Tag: godzilla

4 Attack Reports | 0 Vulnerabilities

Attack reports

Code injection attacks using publicly disclosed ASP.NET machine keys

An unattributed threat actor has been observed exploiting publicly disclosed ASP.NET machine keys to perform ViewState code injection attacks, delivering the Godzilla post-exploitation framework. Over 3,000 publicly disclosed keys have been identified as potentially vulnerable to this attack method…

post-exploitation

Published: February 6, 2025

Downloadable IOCs: 0

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Trend Micro researchers have identified a new attack vector exploiting CVE-2023-22527 in older versions of Atlassian Confluence Data Center and Server. The attack deploys an in-memory fileless backdoor known as the Godzilla webshell, which uses AES encryption for communication and remains memory-re…

remote code execution

atlassian confluence

fileless backdoor

Published: September 2, 2024

Downloadable IOCs: 0

A Dive into Latest Campaign

Earth Baku, an advanced persistent threat actor, has broadened its operations from the Indo-Pacific region to Europe, the Middle East, and Africa, targeting countries like Italy, Germany, UAE, and Qatar. The group leverages public-facing applications like IIS servers as entry points, deploying soph…

Published: August 9, 2024

Downloadable IOCs: 30

Analysis of Coin Miner Attack Case Against Domestic Web Server

ASEC has recently confirmed an attack on a domestic medical institution to install a coin miner. The web server that was targeted was a Windows IIS server, and the path name on which the web shell was uploaded suggests that it is a system with the Picture Archiving and Communication System (PACS) p…

Published: June 18, 2024

Downloadable IOCs: 10

Click here to see more Attack Reports