{"vulnerability": "CVE-2024-4978", "sightings": [{"uuid": "17236c6a-be8f-4fe9-a46f-444b4c17161e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-05-29T18:10:02.000000Z"}, {"uuid": "e107a121-bdb2-4ffb-8ecd-0e51fb1fc89a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "MISP/f3e1d35b-bb2e-45f5-bf93-1058bd700092", "content": "", "creation_timestamp": "2024-05-27T12:48:37.000000Z"}, {"uuid": "4a31b42d-f65b-4748-83ec-0bcbb5787398", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49785", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113812819666293739", "content": "", "creation_timestamp": "2025-01-12T01:36:48.429093Z"}, {"uuid": "e7af1fb6-266a-455f-915c-9982f734f558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49785", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfj6z4sxmy2r", "content": "", "creation_timestamp": "2025-01-12T02:39:55.574174Z"}, {"uuid": "93c3adc1-5471-4932-897a-72920cdb3596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49780", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lilooxgk5y2u", "content": "", "creation_timestamp": "2025-02-20T06:41:29.261241Z"}, {"uuid": "53ad0897-07aa-40e2-bcc3-126b02779e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49782", "type": "seen", "source": "https://t.me/cvedetector/18511", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49782 - IBM OpenPages with Watson SSL/TLS Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49782 \nPublished : Feb. 20, 2025, 4:15 a.m. | 38\u00a0minutes ago \nDescription : IBM OpenPages with Watson 8.3 and 9.0\u00a0  \n  \n  \n  \ncould allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T06:27:31.000000Z"}, {"uuid": "74260c74-476f-4c6e-a300-469eb1443fc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:25.000000Z"}, {"uuid": "21c0ed52-306e-43b1-b602-342b7c330778", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-4978", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9d176767-103d-4f9e-b482-d765fea24103", "content": "", "creation_timestamp": "2026-02-02T12:26:36.167197Z"}, {"uuid": "58c95b82-be94-4bd9-b6c8-1f084ffc8ddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "Telegram/35Z3j61Eiun51LjyBaXAW69rvddYyTcdJWUO-G1bZQXEY34", "content": "", "creation_timestamp": "2024-05-24T12:21:47.000000Z"}, {"uuid": "4aadf56c-13e2-4c56-81e4-75299005870b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49781", "type": "seen", "source": "https://t.me/cvedetector/18541", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49781 - IBM OpenPages with Watson XXE Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49781 \nPublished : Feb. 20, 2025, 12:15 p.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T14:49:35.000000Z"}, {"uuid": "563f766e-d37e-48be-b1fd-93807f0b2f15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:55.000000Z"}, {"uuid": "109d6261-835d-4314-911c-4eae997ece5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49780", "type": "seen", "source": "https://t.me/cvedetector/18510", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49780 - IBM OpenPages with Watson Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49780 \nPublished : Feb. 20, 2025, 4:15 a.m. | 38\u00a0minutes ago \nDescription : IBM OpenPages with Watson 8.3 and 9.0\u00a0  \n  \nIBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing \"dot dot\" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T06:27:31.000000Z"}, {"uuid": "2a6b8429-f5b5-43f2-84bf-eaa7e11fcfc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49785", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1335", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-49785\n\ud83d\udd39 Description: IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\n\ud83d\udccf Published: 2025-01-12T01:10:43.851Z\n\ud83d\udccf Modified: 2025-01-12T01:10:43.851Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7180723", "creation_timestamp": "2025-01-12T02:04:29.000000Z"}, {"uuid": "e88cae13-44a2-47d1-826b-4270879b2d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "exploited", "source": "https://t.me/DarkWebInformer_CVEAlerts/3900", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-4978\n\ud83c\udfe2 Vendor: Justice AV Solutions\n\ud83d\udda5\ufe0f Product: Viewer \n\ud83d\udd39 Description: Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this creates a backdoor connection to a malicious C2 server.\n\ud83d\udccf Published: 2024-05-23T00:00:00Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json\n2. https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/", "creation_timestamp": "2025-02-08T23:21:26.000000Z"}, {"uuid": "09657931-fe0d-49c6-a780-4e0be2bb4ae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "Telegram/-tGEIWKVXNdVywjQTeX1GXx5xcpWZXvGoTZqttWYETWNuA", "content": "", "creation_timestamp": "2024-05-24T15:51:10.000000Z"}, {"uuid": "403e53a4-b7a5-492b-9c78-97ded3e81d06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "https://t.me/HackingInsights/867", "content": "\u200aCVE-2024-4978: Backdoor Discovered in Justice AV Solutions Courtroom