Tue, Nov 14, 2023
CVE-2023-47246: SysAid On-Prem Software Zero-Day Vulnerability Exploited by CL0P Ransomware Group
IOCs:
Filename | Sha256 | Comment |
|---|---|---|
user.exe | b5acf14cdac40be590318dee95425d0746e85b1b7b1cbd14da66f21f2522bf4d | Malicious loader |
IP | Comment |
|---|---|
81.19.138[.]52 | GRACEWIRE Loader C2 |
45.182.189[.]100 | GRACEWIRE Loader C2 |
179.60.150[.]34 | COBALTSTRIKE C2 |
45.155.37[.]105 | Meshagent remote admin tool C2 |
Path | Comment |
|---|---|
C:\Program Files\SysAidServer\tomcat\webapps\usersfiles\user.exe | GRACEWIRE |
C:\Program Files\SysAidServer\tomcat\webapps\usersfiles.war | Archive of WebShells and tools used by the attacker |
C:\Program Files\SysAidServer\tomcat\webapps\leave | Used as a flag for the attacker scripts during execution |
Cyber Risk
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Cyber Threat Intelligence
Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll Responder MDR
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Malware Analysis and Reverse Engineering
Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.
Malware and Advanced Persistent Threat Detection
Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.
