{"vulnerability": "CVE-2023-47246", "sightings": [{"uuid": "bc17d4b5-7e2e-47ed-bbfc-ec0f23620573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-11-13T18:10:02.000000Z"}, {"uuid": "2ef47f0b-3694-4e77-b04b-507674ff3ad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971919", "content": "", "creation_timestamp": "2024-12-24T20:35:38.697145Z"}, {"uuid": "a115deb6-9a2e-400d-9ad4-7f5e0304d708", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-27)", "content": "", "creation_timestamp": "2025-03-27T00:00:00.000000Z"}, {"uuid": "cde90ec1-e812-4247-b694-cbf4f0743f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-25)", "content": "", "creation_timestamp": "2024-12-25T00:00:00.000000Z"}, {"uuid": "c90e94e6-9630-40cb-8217-121ad4dbea65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-31)", "content": "", "creation_timestamp": "2025-01-31T00:00:00.000000Z"}, {"uuid": "58d8f74b-9421-4655-a716-e4bc0bf05a33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:49.000000Z"}, {"uuid": "0e51dda6-825d-4741-b2e0-31efccf15e58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-30)", "content": "", "creation_timestamp": "2025-06-30T00:00:00.000000Z"}, {"uuid": "26381f97-88ee-45f0-a248-d9fb184a3c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-11)", "content": "", "creation_timestamp": "2025-04-11T00:00:00.000000Z"}, {"uuid": "00654a77-b05a-4a40-a72d-2a0e794e48fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-01)", "content": "", "creation_timestamp": "2025-07-01T00:00:00.000000Z"}, {"uuid": "a04a2668-9a59-4bf5-b211-84bce39928fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-07)", "content": "", "creation_timestamp": "2025-04-07T00:00:00.000000Z"}, {"uuid": "60d33796-b9bf-4c09-9de2-dca30a0abdad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-29)", "content": "", "creation_timestamp": "2025-07-29T00:00:00.000000Z"}, {"uuid": "c687039b-2f1f-4d47-b5c2-22a394d0adce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-17)", "content": "", "creation_timestamp": "2025-12-17T00:00:00.000000Z"}, {"uuid": "67e03893-7cb5-473a-97f6-8bf63ddbed50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-10)", "content": "", "creation_timestamp": "2025-11-10T00:00:00.000000Z"}, {"uuid": "7eeda674-3b50-46a9-9ff8-f385c0e9fc9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:00.000000Z"}, {"uuid": "cb710816-9faa-4972-a8f8-5a4f5d2e01d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-09)", "content": "", "creation_timestamp": "2025-11-09T00:00:00.000000Z"}, {"uuid": "77fa4435-b57d-416d-8f83-0c195bd078ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-11)", "content": "", "creation_timestamp": "2026-01-11T00:00:00.000000Z"}, {"uuid": "d2455c9a-8288-48d9-aae5-5a4eb4e3b70e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-14)", "content": "", "creation_timestamp": "2026-01-14T00:00:00.000000Z"}, {"uuid": "e00e765b-a60c-41bd-aea6-aa3b10d9fa05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-12)", "content": "", "creation_timestamp": "2026-03-12T00:00:00.000000Z"}, {"uuid": "c30d315a-de7e-4038-84a5-d7bdcd7feccc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-15)", "content": "", "creation_timestamp": "2026-01-15T00:00:00.000000Z"}, {"uuid": "3c5db2ad-a533-47f7-8318-f4de6ef7f847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-17)", "content": "", "creation_timestamp": "2026-01-17T00:00:00.000000Z"}, {"uuid": "a2906182-e8cd-434b-ad6d-1bf3e86bc024", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-20)", "content": "", "creation_timestamp": "2026-01-20T00:00:00.000000Z"}, {"uuid": "b22d8929-7dd1-4497-80df-5e93b6c9fba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-18)", "content": "", "creation_timestamp": "2026-01-18T00:00:00.000000Z"}, {"uuid": "1b478c77-eac6-4161-a75f-432cbd0b69f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/226", "content": "\u2604\ufe0fCVE-2023-47246: PoC\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f SysAid \n\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \n\u043a\u043e\u0434\u0430\ud83d\ude04\n\n\ud83d\udce3\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442:\nhttps://github.com/W01fh4cker/CVE-2023-47246-EXP/tree/main\n\n#cve #poc #exploit", "creation_timestamp": "2023-11-18T15:05:23.000000Z"}, {"uuid": "94e14360-24b9-47a5-a599-f75b8df72881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d39c441e-d3f7-4afe-9612-a2ec5cef042c", "content": "", "creation_timestamp": "2026-02-02T12:26:46.775422Z"}, {"uuid": "5f3d6894-9a2e-4ca4-8eff-39d6e26f4a20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/cKure/11988", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 Exploit for cve-2023-47246 SysAid RCE (shell upload).