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0430\u0442\u0430\u043a Lazarus group \u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u043e\u0432 \u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0437\u0434\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f (\u0447\u0430\u0441\u0442\u044c 1, \u0447\u0430\u0441\u0442\u044c 2). \u041d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435 \u0438\u0434\u0451\u0442 \u0447\u0435\u0440\u0435\u0437 CVE-2022-47966 \u0432 Zoho ManageEngine, \u0437\u0430\u0442\u0435\u043c \u0432 \u0441\u0435\u0442\u0438 \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043e\u0434\u043d\u0430 \u0438\u0437 \u0441\u0432\u0435\u0436\u0438\u0445 \u0440\u0430\u0437\u043d\u043e\u0432\u0438\u0434\u043d\u043e\u0441\u0442\u0435\u0439 \u0412\u041f\u041e: QuiteRAT \u0438 CollectionRAT.  QuiteRAT \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u0435\u043d \u0442\u0435\u043c, \u0447\u0442\u043e \u0441\u0442\u0430\u043b \u0432\u0447\u0435\u0442\u0432\u0435\u0440\u043e \u043c\u0435\u043d\u044c\u0448\u0435 \u0432 \u043e\u0431\u044a\u0451\u043c\u0435. \u0410\u0432\u0442\u043e\u0440\u044b \u0412\u041f\u041e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c QT Framework, \u0447\u0442\u043e \u043f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u044f\u0435\u0442 \u0430\u043d\u0430\u043b\u0438\u0437 \u0438 \u0441\u043d\u0438\u0436\u0430\u0435\u0442 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c  \u044d\u0432\u0440\u0438\u0441\u0442\u0438\u043a \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439. \u0427\u0442\u043e \u0434\u043e CollectionRAT, \u0442\u043e \u044d\u0442\u043e, \u043f\u043e\u0445\u043e\u0436\u0435, \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u0435 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 EarlyRAT, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438 \u0440\u0430\u043d\u0435\u0435.\n\n\u041a\u0441\u0442\u0430\u0442\u0438, \u043f\u0440\u043e \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0435 \u043a\u0440\u044b\u043b\u043e Lazarus, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e Andariel, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u043e\u0442\u0447\u0451\u0442 Ahnlab. \u041e\u043d \u0432\u0435\u0441\u044c \u043d\u0430 \u043a\u043e\u0440\u0435\u0439\u0441\u043a\u043e\u043c, \u043d\u043e \u0432\u043e\u0442 \u0433\u0443\u0433\u043b-\u0442\u0440\u0430\u043d\u0441\u043b\u0435\u0439\u0442.  \u0410\u0432\u0442\u043e\u0440\u044b \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0438\u0437\u043e\u0431\u0438\u043b\u0438\u0435 \u043d\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Go.\n\n\ud83d\udcbb \u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0432 \u043a\u0430\u043a\u0438\u0445 \u0436\u0435 \u0430\u0442\u0430\u043a\u0430\u0445 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430\u0441\u044c \u0432\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 WinRAR. \u042d\u0442\u043e \u0446\u0435\u043b\u0435\u0432\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0442\u0440\u0435\u0439\u0434\u0435\u0440\u043e\u0432.\n\n\u041d\u0435 APT, \u043d\u043e \u043e\u0447\u0435\u043d\u044c \u0433\u0440\u0443\u0441\u0442\u043d\u043e\n\n\u2620\ufe0f \u0414\u0430\u0442\u0441\u043a\u0438\u0439 \u0445\u043e\u0441\u0442\u0438\u043d\u0433-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 CloudNordic \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u0430\u0442\u0430\u043a\u0438 ransomware. \u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0440\u0430\u0437\u043e\u0441\u043b\u0430\u043b\u0438 \u043f\u0438\u0441\u044c\u043c\u043e, \u0447\u0442\u043e \u0432\u0441\u044f \u0438\u0445 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0443\u0442\u0435\u0440\u044f\u043d\u0430 \u0438 \u043d\u0435 \u043f\u043e\u0434\u043b\u0435\u0436\u0438\u0442 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044e. \u041f\u043b\u0430\u0442\u0438\u0442\u044c \u0432\u044b\u043a\u0443\u043f \u0434\u0430\u0442\u0447\u0430\u043d\u0435 \u043d\u0435 \u0445\u043e\u0442\u044f\u0442 (\ud83d\udc4f), \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044e\u0442 \u0431\u0438\u0437\u043d\u0435\u0441 \u0441\u043e \u0432\u0441\u0435\u043c\u0438 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u043c\u0438 \u0438\u0437\u0432\u0438\u043d\u0435\u043d\u0438\u044f\u043c\u0438. \n\n\ud83e\uddd0 \u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0447\u0430\u0441\u043e\u0432 \u0432\u044b\u043a\u043b\u044e\u0447\u0430\u043b \u0447\u0430\u0441\u0442\u044c \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043a\u0440\u0443\u043f\u043d\u044b\u0439 \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 Leaseweb. \u0414\u0435\u0442\u0430\u043b\u0435\u0439 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430 \u043f\u043e\u043a\u0430 \u043d\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043e, \u0437\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f: \u00ab\u041d\u0430\u0448\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f, \u043d\u043e \u043c\u044b \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442, \u0443\u043b\u0443\u0447\u0448\u0438\u043b\u0438 \u043c\u0435\u0440\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043d\u0435 \u043d\u0430\u0448\u043b\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438\u00bb\n\n\u27a1\ufe0f  \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430\u044f \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u043f\u043e ransomware-\u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c. \u0421\u0440\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u0435\u0431\u044b\u0432\u0430\u043d\u0438\u044f \u0432 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0441\u043e\u043a\u0440\u0430\u0442\u0438\u043b\u043e\u0441\u044c \u0434\u043e 5 \u0434\u043d\u0435\u0439, \u043b\u044e\u0431\u0438\u043c\u044b\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u043e\u0441\u0442\u0430\u0432\u0430\u0442\u044c\u0441\u044f RDP (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 95% \u0430\u0442\u0430\u043a), \u0430 \u043d\u0430\u0447\u0430\u043b\u043e \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u043e\u0431\u044b\u0447\u043d\u043e \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043d\u0430 \u0432\u0435\u0447\u0435\u0440 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u2014 \u0432\u0442\u043e\u0440\u043d\u0438\u043a, \u0441\u0440\u0435\u0434\u0430 \u0438\u043b\u0438 \u0447\u0435\u0442\u0432\u0435\u0440\u0433.