Detecting MOVEit Exploitation Activity (CVE-2023-34362) | Threat SnapShot
Рет қаралды 2,374
Күн бұрынThe Cl0p ransomware gang likes to MOVEit, MOVEit! In this week's Threat SnapShot, we'll dig into a recent vulnerability (CVE-2023-34362) affecting the MOVEit Transfer application that has been widely exploited to exfiltrate sensitive data as well as deploy ransomware. We'll emulate some of the observed TTPs, including deploying a webshell as well as compiling a backdoor with csc.exe, and validate our detections. As always, we'll discuss detection and threat hunting strategies you can use to protect your organization, as well as link to some mitigation and remediation guidance should your organization be affected.
References:
- www.huntress.c...
- www.cisa.gov/n...
- imgflip.com/gi...
- www.mandiant.c...
- mandiant.widen...
SnapAttack Content:
- app.snapattack... - MOVEit TTPs (CVE-2023-34362)
- app.snapattack... - Detection: CVE-2023-34362 Process Pattern
- app.snapattack... - Detection: Possible MOVEit Webshell - CVE-2023-34362
- app.snapattack... - Detection: Webshell - human2.aspx HTTP Activity
- app.snapattack... - Detection: Suspicious ASP Temporary File
- app.snapattack... - Detection: MOVEit exploitation
@user-zu4ft8yw9e 5 ай бұрын
The stages involved in decoding CVE-2023-34362 include verification, assignment of a CVE ID, description creation, vetting process, and potential modification. Problems with this process can be addressed by ensuring accurate verification, thorough description, proper vetting, and timely reanalysis for any modifications.
@wingsofsuspensionlifts6814 Жыл бұрын
feels like 2005 sql injection? haha
@AnnieNelson-wo6bm Жыл бұрын
How do i get rid of it
@guysingstohiscat Жыл бұрын
Great video!
SnapAttack
Рет қаралды 677
Fabiosa Best Lifehacks
Рет қаралды 36 МЛН
SnapAttack
Рет қаралды 1,9 М.
SnapAttack
Рет қаралды 254