Software\n\nhttps://securityonline.info/cve-2024-4978-backdoor-discovered-in-justice-av-solutions-courtroom-software/", "creation_timestamp": "2024-05-23T19:33:17.000000Z"}, {"uuid": "fe259a6e-8f59-4448-95dc-3d4450ed57ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49780", "type": "seen", "source": "Telegram/msI25FPoSrOXELYP0x6VmyKRMH88Iex0cCf8KUMd4dMdS2Fm", "content": "", "creation_timestamp": "2025-02-20T23:26:53.000000Z"}, {"uuid": "c0802016-b365-444b-9db3-5d91af7de5c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49781", "type": "seen", "source": "Telegram/R8tFwz-QohN7bUnr9lip7649ActO8GZVgRpmSsX4N80Ze2Bz", "content": "", "creation_timestamp": "2025-02-20T23:26:54.000000Z"}, {"uuid": "d84f15f2-1b5b-437c-be07-e8d156f73d72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49780", "type": "seen", "source": "Telegram/UaZX-gZwrhVyj3RwoSey4o0-rzIBYU1SkqjjuZK685PKmR2e", "content": "", "creation_timestamp": "2025-02-20T23:26:54.000000Z"}, {"uuid": "0c1db625-adb7-41c0-9095-15c69de4bc92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49782", "type": "seen", "source": "Telegram/GSgmbHn5ayx_XCRY8BRkh2EmSMDOqi6OEweND9kurFd8RvCM", "content": "", "creation_timestamp": "2025-02-20T23:26:53.000000Z"}, {"uuid": "b1932276-0991-4086-86ec-2efe90d40731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "Telegram/e2_lMGXoR52HR_uziJWnU-rY5ZQloyS2KwiQp-7lFElkzA", "content": "", "creation_timestamp": "2024-05-24T15:11:43.000000Z"}, {"uuid": "8931a6d4-468b-4a9e-9dc7-7081f4f4e7cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "https://t.me/true_secator/5775", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 Rapid7 \u0438 S2W \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0442\u0440\u043e\u044f\u043d-\u0431\u044d\u043a\u0434\u043e\u0440 GateDoor \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 Justice AV Solutions (JAVS) \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0437\u0430\u0441\u0435\u0434\u0430\u043d\u0438\u0439, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0432 \u0441\u0443\u0434\u0435\u0431\u043d\u044b\u0445, \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0438 \u044e\u0440\u0438\u0434\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f\u0445 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n\n\u041d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u0432\u043d\u0435\u0434\u0440\u0438\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0432 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a JAVS Viewer \u0432\u0435\u0440\u0441\u0438\u0438 8.3.7, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u043c\u0435\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 10 000 \u0437\u0430\u0433\u0440\u0443\u0437\u043e\u043a.\n\n\u041c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a\u0430 \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u0432 \u0435\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0434\u0432\u043e\u0438\u0447\u043d\u043e\u0433\u043e fffmpeg.exe, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0431\u044b\u043b\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u0430 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 \u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0445\u0441\u044f \u0438\u043c \u0434\u043e \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u044b \u043c\u0430\u044f.\n\n\u0420\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0432\u0448\u0430\u044f \u044d\u0442\u043e\u0442 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442 \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a (\u0442\u0435\u043f\u0435\u0440\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a\u00a0CVE-2024-4978) Rapid7 \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e S2W Talon \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430\u00a0 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a JAVS \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u0430\u043f\u0440\u0435\u043b\u044f \u0438 \u0441\u0432\u044f\u0437\u0430\u043b\u0430 \u0435\u0433\u043e \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u041f\u041e Rustdoor/GateDoor.\n\n\u041d\u0430\u0439\u0434\u0435\u043d\u043d\u0430\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u041f\u041e \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0430 \u043d\u0430 Go \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u044e RustDoor \u0434\u043b\u044f Windows, \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Rust, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u0440\u0430\u0436\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b macOS.\n\n\u041f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u043e\u0442\u0447\u0435\u0442\u044b Bitdefender \u0438 S2W \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u043b\u0438 \u043e\u0431\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439, \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0440\u0430\u043d\u0435\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u043b\u0430 \u0441\u043e\u0441\u043a\u0430\u043c\u0438\u0432\u0448\u0430\u044f\u0441\u044f \u0431\u0430\u043d\u0434\u0430 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 AlphV (BlackCat).