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u0412\u041f\u041e SmokeLoader \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u043d\u0435\u043e\u0431\u044b\u0447\u043d\u0443\u044e \u0434\u043b\u044f Windows-\u0437\u043b\u043e\u0432\u0440\u0435\u0434\u043e\u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u044e: \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u0435 \u0433\u0435\u043e\u043b\u043e\u043a\u0430\u0446\u0438\u0438 \u0436\u0435\u0440\u0442\u0432\u044b. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d WhiffyRecon \u0438 \u0447\u0435\u0440\u0435\u0437 API Google \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442\u0441\u044f SSID \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0438\u0445 \u0442\u043e\u0447\u0435\u043a \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0430 \u0432 \u043e\u0442\u0432\u0435\u0442 \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e\u0435 \u043c\u0435\u0441\u0442\u043e\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0435. \u041f\u043e\u0445\u043e\u0436\u0435, \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043f\u043e\u043a\u0430 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0435, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043d\u0435\u043f\u043e\u043d\u044f\u0442\u043d\u043e, \u043a\u0430\u043a \u044d\u0442\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438. \n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 #APT @\u041f2\u0422", "creation_timestamp": "2023-08-28T08:52:22.000000Z"}, {"uuid": "b894fb02-f281-4550-a044-759c61e2346e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "Telegram/wKCwI9r377V04F49AyjI8uzJErr9kbPxapeRoTuiQUXy", "content": "", "creation_timestamp": "2023-02-23T23:41:09.000000Z"}, {"uuid": "9ff18f53-f855-44df-967f-94f7ab3350d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/88012", "content": "ManageEngine CVE-2022-47966 Technical Deep Dive\n\nhttps://ift.tt/dQBMc6A", "creation_timestamp": "2023-01-19T19:54:31.000000Z"}, {"uuid": "73368ab8-13e6-46e0-9b57-022e010f32f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://t.me/ctinow/88791", "content": "CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its\u00a0Known Exploited Vulnerabilities Catalog\n\nhttps://ift.tt/RKNOqgS", "creation_timestamp": "2023-01-24T12:39:35.000000Z"}, {"uuid": "809194e0-8261-47bf-bdd2-f1d01f0f881e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://t.me/ctinow/87334", "content": "Patch your Zoho ManageEngine instance immediately! PoC Exploit for CVE-2022-47966 will be released soon\n\nhttps://ift.tt/SuRB5cv", "creation_timestamp": "2023-01-17T15:37:02.000000Z"}, {"uuid": "1552ca18-87b0-48ba-a9c9-c1dab23a7b3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://t.me/ctinow/87322", "content": "PoC for critical ManageEngine bug to be released, so get patching! (CVE-2022-47966)\n\nhttps://ift.tt/2D0vf1L", "creation_timestamp": "2023-01-17T14:32:08.000000Z"}, {"uuid": "f7db40d9-7461-4e85-8f8f-f8ec1108a8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://t.me/ctinow/86860", "content": "ManageEngine CVE-2022-47966 IOCs\n\nhttps://ift.tt/rDBdRQi", "creation_timestamp": "2023-01-13T19:02:18.000000Z"}, {"uuid": "5c4d7fc2-cf7c-40e4-a4bc-a99949637d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/ctinow/95434", "content": "Hackers are actively exploiting CVE-2022-47966 flaw in Zoho ManageEngine\n\nhttps://ift.tt/7NqKh1Y", "creation_timestamp": "2023-02-24T13:02:24.000000Z"}, {"uuid": "e774fc2b-9a83-4f38-a384-7fc7601748e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://t.me/arpsyndicate/1134", "content": "#ExploitObserverAlert\n\nCVE-2022-47966\n\nDESCRIPTION: Exploit Observer has 48 entries related to CVE-2022-47966. Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).\n\nFIRST-EPSS: 0.970510000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T06:28:33.000000Z"}, {"uuid": "2c2112c2-687f-4b44-8368-454e6f586652", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "Telegram/IJhgMarSf2TVVZYea0Ymbnso6wx0M8Ud--wV6Vs4ccHCfyc", "content": "", "creation_timestamp": "2023-01-21T09:39:22.000000Z"}, {"uuid": "a948d23f-3aa9-4a04-909f-c91d82959042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "Telegram/qiGuIf9TXN1tKx9mFqE1x5x_e-jibrNtDOSkc9yXbkXyPS0", "content": "", "creation_timestamp": "2023-01-20T13:05:49.000000Z"}, {"uuid": "9b0c6fe7-0fe8-44a3-86be-2602afb821c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "Telegram/MYZ1eCoj4wi8ZmvZR5qBIKqRipHD_J4AKLHI0JgZX0udQU8", "content": "", "creation_timestamp": "2023-01-19T20:06:59.000000Z"}, {"uuid": "59752169-337e-46c4-9f6e-767605c5c7ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://t.me/arpsyndicate/165", "content": "#ExploitObserverAlert\n\nCVE-2022-47966\n\nDESCRIPTION: Exploit Observer has 45 entries related to CVE-2022-47966. Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).