Attack Case against HFS (HTTP File Server) Server (Suspected CVE-2024-23692)
July 3, 2024, 11:54 a.m.
Description
A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute malicious commands on vulnerable systems. Various attack cases exploiting this vulnerability have been observed, leading to the installation of malware such as coin miners, RATs, backdoors, and information stealers. The attackers seem to be primarily Chinese-speaking threat actors.
Date
| Published | Created | Modified |
|---|---|---|
| July 3, 2024, 11:39 a.m. | July 3, 2024, 11:39 a.m. | July 3, 2024, 11:54 a.m. |
Indicators
0af21e5bdeaf84c33c172a1170987cca478c2b3e13a3de5653f724f36e278ee4
cbb265cfae15aa0f39bc67447aa82fc3ac40be6f9239a111e21e1532295eb4ed
188.116.22.65
185.173.93.167
121.204.249.123
154.201.87.185
164.155.205.99
http://support.firewallsupportservers.com:80
http://188.116.22.65:5000/submit
http://185.173.93.167:13306/WindowsWatcher.key
http://185.173.93.167:13306/Roboform.dll
http://121.204.249.123:8077/systeminfo.exe
http://121.204.249.123/2345.exe
Attack Patterns
GoThief
Gh0stRAT
XenoRAT
DestroyRAT
PlugX - S0013
Korplug
CobaltStrike
XMRig
T1089
T1018
T1136
T1012
T1021
T1070
T1106
T1082
T1057
T1105
T1083
T1047
T1569
T1134
T1027
T1053
T1190
T1072
T1059
CVE-2024-23692