\n\nhttps://github.com/W01fh4cker/CVE-2023-47246-EXP", "creation_timestamp": "2023-11-18T01:47:01.000000Z"}, {"uuid": "fc21478a-0830-4c72-a30c-ead3fd248985", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/itsec_news/3644", "content": "\u200b\u26a1\ufe0f0day \u0432 SysAid: \u0443\u0442\u0435\u0447\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0435 \u043f\u043e\u0442\u0435\u0440\u0438\n\n\ud83d\udcac \u041a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 SysAid, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u043e\u043d\u0438\u043a\u0430\u0442\u044c \u043d\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043f\u043e\u0445\u0438\u0449\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c Clop. SysAid \u2014 \u044d\u0442\u043e \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f IT-\u0443\u0441\u043b\u0443\u0433\u0430\u043c\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0435\u0435 \u0432 \u0441\u0435\u0431\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439.\n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0451\u0442 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 CVE-2023-47246 , \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430 2 \u043d\u043e\u044f\u0431\u0440\u044f \u043f\u0440\u0438 \u0430\u0442\u0430\u043a\u0435 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u044b SysAid \u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430. \u041a\u043e\u043c\u0430\u043d\u0434\u0430 Microsoft Threat Intelligence \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0438 \u043e\u043f\u043e\u0432\u0435\u0441\u0442\u0438\u043b\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 SysAid.\n\n\u041f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u043b\u043e\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e WAR-\u0430\u0440\u0445\u0438\u0432\u0430 \u0432 \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0432\u0435\u0431-\u0441\u043b\u0443\u0436\u0431\u044b Tomcat SysAid. \u042d\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u043b\u043e \u043f\u0443\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e GraceWire \u0432 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u0422\u0430\u043a\u0436\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e ('user.exe') \u043f\u0440\u0435\u0434\u0443\u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u043b \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Sophos \u043f\u0435\u0440\u0435\u0434 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439.\n\n\u041f\u043e\u0441\u043b\u0435 \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0441\u0442\u0440\u0435\u043c\u0438\u043b\u0438\u0441\u044c \u0441\u043a\u0440\u044b\u0442\u044c \u0441\u043b\u0435\u0434\u044b, \u0443\u0434\u0430\u043b\u044f\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u044b \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 PowerShell. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0433\u0440\u0443\u043f\u043f\u0430 Lace Tempest (Fin11, TA505), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u044e\u0442 \u0441 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u0430\u0442\u0430\u043a\u0430\u043c\u0438, \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b \u0434\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c Cobalt Strike.\n\n\u0412 \u043e\u0442\u0432\u0435\u0442 \u043d\u0430 \u0443\u0433\u0440\u043e\u0437\u0443 SysAid \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f CVE-2023-47246. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 23.3.36 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0439. \u0414\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u043e\u0431\u0440\u0430\u0442\u0438\u0432 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u043d\u0435\u043e\u0431\u044b\u0447\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u043c \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 Tomcat SysAid, \u043d\u0430\u043b\u0438\u0447\u0438\u0435 WebShell \u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0436\u0443\u0440\u043d\u0430\u043b\u0430\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438. \u0412\u0430\u0436\u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u0442\u044c \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u0436\u0443\u0440\u043d\u0430\u043b\u044b PowerShell \u043d\u0430 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u043c \u0441\u0445\u0435\u043c\u0430\u043c \u0430\u0442\u0430\u043a.