\n\n\u0410\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044f \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0439 \u0441 CVE-2024-4978, \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u0435\u0434\u0448\u0438\u0439 10 \u043c\u0430\u044f, Rapid7 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430, \u0447\u0442\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043d\u0430 \u0441\u0432\u043e\u0439 C2 \u043f\u043e\u0441\u043b\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430.\n\n\u0417\u0430\u0442\u0435\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0434\u0432\u0430 \u0437\u0430\u043f\u0443\u0442\u0430\u043d\u043d\u044b\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f PowerShell \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0434\u043b\u044f Windows (ETW) \u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c AMSI.\n\n\u0417\u0430\u0442\u0435\u043c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 C2 \u0441\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u0435\u0442 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 Python, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442 \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\nRapid7 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0443\u0438\u044f\u043c\u0438 \u043f\u043e \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u0443\u0433\u0440\u043e\u0437\u044b, \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f JAVS Viewer, \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044f \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u0443\u044e \u043f\u0435\u0440\u0435\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 \u0438 \u0441\u043c\u0435\u043d\u0438\u0442\u044c \u0432\u0441\u0435 \u043f\u0430\u0440\u043e\u043b\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Justice AV Solutions, \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442, \u0443\u0434\u0430\u043b\u0438\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a \u0441\u043e \u0441\u0432\u043e\u0438\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0438 \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442 \u0430\u0443\u0434\u0438\u0442 \u0432\u0441\u0435\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 JAVS.\n\n\u041f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442 \u043b\u043e\u043a\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d, \u043d\u043e \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u044b\u0442\u0430\u044e\u0442\u0441\u044f \u0432\u044b\u044f\u0441\u043d\u0438\u0442\u044c, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u0442\u044c \u043d\u0430 \u0441\u0432\u043e\u0438\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0444\u0430\u0439\u043b \u0441 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c.", "creation_timestamp": "2024-05-24T14:30:05.000000Z"}, {"uuid": "f17caa11-caa3-4d8b-b13e-54414f0d7522", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/10578", "content": "#Threat_Research\n1. Old new email attacks\nhttps://blog.slonser.info/posts/email-attacks\n2. Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack (CVE-2024-4978)\nhttps://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack", "creation_timestamp": "2024-05-28T13:49:47.000000Z"}, {"uuid": "de20290f-78f6-4101-b3ee-4187a1271cef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49785", "type": "seen", "source": "https://t.me/cvedetector/15100", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49785 - IBM WatsonX.ai Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-49785 \nPublished : Jan. 12, 2025, 2:15 a.m. | 37\u00a0minutes ago \nDescription : IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-12T04:18:19.000000Z"}, {"uuid": "2c3636b3-3847-45da-8f42-f02e9fdf40ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/8511", "content": "The Hacker News\nCourtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack\n\nMalicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known backdoor called RustDoor.\nThe software supply chain attack, tracked as&nbsp;CVE-2024-4978, impacts JAVS Viewer v8.3.7, a component of the&nbsp;JAVS Suite 8&nbsp;that allows users to create, manage, publish,", "creation_timestamp": "2024-05-24T15:51:10.000000Z"}, {"uuid": "4a2fec0a-5d63-41c9-9ec0-a4a520ff0643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/1591", "content": "The Hacker News\nCourtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack\n\nMalicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known backdoor called RustDoor.\nThe software supply chain attack, tracked as&nbsp;CVE-2024-4978, impacts JAVS Viewer v8.3.7, a component of the&nbsp;JAVS Suite 8&nbsp;that allows users to create, manage, publish,", "creation_timestamp": "2024-05-24T15:51:10.000000Z"}, {"uuid": "5f9a4b6e-5e88-46ed-a299-cdd373e111e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4978", "type": "seen", "source": "https://t.me/KomunitiSiber/1997", "content": "Courtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack\nhttps://thehackernews.com/2024/05/courtroom-software-backdoored-to.html\n\nMalicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known backdoor called RustDoor.\nThe software supply chain attack, tracked as\u00a0CVE-2024-4978, impacts JAVS Viewer v8.3.7, a component of the\u00a0JAVS Suite 8\u00a0that allows users to create, manage, publish,", "creation_timestamp": "2024-05-24T13:34:06.000000Z"}]}