\n\nFIRST-EPSS: 0.970510000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-13T19:47:30.000000Z"}, {"uuid": "51504994-6dc8-4ad5-a62b-d337ff3a0ac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/tafvippublic/208", "content": "", "creation_timestamp": "2023-02-14T00:52:21.000000Z"}, {"uuid": "1ad9aa13-b69d-4070-9af9-1036bc791d3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "Telegram/y_9xEgailhm5zi7OLA---raF9DVO7r_cuzmH1Wux9JCm5g", "content": "", "creation_timestamp": "2023-09-08T09:05:21.000000Z"}, {"uuid": "08be584c-339f-4ad7-842b-3ec009983250", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "Telegram/1-joOHWBN9817Tfs0t_zVrMJvd2WoVN3-lEK8K4ZzBEEZUI", "content": "", "creation_timestamp": "2023-09-09T20:49:05.000000Z"}, {"uuid": "0ebd0524-0439-4c3f-9486-896b2e09d265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/KomunitiSiber/760", "content": "CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities\nhttps://thehackernews.com/2023/09/cisa-warning-nation-state-hackers.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems.\n\u201cNation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized", "creation_timestamp": "2023-09-08T08:15:12.000000Z"}, {"uuid": "94f702f1-789c-4589-8528-7bb91eeda612", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/breachdetector/185766", "content": "{\n  \"Source\": \"documentors\",\n  \"Content\": \"CVE-2022-47966.py 3.1 kB \ud83d\udca5PoC for CVE-2022-47966 Usage: \u2699\ufe0fFor AD related products, such as ADManager, an issuer argument is required: python3 ./CVE-2022-47966.py --url https://10.0.40.90:8443/samlLogin/ --issuer https://sts.windows.net// --command notepad.exe \u2699\ufe0fFor other products, a URL is all that is required: python3 ./CVE-2022-47966.py --url https://10.0.40.64:8080/SamlResponseServlet --command notepad.exe\", \n  \"author\": \"\u2693\ufe0f\ud835\udd07\ud835\udd2c\ud835\udd20\ud835\udd32\ud835\udd2a\ud835\udd22\ud835\udd2b\ud835\udd31\ud835\udd2c\ud835\udd2f\",\n  \"Detection Date\": \"21 Jan 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-01-21T07:04:38.000000Z"}, {"uuid": "ad4446f5-4d9d-447c-9000-1bc1a240035d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/BABATATASASA/5858", "content": "Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA\nhttps://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a", "creation_timestamp": "2023-10-26T22:27:51.000000Z"}, {"uuid": "10b48cbe-70ec-41bd-b663-2c86f7553fdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1310", "content": "\u0412 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0435\u043d\u0438\u0438 \u0442\u0435\u043c\u044b\n\u041f\u043e\u044f\u0432\u0438\u043b\u0441\u044f  nuclei-template \u0434\u043b\u044f \u0434\u044b\u0440\u044b CVE-2022-47966.yaml\n\u041d\u0443 \u0438 \u0441\u0430\u043c nuclei \u0437\u0430\u0431\u0440\u0430\u0442\u044c \u0442\u0443\u0442\n****\nBonus \u0434\u043b\u044f blueTeam - \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u044b\u0440\u044b \u0434\u043b\u044f Sigma - \u0437\u0430\u0431\u0440\u0430\u0442\u044c", "creation_timestamp": "2023-01-20T06:30:20.000000Z"}, {"uuid": "16e16644-af8e-4801-8286-c4fff943e061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1306", "content": "CVE-2022-47966\n*\n\u0421\u043f\u0438\u0441\u043e\u043a \u041f\u041e \u043e\u0442 ManageEngine \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0435 \u043f\u043e\u0440\u0430\u0436\u0430\u0435\u0442 !\n* \n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442  \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441 POST, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043e\u0442\u0432\u0435\u0442 SAML. \u0410 \u0432\u0441\u0451 \u0438\u0437 \u0437\u0430 \u043d\u0435 \u043f\u0430\u0442\u0447\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Apache Santuario \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 XML.\n*\nread\n*\nPOC/exploit\n*\nUsage:\npython3 CVE-2022-47966.py --url https://10.0.40.64:8080/SamlResponseServlet --command notepad.exe", "creation_timestamp": "2023-01-19T16:53:32.000000Z"}, {"uuid": "08909f49-d3e8-4fb0-859c-b8e4fbdcb466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "Telegram/811bQ5f-LZUIU4NQkAxHKn_N4C36losB_HotSPBbRCeM3YY", "content": "", "creation_timestamp": "2023-02-10T05:03:05.000000Z"}, {"uuid": "8652d822-a7e3-4c96-9efa-3fcebedcbbea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2332", "content": "\ud83d\udca5PoC for CVE-2022-47966\n\nUsage:\n\u2699\ufe0fFor AD related products, such as ADManager, an issuer argument is required:\npython3 ./CVE-2022-47966.py --url https://10.0.40.90:8443/samlLogin/ --issuer https://sts.windows.net// --command notepad.exe\n\u2699\ufe0fFor other products, a URL is all that is required:\npython3 ./CVE-2022-47966.py --url https://10.0.40.64:8080/SamlResponseServlet --command notepad.exe", "creation_timestamp": "2023-01-20T12:12:27.000000Z"}, {"uuid": "5ab81af1-1b9e-4ace-9737-c1a38164b968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "Telegram/4nCYcq8D4fy0jiPbCa-Dgl9oSJDhvudoNjJl0erR4V4yeXs", "content": "", "creation_timestamp": "2023-02-07T18:55:17.000000Z"}, {"uuid": "f8415531-c8c1-4072-bffc-de7ab778d0f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "Telegram/51mYVYxBl_FjHPlxVOIiImRHB8x1fpYicMyLs7rosWTiCRw", "content": "", "creation_timestamp": "2023-02-08T13:51:05.000000Z"}, {"uuid": "6b2ad140-eb55-4585-8a23-b1d3b568543e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/Securi3yTalent/62", "content": "RCE in ManageEngine\nRemote Code Execution Vulnerability in ManageEngine products (CVE-2022-47966) due to the use of an outdated version of Apache Santuario.