\n\n\u041e\u0442\u0447\u0435\u0442 SysAid \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 (Indicator of Compromise, IOC), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043c\u043e\u0447\u044c \u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u0438\u043c\u0435\u043d\u0430 \u0444\u0430\u0439\u043b\u043e\u0432, \u0445\u0435\u0448\u0438, IP-\u0430\u0434\u0440\u0435\u0441\u0430 \u0438 \u043f\u0443\u0442\u0438 \u043a \u0444\u0430\u0439\u043b\u0430\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0434\u043b\u044f \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0441\u043b\u0435\u0434\u043e\u0432 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-11-10T07:34:00.000000Z"}, {"uuid": "029b815e-0503-4e1f-bad8-03f6d7b6d05a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6101", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aexploit for cve-2023-47246 SysAid RCE (shell upload)\nURL\uff1ahttps://github.com/W01fh4cker/CVE-2023-47246-EXP\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2023-12-07T02:58:31.000000Z"}, {"uuid": "99e9bb2e-89ad-4e25-824d-ab9566447086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5905", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aexploit for cve-2023-47246 SysAid RCE (shell upload)\nURL\uff1ahttps://github.com/rainbowhatrkn/CVE-2023-47246\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2023-11-22T08:20:22.000000Z"}, {"uuid": "a6b85d97-f1d1-41b4-aa10-73d431e5931d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "Telegram/l2Vzp4vIKj6tL2ItYlEzDg7I0ePD1shAaZlJFOJL7T40rA", "content": "", "creation_timestamp": "2023-11-21T06:21:09.000000Z"}, {"uuid": "7965cee6-e22d-4872-a1bb-2a6be79f5dea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/Cyber_Watch_insider/190", "content": "Microsoft has discovered exploitation of a 0-day vulnerability in the SysAid IT support software in limited attacks by Lace Tempest, a threat actor that distributes Clop ransomware. Microsoft notified SysAid about the issue (CVE-2023-47246), which they immediately patched.", "creation_timestamp": "2023-11-09T17:17:30.000000Z"}, {"uuid": "1fab9696-4631-4d6b-9555-79f587de5e92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/274", "content": "\u2604\ufe0fCVE-2023-47246: PoC\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f SysAid \n\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \n\u043a\u043e\u0434\u0430\ud83d\ude04\n\n\ud83d\udce3\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442:\nhttps://github.com/W01fh4cker/CVE-2023-47246-EXP/tree/main\n\n#cve #poc #exploit", "creation_timestamp": "2023-11-18T15:05:23.000000Z"}, {"uuid": "e3342b6c-8bdc-41f0-b9b9-b71ccda9cebd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/150352", "content": "https://ift.tt/eVamkoR\nCVE-2023-47246: SysAid Vulnerability Exploited by CL0P ... - Kroll", "creation_timestamp": "2023-11-19T08:18:00.000000Z"}, {"uuid": "79c25d58-a95a-4a85-82ab-b7c6c0f4d1e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/ctinow/149365", "content": "https://ift.tt/Esct7Df\nCVE-2023-47246: SysAid Vulnerability Exploited by CL0P ... - Kroll", "creation_timestamp": "2023-11-14T21:33:22.000000Z"}, {"uuid": "d71a27ba-2a5b-4f41-a69c-6cc36feddbd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "Telegram/kQeAK9cAnQwdYL0AGQjGF8KPA-O05qaoT5ri0rbVIOfsnA", "content": "", "creation_timestamp": "2023-11-17T14:55:34.000000Z"}, {"uuid": "4c941d69-ef67-4c9e-be33-f885e3363631", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "Telegram/QSBwDO5JS9USsedDvROFYoSDD1KC919f_lQ4j3gNeoPMvw", "content": "", "creation_timestamp": "2023-11-17T14:54:26.000000Z"}, {"uuid": "5ff5e7ad-6386-4072-9204-b0aa8e6a01e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/hackyourmom/6009", "content": "CISA \u0434\u043e\u0434\u0430\u043b\u0430 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0456 Juniper \u0434\u043e \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0435\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u043e\u0432\u0430\u043d\u0438\u0445 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0435\u0439.\n\n\u0410\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u044c\u043a\u0435 \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u0437 \u043a\u0456\u0431\u0435\u0440\u0431\u0435\u0437\u043f\u0435\u043a\u0438 \u0442\u0430 \u0431\u0435\u0437\u043f\u0435\u043a\u0438 \u0456\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0438 (CISA) \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u043e \u0434\u043e \u0441\u0432\u043e\u0433\u043e \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 KEV \u0448\u0456\u0441\u0442\u044c \u043d\u043e\u0432\u0438\u0445 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0435\u0439, \u0437 \u044f\u043a\u0438\u0445 \u043f'\u044f\u0442\u044c \u0441\u0442\u043e\u0441\u0443\u044e\u0442\u044c\u0441\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0456\u0439\u043d\u043e\u0457 \u0441\u0438\u0441\u0442\u0435\u043c\u0438 Juniper Junos OS, \u0430 \u043e\u0434\u043d\u0430 - \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043d\u043e\u0433\u043e \u0437\u0430\u0431\u0435\u0437\u043f\u0435\u0447\u0435\u043d\u043d\u044f \u0434\u043b\u044f \u0406\u0422-\u043f\u0456\u0434\u0442\u0440\u0438\u043c\u043a\u0438 \u043f\u0456\u0434 \u043d\u0430\u0437\u0432\u043e\u044e SysAid.