Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-4577 Exploits in the Wild One Day After Disclosure

July 12, 2024, 6:33 a.m.

Description

One of the most recent examples of this onslaught lies in a critical vulnerability discovered in PHP (versions 8.1.*, before 8.1.29, 8.2.* before 8.2.20, and 8.3.* before 8.3.8). The vulnerability is caused by the way PHP and CGI handlers parse certain Unicode characters, which can enable an attacker to achieve remote code execution (RCE). This vulnerability is incredibly simple to exploit, and we have observed a wide variety of threat actors taking advantage of the flaw to target vulnerable devices.

Date

Published: July 11, 2024, 8:35 p.m.

Created: July 11, 2024, 8:35 p.m.

Modified: July 12, 2024, 6:33 a.m.

Indicators

redtail_miner

a646ebf85afa29ae1c77458c575b5e4b0b145d813db028435d33b522edccdc0e

9753df3ea4b9948c82310f64ff103685f78af85e3e08bb5f0d0d44047c63c315

19a06de9a8b66196fa6cc9e86824dee577e462cbeaf36d715c8fea5bcb08b54d

ab897157fdef11b267e986ef286fd44a699e3699a458d90994e020619653d2cd

0d70a044732a77957eaaf28d9574d75da54ae430d8ad2e4049bd182e13967a6f

2c602147c727621c5e98525466b8ea78832abe2c3de10f0b33ce9a4adea205eb

1ae2fef05798f0f27e9de76fcef0217f282090fab1ba750623ca36b413151434

9e28f942262805b5fb59f46568fed53fd4b7dbf6faf666bedaf6ff22dd416572

185.172.128.93

156.67.218.115

185.201.8.176

86.48.2.49

147.139.29.220

194.59.165.52

p.findmeatthe.top

p.deutschland-zahlung.eu

Attack Patterns

Muhstik

RedTail

Gh0st RAT

XMRig

T1120

T1091

T1571

T1547

T1082

T1057

T1071

T1027

T1112

T1056

T1003