\nDork for Shodan:\ntitle:\"ManageEngine\"\nFollow up: https://twitter.com/devmehedi101\n                  https://www.youtube.com/@SecurityTalent\n\nLink to template for Nuclei\nhttps://github.com/proje.../nuclei-templates/pull/6564/files\n#bugbountytip #bugbountytips #bugbountylife #BugBountyHunter #bugbountyhunting #bugbountyprogram #hackers #hacking #devmehedi101 #SecurityTalent #Securi3yTalent", "creation_timestamp": "2023-01-29T18:32:53.000000Z"}, {"uuid": "6e5a9050-d442-407f-b17d-424c98b698bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/688", "content": "ManageEngine CVE-2022-47966 Technical Deep Dive\n1. https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/\n2. https://blog.tint0.com/2021/09/pinging-xmlsec.html?m=1\nSub : https://semgrep.dev/blog/2022/xml-security-in-java", "creation_timestamp": "2023-02-08T06:30:38.000000Z"}, {"uuid": "967607ae-14e9-4ed7-96f6-9cf1530c86cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/666", "content": "CVE-2022-47966 : Zoho ManageEngine - Remote Code Execution\nPOC : https://github.com/horizon3ai/CVE-2022-47966", "creation_timestamp": "2023-01-21T06:30:48.000000Z"}, {"uuid": "53d1db13-d2b4-47ee-898a-453796108886", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/true_secator/4773", "content": "\u0412 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0435\u043d\u0438\u0435 \u0442\u0435\u043c\u044b APT Lazarus - Cisco Talos \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0442\u0447\u0435\u0442 \u0432 \u0434\u0432\u0443\u0445 \u0447\u0430\u0441\u0442\u044f\u0445 (1, 2) \u043e \u043a\u0438\u0431\u0435\u0440\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u043e\u0439 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b 2023 \u0433\u043e\u0434\u0430, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u043c\u0430\u0433\u0438\u0441\u0442\u0440\u0430\u043b\u044c\u043d\u044b\u0445 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u043e\u0432 \u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0437\u0434\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432 \u0415\u0432\u0440\u043e\u043f\u0435 \u0438 \u0421\u0428\u0410. \n\n\u0410\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-47966 \u0432 Zoho ManageEngine \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0432\u0441\u0435\u0433\u043e \u0447\u0435\u0440\u0435\u0437 5 \u0434\u043d\u0435\u0439 \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u043f\u0430\u0431\u043b\u0438\u043a\u0435 \u0435\u0435 PoC. \u041f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0436\u0435\u0440\u0442\u0432\u0435 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b\u0441\u044f QuiteRAT - \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0435 \u0443\u043f\u0440\u043e\u0449\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e Lazarus \u0440\u0430\u043d\u0435\u0435 MagicRAT, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u043c\u0435\u0435\u0442 \u0440\u0430\u0437\u043c\u0435\u0440 \u0432 5 \u0440\u0430\u0437 \u043c\u0435\u043d\u044c\u0448\u0435 \u043f\u0440\u0435\u0434\u0448\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u0438\u043a\u0430. \n\n\u0412 \u0445\u043e\u0434\u0435 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0433\u043e \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432 \u0434\u0430\u043d\u043d\u043e\u0439 \u043a\u0438\u0431\u0435\u0440\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0439 \u0442\u0440\u043e\u044f\u043d \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u0433\u0440\u0443\u043f\u043f\u043e\u0439 Andariel, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0439 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 CollectionRAT. \n\n\u0422\u0430\u043a\u0436\u0435 Talos \u0437\u0430\u044f\u0432\u0438\u043b\u0438, \u0447\u0442\u043e \"Lazarus \u0432\u0441\u0435 \u0431\u043e\u043b\u044c\u0448\u0435 \u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u043d\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u043a\u043e\u0434\u043e\u043c\" \u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0438\u043c\u0435\u0440\u0430 \u043f\u0440\u0438\u0432\u0435\u043b\u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 DeimosC2 \u043d\u0430 \u0431\u0430\u0437\u0435 GoLang, \u0430\u043d\u0430\u043b\u043e\u0433 CobaltStrike \u0438 Sliver, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PuTTy Link. \n\n\u0422\u0430\u0449\u0435\u043c\u0442\u0430 Lazarus \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u043e\u0441\u0442\u0430\u0432\u0430\u0442\u044c\u0441\u044f, \u043f\u043e\u0436\u0430\u043b\u0443\u0439, \u0441\u0430\u043c\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 APT \u0432 \u043c\u0438\u0440\u0435, \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u044f\u0441\u044c \u0438 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0441\u0442\u0432\u0443\u044f \u0441\u0432\u043e\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b, \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443.", "creation_timestamp": "2023-08-25T18:13:50.000000Z"}, {"uuid": "04d1f683-ab49-45cb-a0d7-4d0c24614a8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/true_secator/3973", "content": "Rapid7 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 CVE-2022-47966 \u0432 Zoho ManageEngine \u0435\u0449\u0435 \u0434\u043e \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Horizon3.ai \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0441\u0432\u043e\u0439 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u043d\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430, \u043a\u043e\u0433\u0434\u0430 Zoho \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439\u00a0\u0434\u043b\u044f \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 20 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0440\u0430\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435 Horizon3.ai \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u0442\u044b\u0441\u044f\u0447\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 ManageEngine \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0442\u0438\u043f\u0430 \u00abspray and pray\u00bb, \u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043d\u0435\u043e\u0434\u043d\u043e\u043a\u0440\u0430\u0442\u043d\u044b\u0445 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0439 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 PoC.