\n\n\u0421\u0435\u0440\u0435\u0434 \u0434\u043e\u0434\u0430\u043d\u0438\u0445 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0435\u0439:\nCVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847, CVE-2023-36851: \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0456 \u0432 Juniper Junos OS \u0441\u0435\u0440\u0456\u0439 EX \u0456 SRX, \u043f\u043e\u0432'\u044f\u0437\u0430\u043d\u0456 \u0437 \u043d\u0435\u0434\u043e\u043b\u0456\u043a\u0430\u043c\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0456\u043a\u0430\u0446\u0456\u0457 \u0442\u0430 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u044f\u043c\u0438 \u0432 PHP.\nCVE-2023-47246: \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c \u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0456 SysAid, \u043f\u043e\u0432'\u044f\u0437\u0430\u043d\u0430 \u0437 \u043e\u0431\u0445\u0456\u0434\u043e\u043c \u0448\u043b\u044f\u0445\u0443.\n\n\u0417\u0430 \u0456\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0456\u0454\u044e Juniper SIRT, \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0456 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0456 J-Web \u043c\u043e\u0436\u0443\u0442\u044c \u0431\u0443\u0442\u0438 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u0430\u043d\u0456 \u0434\u043b\u044f \u0432\u0438\u043a\u043e\u043d\u0430\u043d\u043d\u044f \u0432\u0456\u0434\u0434\u0430\u043b\u0435\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0443 \u0431\u0435\u0437 \u043f\u043e\u043f\u0435\u0440\u0435\u0434\u043d\u044c\u043e\u0457 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0456\u043a\u0430\u0446\u0456\u0457. \u041a\u043e\u043c\u043f\u0430\u043d\u0456\u044f \u043f\u0456\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0449\u043e \u0437\u043b\u043e\u0432\u043c\u0438\u0441\u043d\u0438\u043a\u0438 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u044e\u0442\u044c \u0446\u0456 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0456 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\nCISA \u0432\u0438\u043c\u0430\u0433\u0430\u0454 \u0432\u0456\u0434 \u0444\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u0438\u0445 \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432 \u0443\u0441\u0443\u043d\u0443\u0442\u0438 \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u0456 \u043d\u0435\u0434\u043e\u043b\u0456\u043a\u0438 \u0431\u0435\u0437\u043f\u0435\u043a\u0438 Juniper \u0434\u043e 17 \u043b\u0438\u0441\u0442\u043e\u043f\u0430\u0434\u0430 2023 \u0440\u043e\u043a\u0443, \u0430 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 SysAid - \u0434\u043e 4 \u0433\u0440\u0443\u0434\u043d\u044f 2023 \u0440\u043e\u043a\u0443.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0456\u044f Juniper \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0454 \u0432\u0438\u043c\u043a\u043d\u0443\u0442\u0438 J-Web \u0430\u0431\u043e \u043e\u0431\u043c\u0435\u0436\u0438\u0442\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u0434\u043e \u043d\u044c\u043e\u0433\u043e \u043b\u0438\u0448\u0435 \u0434\u043b\u044f \u0434\u043e\u0432\u0456\u0440\u0435\u043d\u0438\u0445 \u0445\u043e\u0441\u0442\u0456\u0432 \u044f\u043a \u0442\u0438\u043c\u0447\u0430\u0441\u043e\u0432\u0438\u0439 \u0437\u0430\u0445\u0456\u0434. \u0412\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0456 \u0431\u0443\u043b\u0438 \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u0456 \u0432 \u0441\u0435\u0440\u043f\u043d\u0456 \u0446\u044c\u043e\u0433\u043e \u0440\u043e\u043a\u0443, \u0430\u043b\u0435, \u0441\u0445\u043e\u0436\u0435, \u0434\u043e \u0446\u044c\u043e\u0433\u043e \u0447\u0430\u0441\u0443 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u043d\u043e \u043d\u0435 \u0435\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0443\u0432\u0430\u043b\u0438\u0441\u044f. \u041a\u043e\u043c\u043f\u0430\u043d\u0456\u044f \u0432\u0438\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u0456\u0434\u043f\u043e\u0432\u0456\u0434\u043d\u0456 \u043f\u0430\u0442\u0447\u0456 \u043d\u0435\u0437\u0430\u0431\u0430\u0440\u043e\u043c \u043f\u0456\u0441\u043b\u044f \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u043d\u044f \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0435\u0439 \u0456 \u0437 \u0442\u043e\u0433\u043e \u0447\u0430\u0441\u0443 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0437\u0430\u043a\u043b\u0438\u043a\u0430\u0454 \u043a\u043b\u0456\u0454\u043d\u0442\u0456\u0432 \u043e\u043d\u043e\u0432\u043b\u044e\u0432\u0430\u0442\u0438 \u0441\u0432\u043e\u0457 \u0435\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0438 Junos OS \u0434\u043e \u0431\u0435\u0437\u043f\u0435\u0447\u043d\u043e\u0457 \u0432\u0435\u0440\u0441\u0456\u0457.