Description
One of the most recent examples of this onslaught lies in a critical vulnerability discovered in PHP (versions 8.1.*, before 8.1.29, 8.2.* before 8.2.20, and 8.3.* before 8.3.8). The vulnerability is caused by the way PHP and CGI handlers parse certain Unicode characters, which can enable an attacker to achieve remote code execution (RCE). This vulnerability is incredibly simple to exploit, and we have observed a wide variety of threat actors taking advantage of the flaw to target vulnerable devices.
Date
| Published | Created | Modified |
|---|---|---|
| July 11, 2024, 8:35 p.m. | July 11, 2024, 8:35 p.m. | July 12, 2024, 6:33 a.m. |
Indicators
redtail_miner
a646ebf85afa29ae1c77458c575b5e4b0b145d813db028435d33b522edccdc0e
9753df3ea4b9948c82310f64ff103685f78af85e3e08bb5f0d0d44047c63c315
19a06de9a8b66196fa6cc9e86824dee577e462cbeaf36d715c8fea5bcb08b54d
ab897157fdef11b267e986ef286fd44a699e3699a458d90994e020619653d2cd
0d70a044732a77957eaaf28d9574d75da54ae430d8ad2e4049bd182e13967a6f
2c602147c727621c5e98525466b8ea78832abe2c3de10f0b33ce9a4adea205eb
1ae2fef05798f0f27e9de76fcef0217f282090fab1ba750623ca36b413151434
9e28f942262805b5fb59f46568fed53fd4b7dbf6faf666bedaf6ff22dd416572
185.172.128.93
156.67.218.115
185.201.8.176
86.48.2.49
147.139.29.220
194.59.165.52
Attack Patterns
Muhstik
RedTail
Gh0st RAT
XMRig
T1120
T1091
T1571
T1547
T1082
T1057
T1071
T1027
T1112
T1056
T1003