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442 Rapid7, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 ADSelfService Plus \u0438 ServiceDesk Plus, \u043e\u0447\u0435\u043d\u044c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b \u0432 \u0431\u0438\u0437\u043d\u0435\u0441-\u0441\u0440\u0435\u0434\u0435.\n\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u044d\u0442\u0438\u043c \u043e\u043d\u0438 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b \u0438 \u0441\u0440\u0435\u0434\u0438 \u0445\u0430\u043a\u0435\u0440\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435, \u043a\u0430\u043a \u044d\u0442\u043e \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u0432 \u0445\u043e\u0434\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0434\u043d\u043e \u0438\u0437 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 CVE-2022-47966 \u0435\u0449\u0435 \u0434\u043e \u0432\u044b\u0445\u043e\u0434\u0430 PoC.\n\n\u041a \u0432\u044b\u0432\u043e\u0434\u0430\u043c \u043a\u043e\u043b\u043b\u0435\u0433 \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u044f\u044e\u0442\u0441\u044f \u0438 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b GreyNoise, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0430\u043a\u0436\u0435 \u043d\u0430\u0447\u0430\u043b\u0438 \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u00a0\u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2022-47966.\n\n\u041e\u0431\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u043c \u043b\u044e\u0431\u043e\u0439 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 ManageEngine \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.", "creation_timestamp": "2023-01-23T15:02:05.000000Z"}, {"uuid": "9fdd98ec-7103-4226-bfe4-d5b0035940e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2345", "content": "#Blue_Team_Techniques\n1. YARA/Sigma rule to detect the exploitation of ManageEngine ServiceDesk CVE-2022-47966\nhttps://github.com/Neo23x0/signature-base/blob/master/yara/expl_manageengine_jan23.yar\nhttps://github.com/SigmaHQ/sigma/pull/3935/files\n2. Investigate malicious Windows logon by visualizing and analyzing Windows event log\nhttps://github.com/JPCERTCC/LogonTracer", "creation_timestamp": "2023-01-20T20:25:07.000000Z"}, {"uuid": "b1700cfb-bdbf-4af7-bfc7-9b6718f7f3f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2342", "content": "#exploit\n1. CVE-2022-47966:\nRCE vulnerability in multiple ManageEngine (Apache Santuario (xmlsec) <=1.4.1) products\nhttps://github.com/horizon3ai/CVE-2022-47966\n]-> https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive\n\n2. CVE-2022-39955:\nCharset confusion + WAF bypasses via 0days\nhttps://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec\n\n3. Microsoft Teams RCE\nhttps://blog.pksecurity.io/2023/01/16/2022-microsoft-teams-rce.html", "creation_timestamp": "2023-01-20T20:25:07.000000Z"}, {"uuid": "2fcee2b0-f066-4700-a048-0f42d5c9dfcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/3966", "content": "\u041a\u0430\u043a \u043c\u044b \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u043b\u0438, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Horizon3 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u00a0\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437\u00a0\u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-47966 \u0432  \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Zoho ManageEngine.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c RCE, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0437\u0430\u043f\u0440\u043e\u0441 HTTP POST, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043e\u0442\u0432\u0435\u0442 SAML.\n\nPOC \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u0435\u0442 \u0435\u0439 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043c\u0435\u0442\u043e\u0434\u0430 Java Runtime.exec.\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0431\u044b\u043b \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d \u043d\u0430 ServiceDesk Plus \u0438 Endpoint Central, \u0438 \u043a\u0430\u043a \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442 \u0432 Horizon3, POC \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0431\u0435\u0437 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 ManageEngine, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0447\u0430\u0441\u0442\u044c \u0441\u0432\u043e\u0435\u0439 \u043a\u043e\u0434\u043e\u0432\u043e\u0439 \u0431\u0430\u0437\u044b \u0441 ServiceDesk Plus \u0438\u043b\u0438 EndpointCentral.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u043f\u043e\u0441\u0442\u0443\u043f\u0430\u043b\u043e \u0438\u00a0\u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u00a0\u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043d\u0435 \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u043e\u0441\u044c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0431\u044b\u0441\u0442\u0440\u043e \u043f\u0435\u0440\u0435\u0439\u0434\u0443\u0442 \u043a \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 RCE-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 PoC-\u043a\u043e\u0434\u0430 Horizon3.