\n\n\u0412 \u043a\u0456\u043d\u0446\u0456 \u0441\u0435\u0440\u043f\u043d\u044f \u0434\u043e\u0441\u043b\u0456\u0434\u043d\u0438\u043a\u0438 \u0437 watchTowr Labs \u043e\u043f\u0443\u0431\u043b\u0456\u043a\u0443\u0432\u0430\u043b\u0438 PoC-\u0435\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u0438\u0445 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0435\u0439. \u0410\u0442\u0430\u043a\u0443\u044e\u0447\u0456 \u043c\u043e\u0436\u0443\u0442\u044c \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u0432\u0430\u0442\u0438 \u043b\u0430\u043d\u0446\u044e\u0436\u043e\u043a \u0456\u0441\u043d\u0443\u044e\u0447\u0438\u0445 \u043d\u0435\u0434\u043e\u043b\u0456\u043a\u0456\u0432 \u0431\u0435\u0437\u043f\u0435\u043a\u0438 \u0434\u043b\u044f \u0432\u0456\u0434\u0434\u0430\u043b\u0435\u043d\u043e\u0433\u043e \u0432\u0438\u043a\u043e\u043d\u0430\u043d\u043d\u044f \u043a\u043e\u0434\u0443 \u043d\u0430 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u0438\u0445 \u043f\u0440\u0438\u0441\u0442\u0440\u043e\u044f\u0445. \u0414\u043e\u0441\u043b\u0456\u0434\u043d\u0438\u043a\u0438 watchTowr \u0442\u0430\u043a\u043e\u0436 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043b\u0438 \u043f\u0440\u043e\u0446\u0435\u0441 \u0432\u0456\u0434\u0442\u0432\u043e\u0440\u0435\u043d\u043d\u044f, \u043e\u0431'\u0454\u0434\u043d\u0430\u043d\u043d\u044f \u0442\u0430 \u0435\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0456\u0457 \u0446\u0438\u0445 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0435\u0439.\n\n\u0412 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0456 \u0432\u0435\u0440\u0435\u0441\u043d\u044f \u0434\u043e\u0441\u043b\u0456\u0434\u043d\u0438\u043a\u0438 \u0437 VulnCheck \u0432\u0438\u044f\u0432\u0438\u043b\u0438 \u043f\u0440\u0438\u0431\u043b\u0438\u0437\u043d\u043e 15 000 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u0435\u0440\u0456\u0432 Juniper SRX \u0456 \u043a\u043e\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u0456\u0432 Juniper EX, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0438\u0445 \u0432 \u0406\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0456 \u0456 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u0438\u0445 \u0434\u043e \u0432\u0438\u0449\u0435\u0437\u0433\u0430\u0434\u0430\u043d\u0438\u0445 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0435\u0439. \u0417\u0430 \u0434\u0430\u043d\u0438\u043c\u0438 VulnCheck, \u0432 \u0441\u0435\u0440\u0435\u0434\u043d\u044c\u043e\u043c\u0443 \u0431\u043b\u0438\u0437\u044c\u043a\u043e 80% \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u0438\u0445 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u0435\u0440\u0456\u0432, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0438\u0445 \u0447\u0435\u0440\u0435\u0437 \u0406\u043d\u0442\u0435\u0440\u043d\u0435\u0442, \u0437\u0430\u043b\u0438\u0448\u0430\u043b\u0438\u0441\u044f \u043d\u0435\u043e\u043d\u043e\u0432\u043b\u0435\u043d\u0456 \u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u0430\u043d\u0430\u043b\u0456\u0437\u0443.\n\n\u0415\u043a\u0441\u043f\u0435\u0440\u0442\u0438 \u043f\u0456\u0434\u043a\u0440\u0435\u0441\u043b\u044e\u044e\u0442\u044c, \u0449\u043e \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u0435\u0440\u0438 \u0454 \u043f\u0440\u0438\u0432\u0430\u0431\u043b\u0438\u0432\u0438\u043c\u0438 \u0446\u0456\u043b\u044f\u043c\u0438 \u0434\u043b\u044f \u043d\u0430\u0446\u0456\u043e\u043d\u0430\u043b\u044c\u043d\u0438\u0445 \u0445\u0430\u043a\u0435\u0440\u0456\u0432, \u043e\u0441\u043a\u0456\u043b\u044c\u043a\u0438 \u0432\u043e\u043d\u0438 \u0434\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442\u044c \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u0443\u0442\u0438 \u0432 \u0437\u0430\u0445\u0438\u0449\u0435\u043d\u0456 \u043c\u0435\u0440\u0435\u0436\u0456 \u0456 \u043c\u043e\u0436\u0443\u0442\u044c \u0441\u043b\u0443\u0436\u0438\u0442\u0438 \u0445\u043e\u0441\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u0456\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0456\u043d\u043d\u044f \u0456 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044e. \u0422\u0456\u043b\u044c\u043a\u0438 \u0441\u0432\u043e\u0454\u0447\u0430\u0441\u043d\u0435 \u0432\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044f \u043e\u043d\u043e\u0432\u043b\u0435\u043d\u044c \u0431\u0435\u0437\u043f\u0435\u043a\u0438 \u0442\u0430 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u0438\u0439 \u043f\u0456\u0434\u0445\u0456\u0434 \u0434\u043e \u043a\u0456\u0431\u0435\u0440\u0437\u0430\u0445\u0438\u0441\u0442\u0443 \u0437\u043c\u043e\u0436\u0435 \u043e\u0431\u0435\u0440\u0435\u0433\u0442\u0438 \u043e\u0440\u0433\u0430\u043d\u0456\u0437\u0430\u0446\u0456\u0457 \u0432\u0456\u0434 \u043d\u0435\u043f\u0440\u0438\u0454\u043c\u043d\u0438\u0445 \u043d\u0430\u0441\u043b\u0456\u0434\u043a\u0456\u0432 \u0445\u0430\u043a\u0435\u0440\u0441\u044c\u043a\u0438\u0445 \u0430\u0442\u0430\u043a.", "creation_timestamp": "2023-11-19T08:14:40.000000Z"}, {"uuid": "1200a4a8-a0ae-4005-8c79-5fa4f3670cce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "seen", "source": "https://t.me/ctinow/148395", "content": "https://ift.tt/nmwevjS\nMOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)", "creation_timestamp": "2023-11-09T17:33:54.000000Z"}, {"uuid": "fcaadfe4-1545-4d7a-b085-b48c570eb7d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "seen", "source": "https://t.me/ctinow/148390", "content": "https://ift.tt/p6bJwEY\nMOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)", "creation_timestamp": "2023-11-09T17:33:49.000000Z"}, {"uuid": "12c7ea57-c791-4334-8964-6da1bb950b79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "seen", "source": "https://t.me/ctinow/148364", "content": "https://ift.tt/p6bJwEY\nMOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) - Help Net Security", "creation_timestamp": "2023-11-09T16:08:00.000000Z"}, {"uuid": "7417111c-e12f-485d-83e4-2425c9b513f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/arpsyndicate/1260", "content": "#ExploitObserverAlert\n\nCVE-2023-47246\n\nDESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-47246. In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n\nFIRST-EPSS: 0.667970000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T17:15:30.000000Z"}, {"uuid": "e798857b-f675-43f4-a123-e9c682fda944", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "Telegram/eH0V46KzWPpUAwyr8C85bUvTczEBeTLSM5TTlo4xnPDhGdc", "content": "", "creation_timestamp": "2024-06-01T09:55:00.000000Z"}, {"uuid": "a4879732-bd29-4d30-9bd6-1a6528ce047d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3583", "content": "https://github.com/W01fh4cker/CVE-2023-47246-EXP\n\n\nSysAid RCE \uff08webshell \uff09", "creation_timestamp": "2023-11-21T14:55:04.000000Z"}, {"uuid": "475b1134-c608-4dc3-8380-fc4f717666aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/arpsyndicate/583", "content": "#ExploitObserverAlert\n\nCVE-2023-47246\n\nDESCRIPTION: Exploit Observer has 11 entries related to CVE-2023-47246. In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n\nFIRST-EPSS: 0.667970000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-26T03:04:34.000000Z"}, {"uuid": "356f3e06-e47e-47cd-aa2c-fd59b657cab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "Telegram/mGP7hj16dqesl95DJ6RwBOASV1j0GTqY6jyPxtM9isfpeQ", "content": "", "creation_timestamp": "2023-11-09T18:14:37.000000Z"}, {"uuid": "9bf28850-e3ae-4967-9f7b-98210e7a2331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/itARMYofUkraine2022_INT/27656", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u043d\u0430 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c \"\u0434\u043d\u044f \u043d\u0443\u043b\u044c\" \u0437\u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0443 SysAid, \u0456\u0434\u0435\u043d\u0442\u0438\u0444\u0456\u043a\u043e\u0432\u0430\u043d\u0430 \u044f\u043a CVE-2023-47246, \u0431\u0443\u043b\u0430 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u0430\u043d\u0430 \u043a\u0456\u0431\u0435\u0440\u0437\u043b\u043e\u0447\u0438\u043d\u0446\u044f\u043c\u0438, \u043f\u043e\u0432\u2019\u044f\u0437\u0430\u043d\u0438\u043c\u0438 \u0437 \u0432\u0456\u0440\u0443\u0441\u043e\u043c-\u0432\u0438\u043c\u0430\u0433\u0430\u0447\u0435\u043c CLOP. \u0426\u044f \u0431\u0435\u0437\u043f\u0435\u043a\u043e\u0432\u0430 \u0448\u043f\u0430\u0440\u0438\u043d\u0430 \u0434\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0430 \u0432\u0438\u043a\u043e\u043d\u0430\u043d\u043d\u044f \u0434\u043e\u0432\u0456\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0443. Microsoft \u0432\u0438\u044f\u0432\u0438\u0432 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u0456 SysAid \u0432\u0436\u0435 \u0432\u0438\u043f\u0443\u0441\u0442\u0438\u0432 \u0432\u0438\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044f. \u041a\u043e\u0440\u0438\u0441\u0442\u0443\u0432\u0430\u0447\u0430\u043c, \u0449\u043e \u0437\u0430\u0437\u043d\u0430\u043b\u0438 \u0432\u043f\u043b\u0438\u0432\u0443, \u0440\u0430\u0434\u0438\u043c\u043e \u043d\u0435\u0433\u0430\u0439\u043d\u043e \u043e\u043d\u043e\u0432\u0438\u0442\u0438\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0456\u0457 23.3.36 \u0442\u0430 \u0441\u043b\u0456\u0434\u0443\u0432\u0430\u0442\u0438 \u0432\u043a\u0430\u0437\u0456\u0432\u043a\u0430\u043c SysAid \u0434\u043b\u044f \u0437\u0430\u0445\u0438\u0441\u0442\u0443 \u0441\u0432\u043e\u0457\u0445 \u0441\u0438\u0441\u0442\u0435\u043c. \n\n\u0411\u0443\u0434\u044c\u0442\u0435 \u043f\u0438\u043b\u044c\u043d\u0456! \u0414\u0456\u043b\u0456\u0442\u044c\u0441\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c\u0438 \u0439 \u0434\u043e\u0441\u0432\u0456\u0434\u043e\u043c \u0437 \u0437\u0430\u043f\u043e\u0431\u0456\u0433\u0430\u043d\u043d\u044f \u043a\u0456\u0431\u0435\u0440\u0437\u0430\u0433\u0440\u043e\u0437 \u0443 \u043d\u0430\u0448\u043e\u043c\u0443 \u0447\u0430\u0442\u0456.