\n\n\u0412\u0435\u0434\u044c \u043a\u0430\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0433\u043e\u0434\u044b \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e \u043c\u043e\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438 \u0410\u0420\u0422 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u044b Zoho ManageEngine \u0432 \u0445\u043e\u0434\u0435 \u0441\u0432\u043e\u0438\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439.", "creation_timestamp": "2023-01-20T11:40:07.000000Z"}, {"uuid": "946a96bf-c6b6-44c7-a9be-67add07e2090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/3953", "content": "\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b Horizon3 Attack Team \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u043a \u043a\u043e\u043d\u0446\u0443 \u043d\u0435\u0434\u0435\u043b\u0438 \u0441\u0442\u0430\u043d\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Zoho ManageEngine.\n\nCVE-2022-47966 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0435\u0439 \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0435\u0439 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 Apache Santuario. \u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c\u0438 \u043f\u0430\u0442\u0447\u0430\u043c\u0438, \u0432\u044b\u0448\u0435\u0434\u0448\u0438\u043c\u0438 \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 27 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043e\u0442 NT AUTHORITY\\SYSTEM \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 ManageEngine, \u0435\u0441\u043b\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0435\u0434\u0438\u043d\u043e\u0433\u043e \u0432\u0445\u043e\u0434\u0430 (SSO) \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 SAML \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0438\u043b\u0438 \u0431\u044b\u043b\u0430 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0445\u043e\u0442\u044f \u0431\u044b \u043e\u0434\u0438\u043d \u0440\u0430\u0437 \u043f\u0435\u0440\u0435\u0434 \u0430\u0442\u0430\u043a\u043e\u0439.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u0441\u043b\u043e\u0436\u043d\u0430 \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0442\u0438\u043f\u0430 \u00abspray and pray\u00bb.\n\n\u041a \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0442\u0430\u043a \u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0432 \u043b\u0438\u0448\u044c \u043e\u0431\u0449\u0438\u0435 \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 (IOC). \u041e\u0434\u043d\u0430\u043a\u043e \u0443\u0436\u0435 \u043a \u043a\u043e\u043d\u0446\u0443 \u043d\u0435\u0434\u0435\u043b\u0438 Horizon3\u00a0\u043f\u043b\u0430\u043d\u0438\u0440\u0443\u044e\u0442 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c\u00a0\u0441\u0432\u043e\u0439 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043f\u043e \u043c\u043d\u0435\u043d\u0438\u044e GreyNoise, \u0445\u0430\u043a\u0435\u0440\u044b, \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0434\u043e\u043b\u0435\u0439 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u0438, \u0431\u044b\u0441\u0442\u0440\u043e \u043f\u0435\u0440\u0435\u0439\u0434\u0443\u0442 \u043a \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432, \u043a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e Horizon3 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u0443\u0435\u0442 PoC.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c Shodan, \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c 10% \u0432\u0441\u0435\u0445 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 ManageEngine \u0434\u043b\u044f \u0430\u0442\u0430\u043a CVE-2022-47966, \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0443\u0434\u0435\u043b\u0438\u0442\u044c \u043f\u0440\u0438\u0441\u0442\u0430\u043b\u044c\u043d\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0432\u043e\u043f\u0440\u043e\u0441\u0430\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439. \u0412\u0435\u0434\u044c \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0433\u043e\u0434\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u044b Zoho ManageEngine \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u043b\u0438\u0441\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u043c \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u043c \u043d\u0430\u043f\u0430\u0434\u043a\u0430\u043c (1, 2).", "creation_timestamp": "2023-01-18T11:21:02.000000Z"}, {"uuid": "c0f772df-1357-4acc-a869-ebf2f4339c65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/jokerplstaeen/13517", "content": "\u200f\ud83d\udce3 \u0642\u0645 \u0628\u0627\u0643\u062a\u0634\u0627\u0641 \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0641\u062d\u0635 \u0648 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0644\u062b\u063a\u0631\u0629 CVE-2022-47966 \u200e#ManageEngine  \u062d\u064a\u062b \u064a\u062d\u0627\u0648\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0634\u0643\u0644 \u0646\u0634\u0637 \u0627\u0644\u0628\u062d\u062b \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0628\u0639\u062f \u0635\u062f\u0648\u0631 POC\u060c \u0644\u0644\u0645\u0632\u064a\u062f \u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0648\u0644 \u0637\u0631\u0642 \u0627\u0644\u0627\u0643\u062a\u0634\u0627\u0641\u060c \u0646\u062a\u0634\u0631\u0641 \u0628\u0632\u064a\u0627\u0631\u062a\u0643\u0645 \u0644\u0645\u0646\u0635\u0629 \u200e#CyberCave \u200e#\u0627\u0644\u0627\u0645\u0646_\u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a", "creation_timestamp": "2023-02-21T09:07:34.000000Z"}, {"uuid": "697cf02e-0ce0-4eb9-83b2-da45de2fa994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/theninjaway1337/1178", "content": "CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability\n\nRapid7 is responding to various compromises arising from the exploitation of\u00a0CVE-2022-47966, a pre-authentication remote code execution (RCE) vulnerability impacting at least 24 on-premise ManageEngine products. CVE-2022-47966 stems from a vulnerable third-party dependency on Apache Santuario.