\n\u2014\nA critical \"zero-day\" vulnerability in SysAid identified as CVE-2023-47246 was exploited by cybercriminals linked to the CLOP ransomware. This security gap allowed the execution of arbitrary code. Microsoft detected the issue, and SysAid has already released a fix. Users affected are advised to immediately update to version 23.3.36 and follow SysAid's instructions to protect their systems.\n\nStay alert! Share problems and experiences with preventing cyber threats in our chat.", "creation_timestamp": "2023-11-13T18:03:16.000000Z"}, {"uuid": "0cc54131-2fcc-459d-a1fc-d7984f942588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "seen", "source": "https://t.me/KomunitiSiber/1052", "content": "Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability\nhttps://thehackernews.com/2023/11/zero-day-alert-lace-tempest-exploits.html\n\nThe threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft.\nLace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in\u00a0MOVEit Transfer\u00a0and\u00a0PaperCut servers.\nThe issue, tracked as\u00a0CVE-2023-47246, concerns a path traversal", "creation_timestamp": "2023-11-09T18:40:03.000000Z"}, {"uuid": "d97c53f0-fe2b-4215-952a-8c0843ad80c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/arpsyndicate/377", "content": "#ExploitObserverAlert\n\nCVE-2023-47246\n\nDESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-47246. In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n\nFIRST-EPSS: 0.667970000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-23T00:15:23.000000Z"}, {"uuid": "8a52bfc7-5df1-4532-a95e-4f814dfae30f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/true_secator/5068", "content": "\u041f\u043e\u0445\u043e\u0436\u0435, \u0447\u0442\u043e \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 Cl0p \u043d\u0430\u0449\u0443\u043f\u0430\u043b\u0438 \u043d\u043e\u0432\u0443\u044e 0-day, \u043f\u0440\u0438\u0441\u0442\u0443\u043f\u0438\u0432 \u043a \u043d\u043e\u0432\u043e\u0439 \u043a\u0440\u0443\u043f\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 SysAid.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u041f\u041e \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f IT \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u0441\u0432\u043e\u0438\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0435 CVE-2023-47246, \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b ransomware.\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e 0-day, \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0430 \u0433\u0440\u0443\u043f\u043f\u0430 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0433\u0440\u043e\u0437 Microsoft, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0441\u043f\u0435\u0448\u0438\u043b\u0430 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u0442\u044c SysAid \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b, \u0447\u0442\u043e \u0435\u0433\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 SysAid \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a RCE.\u00a0\n\nSysAid \u0443\u0437\u043d\u0430\u043b\u0430 \u043e 0-day 2 \u043d\u043e\u044f\u0431\u0440\u044f, \u0430 8 \u043d\u043e\u044f\u0431\u0440\u044f \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 23.3.36, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0438\u0437\u0432\u0430\u043d\u0430 \u0435\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c. \u041f\u043e\u043c\u0438\u043c\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439, \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0441\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, IoC \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c\u0438.\u00a0\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Microsoft, CVE-2023-47246 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c Lace Tempest (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u0435\u043d \u043a\u0430\u043a DEV-0950), \u0447\u044c\u044f \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u0441\u0435\u043a\u0430\u0435\u0442\u0441\u044f \u0441 \u0433\u0440\u0443\u043f\u043f\u0430\u043c\u0438 FIN11 \u0438 TA505. \u0412\u0441\u0435 \u043e\u043d\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c Cl0p.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0438\u043c\u0435\u043d\u043d\u043e \u044d\u0442\u043e\u0433\u043e \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430 Microsoft \u0440\u0430\u043d\u0435\u0435 \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u043b\u0430 \u0441 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439\u00a0\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 MOVEit Transfer\u00a00-day, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0432\u0448\u0435\u0439 \u0431\u043e\u043b\u0435\u0435 2500 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a \u043d\u0430 SysAid \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0418\u0422-\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 MeshAgent \u0438 GraceWire. \u0414\u0430\u043b\u0435\u0435, \u043a\u0430\u043a \u043f\u0440\u0430\u0432\u0438\u043b\u043e, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0431\u043e\u043a\u043e\u0432\u043e\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u0435, \u043a\u0440\u0430\u0436\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 ransomware.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c SysAid, \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 PowerShell, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0447\u0438\u0441\u0442\u0438\u0442\u044c \u0441\u043b\u0435\u0434\u044b \u0438 \u0443\u043b\u0438\u043a\u0438 \u0441 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.\n\n\u0411\u0443\u0434\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u0435\u043c \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438.", "creation_timestamp": "2023-11-09T18:00:08.000000Z"}, {"uuid": "8b78d852-8a09-42b7-aff0-b76341a48ceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/proxy_bar/1829", "content": "CVE-2023-47246\n\u0410 \u0432\u043e\u0442 \u0438 0day \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044e\u0437\u0430\u044e\u0442 \u0440\u0430\u043d\u0441\u043e\u043c\u044b \u0438\u0437 Cl0p \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 SysAid\n*\nexploit\n*", "creation_timestamp": "2023-11-17T20:36:38.000000Z"}, {"uuid": "949a7d44-ffee-42c1-99e1-99a0ef3763c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/xakep_ru/14966", "content": "\u041e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b Clop \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043d\u0430 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 SysAid\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Microsoft Threat Intelligence \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u043d\u0435\u0431\u0435\u0437\u044b\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f Clop \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0441\u0432\u0435\u0436\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 SysAid (CVE-2023-47246) \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043c\u0430\u043b\u0432\u0430\u0440\u0438.\n\nhttps://xakep.ru/2023/11/10/sysaid-attacks/", "creation_timestamp": "2023-11-10T17:33:49.000000Z"}, {"uuid": "104ee270-cd7f-4ee5-9eb1-56cdda4f6eed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "exploited", "source": "https://t.me/information_security_channel/50972", "content": "SysAid Zero-Day Vulnerability Exploited by Ransomware Group\nhttps://www.securityweek.com/sysaid-zero-day-vulnerability-exploited-by-ransomware-group/\n\nCVE-2023-47246 zero-day vulnerability in SysAid IT service management software has been exploited by Cl0p ransomware affiliates.\nThe post SysAid Zero-Day Vulnerability Exploited by Ransomware Group (https://www.securityweek.com/sysaid-zero-day-vulnerability-exploited-by-ransomware-group/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2023-11-09T14:10:24.000000Z"}, {"uuid": "805466ca-afb4-4bfd-8864-a7ac2f19feb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1561", "content": "https://github.com/W01fh4cker/CVE-2023-47246-EXP\n\nSysAid RCE \uff08webshell \uff09\n\n#github #exploit", "creation_timestamp": "2023-11-21T13:55:07.000000Z"}, {"uuid": "39828f77-0ff1-4e4a-9d98-4b30f7dfb309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1752", "content": "#exploit\n1. CVE-2023-2598:\nio_uring LPE\nhttps://github.com/ysanatomic/io_uring_LPE-CVE-2023-2598\n\n2. CVE-2023-47246:\nSysAid Server &lt;23.3.36 RCE\nhttps://github.com/W01fh4cker/CVE-2023-47246-EXP", "creation_timestamp": "2024-08-16T08:46:02.000000Z"}, {"uuid": "cc40752d-ece9-4a73-9916-06e2a5e1f748", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "seen", "source": "Telegram/CjQF1dZmoaM1fUBfkvGENLUP776SFgCIVBR2PSApxfFhKvo", "content": "", "creation_timestamp": "2023-11-11T08:58:10.000000Z"}, {"uuid": "dc44d300-b866-4162-ba8f-66913731f2a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9423", "content": "#exploit\n1. CVE-2023-2598:\nio_uring LPE\nhttps://github.com/ysanatomic/io_uring_LPE-CVE-2023-2598\n\n2. CVE-2023-47246:\nSysAid Server &lt;23.3.36 RCE\nhttps://github.com/W01fh4cker/CVE-2023-47246-EXP", "creation_timestamp": "2023-11-19T13:23:12.000000Z"}, {"uuid": "902c5941-e070-48cc-965a-377fec311031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1720", "content": "#exploit\n1. CVE-2023-2598:\nio_uring LPE\nhttps://github.com/ysanatomic/io_uring_LPE-CVE-2023-2598\n\n2. CVE-2023-47246:\nSysAid Server &lt;23.3.36 RCE\nhttps://github.com/W01fh4cker/CVE-2023-47246-EXP", "creation_timestamp": "2024-08-16T08:45:55.000000Z"}, {"uuid": "3fdb5493-498c-49eb-8d04-548425a5b6cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47246", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1785", "content": "https://github.com/W01fh4cker/CVE-2023-47246-EXP\n\nSysAid RCE \uff08webshell \uff09\n\n#github #exploit", "creation_timestamp": "2024-08-16T08:47:38.000000Z"}]}