\nSeveral of the affected products are extremely popular with organizations and attackers, including ADSelfService Plus and ServiceDesk Plus. Patches were released in October and November of 2022; the exact timing of fixed version releases varies by product.\nOrganizations using any of the affected products listed in ManageEngine\u2019s advisory should update immediately and review unpatched systems for signs of compromise, as exploit code is publicly available and exploitation has already begun.\n\nhttps://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/", "creation_timestamp": "2023-01-20T13:53:23.000000Z"}, {"uuid": "482643b8-8956-4682-b327-0c45f38cb0ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2331", "content": "POC Exploit for CVE-2022-47966 affecting multiple ManageEngine products\nhttps://ift.tt/4cZl7zt\n\nSubmitted January 19, 2023 at 06:52PM by scopedsecurity\nvia reddit https://ift.tt/we3bRx4", "creation_timestamp": "2023-01-20T12:12:27.000000Z"}, {"uuid": "cc9f4556-c4a7-47cd-ade3-10a7be62bbc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/jokerplstaeen/12085", "content": "\u200f\ud83d\udce3\u200e#\u062a\u062d\u0630\u064a\u0631 \u0645\u0639 \u0646\u0647\u0627\u064a\u0647 \u0647\u0630\u0627 \u0627\u0644\u0623\u0633\u0628\u0648\u0639 \u0633\u064a\u0642\u0648\u0645 \u0627\u0644\u0628\u0627\u062d\u062b\u064a\u0646 \u0628\u0646\u0634\u0631 POC \u0627\u0644\u062e\u0627\u0635 \u0628\u062b\u063a\u0631\u0629 CVE-2022-47966 \u0648\u0647\u064a \u062e\u0627\u0635\u0629 \u0628 ManageEngine.\n\u200e#\u0644\u0630\u0644\u0643 \u0642\u0645 \u200e#\u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0639\u0644\u0649 \u0627\u0644\u0641\u0648\u0631 \u2728\u2728\n\u200e#\u0627\u0644\u0627\u0645\u0646_\u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \n\nmanageengine.com/security/advis\u2026\u200e\n\u0648\u0633\u0628\u0642 \u0630\u0643\u0631\u0646\u0627 \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644 \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u062a\u063a\u0631\u064a\u062f\u0629 :\n\n\u200f\u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0648\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0645 \u0644\u0627\u0646\u0638\u0645\u0629 ManageEngine \u0627\u0644\u0645\u062a\u0635\u0644\u0629 \u0628\u0627\u0644\u0627\u0646\u062a\u0631\u0646\u062a \u0648\u0627\u0644\u0645\u0635\u0627\u0628\u0629 \u0628\u062b\u063a\u0631\u0629 CVE-2022-47966.\n\u0645\u0624\u0634\u0631\u0627\u062a \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0648\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644 \u0627\u0644\u0641\u0646\u064a\u0629: horizon3.ai/manageengine-c\u2026\u200e\n\u200e#\u0627\u0644\u0627\u0645\u0646_\u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \u200e#cybersecurity", "creation_timestamp": "2023-01-17T18:04:17.000000Z"}, {"uuid": "b0a33020-bda0-4531-9d3c-6c8ad469719e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://t.me/cibsecurity/56684", "content": "\u203c CVE-2022-47966 \u203c\n\nMultiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T20:21:12.000000Z"}, {"uuid": "fdb2b598-11c1-4d0c-9050-fb17998e3dc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/HackerOne/3441", "content": "\ud83d\udca5PoC for CVE-2022-47966\n\nhttps://github.com/horizon3ai/CVE-2022-47966", "creation_timestamp": "2023-01-19T15:19:28.000000Z"}, {"uuid": "0f812b91-9c3a-40a4-ae97-c1cca907ecc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://t.me/hackprotectsi/470", "content": "https://businessinsights.bitdefender.com/tech-advisory-manageengine-cve-2022-47966", "creation_timestamp": "2023-03-03T21:20:30.000000Z"}, {"uuid": "72c04471-db02-4d30-8435-b503cd765ba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/13498", "content": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Zoho ManageEngine\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Zoho ManageEngine. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (CVE-2022-47966), \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0435\u0439 \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Apache Santuario.\n\nhttps://xakep.ru/2023/01/20/zoho-manageengine-rce/", "creation_timestamp": "2023-01-20T11:44:03.000000Z"}, {"uuid": "1f13129b-9d98-49fc-b0ee-c456a7f87b7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/2959", "content": "\ud83d\udd25 Don't wait until it's too late!\n\nZoho ManageEngine users, patch your instances now to avoid falling victim to critical CVE-2022-47966 vulnerability.\n\nDetails: https://thehackernews.com/2023/01/zoho-manageengine-poc-exploit-to-be.html\n\nResearchers are about to release  PoC exploit code.", "creation_timestamp": "2023-01-17T11:48:32.000000Z"}, {"uuid": "99d692e8-7ae6-4aea-8ef9-552cb724e7b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7053", "content": "A Different Payload for CVE-2022-47966\n\nhttps://vulncheck.com/blog/cve-2022-47966-payload", "creation_timestamp": "2023-02-15T07:40:18.000000Z"}, {"uuid": "c77729c1-0901-4da9-982a-3e9598ca71e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "seen", "source": "https://t.me/S_E_Reborn/5335", "content": "\u0412\u0441\u0435\u043c \u043f\u0440\u0438\u0432\u0435\u0442! \n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 Windows, \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043c\u043e\u0433\u0443\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u044b \u043e\u0442 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432: \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441\u043b\u0435\u0436\u0435\u043d\u0438\u044f, \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0438\u0433\u0440\u0443\u0448\u043a\u0438. \u0412 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0441\u0432\u043e\u0435\u043c \u043e\u043d\u0438 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c, \u0440\u0430\u0431\u043e\u0442\u0430\u044f \u043e\u0442 \u043b\u0438\u0446\u0430 NT AUTHORITY\\SYSTEM. \n\n\u041f\u0440\u0438\u0447\u0435\u043c, \u043a\u0430\u043a \u044f \u043f\u043e\u043d\u0438\u043c\u0430\u044e, \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0435 \u0441\u043b\u0443\u0436\u0431\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0434\u043e\u043b\u0436\u043d\u044b \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u0444\u0438\u0440\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u041f\u041e, \u0447\u0442\u043e \u0443\u0441\u043b\u043e\u0436\u043d\u044f\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0434\u0430\u0435\u0442 \u043d\u0430\u043c \u0435\u0449\u0435 \u043e\u0434\u0438\u043d \u0432\u0435\u043a\u0442\u043e\u0440 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439. \n\n\u0415\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043c\u043d\u043e\u0433\u043e \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432 \u0441\u0431\u043e\u0440\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u041f\u041e \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0435:\n# \u0418\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u0435 \u0438\u0437 \u0440\u0435\u0435\u0441\u0442\u0440\u0430\nGet-ChildItem \"HKLM:\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\" | Get-ItemProperty | Where-Object {$_.DisplayName -ne $null} | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate\n\n# wmi\nwmic product get name,version,vendor  \n\n# Seatbelt\n.\\SeatBelt.exe InstalledProducts\n\n\u0425\u043e\u0447\u0443 \u043f\u043e\u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u0441 \u0432\u0430\u043c\u0438 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0438\u043c \u0441\u043f\u0438\u0441\u043e\u0447\u043a\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u043b\u0443\u0436\u0431, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043c\u043e\u0447\u044c \u0432\u0437\u044f\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043d\u0430 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u0430\u0447\u043a\u0435. \u041e\u0434\u043d\u043e\u0437\u043d\u0430\u0447\u043d\u043e \u043d\u0443\u0436\u043d\u043e \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u043e\u0442 \u0441\u043f\u0438\u0441\u043e\u043a \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439 Exploit-Street, \u043d\u043e \u044f \u0447\u0442\u043e-\u0442\u043e \u043d\u0435 \u043c\u043e\u0433\u0443 \u043f\u0440\u0438\u0434\u0443\u043c\u0430\u0442\u044c \u043a\u0430\u043a. \u041c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0443 \u0432\u0430\u0441 \u0435\u0441\u0442\u044c \u0438\u0434\u0435\u0438?\n\nManageEngine ServiceDesk\n- https://github.com/horizon3ai/CVE-2021-44077\n\nManageEngine ADSelfService\n- https://github.com/synacktiv/CVE-2021-40539\n- CVE-2022-47966\n- CVE-XXXX-XXXX (\u0441 \u0432\u0435\u0440\u0441\u0438\u0438 ADSelfService Plus 4.2.9, 2012 \u0438 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.3 Build 6301)\n\nUserManager\n- CVE-2023-36047\n\nITunes\n- CVE-2024-44193\n\nRazer ( \u0434\u043e 3.7.1209.121307)\n- RazerEoP\n\nDatacard XPS Card Printer Driver \n- CVE-2024-34329\n\nAppGate\n- CVE-2019-19793\n\nSeagate\n- CVE-2022-40286\n\nAWS VPN Client\n- CVE-2022-25165\n\nAIDA (\u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0432\u0435\u0440\u0441\u0438\u0438 \u043d\u0438\u0436\u0435 7.00.6742)\n- AIDA64DRIVER-EOP\n\nVboxSDS\n- CVE-2024-21111\n\nTeamViewer\n- CVE-2024-7479 CVE-2024-7481\n\nGamingService \u043e\u0442 XBOX\n- GamingServiceEoP\n- GamingServiceEoP5\n\nChrome Updater\n- CVE-2023-7261\n\nPlantronics Desktop Hub\n- CVE-2024-27460", "creation_timestamp": "2024-12-26T13:38:29.000000Z"}, {"uuid": "74b580bd-590d-455e-af03-4302af362c8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/club31337/1444", "content": "https://github.com/vonahisec/CVE-2022-47966-Scan", "creation_timestamp": "2024-11-11T00:20:24.000000Z"}, {"uuid": "16718040-8e93-4af8-a1b6-aa5229d2e26f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7644", "content": "#hardening\n1. Kernel sanitizers on Microsoft platforms\nhttps://www.microsoft.com/en-us/security/blog/2023/01/26/introducing-kernel-sanitizers-on-microsoft-platforms\n2. CVE-2022-47966 Scanner\nhttps://github.com/vonahisec/CVE-2022-47966-Scan", "creation_timestamp": "2023-01-29T20:41:27.000000Z"}, {"uuid": "f3f81fa3-cb2b-4345-beb5-db269a78f41c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7582", "content": "#exploit\n1. CVE-2022-47966:\nRCE vulnerability in multiple ManageEngine (Apache Santuario (xmlsec) <=1.4.1) products\nhttps://github.com/horizon3ai/CVE-2022-47966\n]-> https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive\n\n2. CVE-2022-39955:\nCharset confusion + WAF bypasses via 0days\nhttps://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec\n\n3. Microsoft Teams RCE\nhttps://blog.pksecurity.io/2023/01/16/2022-microsoft-teams-rce.html", "creation_timestamp": "2023-01-20T11:00:21.000000Z"}, {"uuid": "39dc250d-a7d8-4326-8211-190a3be063dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7585", "content": "#Blue_Team_Techniques\n1. YARA/Sigma rule to detect the exploitation of ManageEngine ServiceDesk CVE-2022-47966\nhttps://github.com/Neo23x0/signature-base/blob/master/yara/expl_manageengine_jan23.yar\nhttps://github.com/SigmaHQ/sigma/pull/3935/files\n2. Investigate malicious Windows logon by visualizing and analyzing Windows event log\nhttps://github.com/JPCERTCC/LogonTracer", "creation_timestamp": "2023-01-20T11:00:21.000000Z"}]}