From 3423e364f9a5e2e79a64762b840ebeecfa1acea5 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Sat, 14 Oct 2023 21:28:09 +0900 Subject: [PATCH] Auto Update 2023/10/14 12:28:09 --- 2014/CVE-2014-4210.json | 8 ++++---- 2016/CVE-2016-0638.json | 8 ++++---- 2017/CVE-2017-3248.json | 8 ++++---- 2017/CVE-2017-7269.json | 8 ++++---- 2018/CVE-2018-13382.json | 4 ++-- 2018/CVE-2018-2628.json | 8 ++++---- 2019/CVE-2019-2618.json | 16 ++++++++-------- 2020/CVE-2020-16898.json | 16 ++++++++-------- 2020/CVE-2020-2551.json | 8 ++++---- 2021/CVE-2021-1636.json | 8 ++++---- 2021/CVE-2021-34473.json | 8 ++++---- 2022/CVE-2022-21371.json | 8 ++++---- 2022/CVE-2022-22965.json | 8 ++++---- 2022/CVE-2022-26134.json | 8 ++++---- 2022/CVE-2022-30075.json | 8 ++++---- 2022/CVE-2022-38694.json | 2 +- 2022/CVE-2022-39952.json | 12 ++++++------ 2022/CVE-2022-40684.json | 8 ++++---- 2022/CVE-2022-46689.json | 40 ++++++++++++++++++++-------------------- 2023/CVE-2023-2023.json | 8 ++++---- 2023/CVE-2023-21608.json | 8 ++++---- 2023/CVE-2023-22515.json | 24 ++++++++++++------------ 2023/CVE-2023-23752.json | 8 ++++---- 2023/CVE-2023-25136.json | 8 ++++---- 2023/CVE-2023-27997.json | 8 ++++---- 2023/CVE-2023-28229.json | 8 ++++---- 2023/CVE-2023-36723.json | 8 ++++---- 2023/CVE-2023-36884.json | 8 ++++---- 2023/CVE-2023-3710.json | 30 ++++++++++++++++++++++++++++++ 2023/CVE-2023-38146.json | 2 +- 2023/CVE-2023-38840.json | 2 +- 2023/CVE-2023-42442.json | 38 ++++++++++++++++++++++++++++++++++---- 2023/CVE-2023-42820.json | 12 ++++++------ 2023/CVE-2023-44487.json | 22 +++++++++++----------- 2023/CVE-2023-4911.json | 8 ++++---- README.md | 2 ++ 36 files changed, 230 insertions(+), 168 deletions(-) diff --git a/2014/CVE-2014-4210.json b/2014/CVE-2014-4210.json index 1bfb425277..962f237510 100644 --- a/2014/CVE-2014-4210.json +++ b/2014/CVE-2014-4210.json @@ -43,10 +43,10 @@ "description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2023-10-14T05:41:41Z", + "updated_at": "2023-10-14T11:43:31Z", "pushed_at": "2022-07-17T12:41:46Z", - "stargazers_count": 1804, - "watchers_count": 1804, + "stargazers_count": 1805, + "watchers_count": 1805, "has_discussions": false, "forks_count": 335, "allow_forking": true, @@ -76,7 +76,7 @@ ], "visibility": "public", "forks": 335, - "watchers": 1804, + "watchers": 1805, "score": 0, "subscribers_count": 34 }, diff --git a/2016/CVE-2016-0638.json b/2016/CVE-2016-0638.json index 74426eb14c..e3eeca4b8c 100644 --- a/2016/CVE-2016-0638.json +++ b/2016/CVE-2016-0638.json @@ -13,10 +13,10 @@ "description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2023-10-14T05:41:41Z", + "updated_at": "2023-10-14T11:43:31Z", "pushed_at": "2022-07-17T12:41:46Z", - "stargazers_count": 1804, - "watchers_count": 1804, + "stargazers_count": 1805, + "watchers_count": 1805, "has_discussions": false, "forks_count": 335, "allow_forking": true, @@ -46,7 +46,7 @@ ], "visibility": "public", "forks": 335, - "watchers": 1804, + "watchers": 1805, "score": 0, "subscribers_count": 34 }, diff --git a/2017/CVE-2017-3248.json b/2017/CVE-2017-3248.json index 0befa7243d..3144e10069 100644 --- a/2017/CVE-2017-3248.json +++ b/2017/CVE-2017-3248.json @@ -43,10 +43,10 @@ "description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2023-10-14T05:41:41Z", + "updated_at": "2023-10-14T11:43:31Z", "pushed_at": "2022-07-17T12:41:46Z", - "stargazers_count": 1804, - "watchers_count": 1804, + "stargazers_count": 1805, + "watchers_count": 1805, "has_discussions": false, "forks_count": 335, "allow_forking": true, @@ -76,7 +76,7 @@ ], "visibility": "public", "forks": 335, - "watchers": 1804, + "watchers": 1805, "score": 0, "subscribers_count": 34 }, diff --git a/2017/CVE-2017-7269.json b/2017/CVE-2017-7269.json index e0514449d4..29d7a4c8c3 100644 --- a/2017/CVE-2017-7269.json +++ b/2017/CVE-2017-7269.json @@ -198,10 +198,10 @@ "description": "iis6 exploit 2017 CVE-2017-7269", "fork": false, "created_at": "2017-04-05T23:21:12Z", - "updated_at": "2023-09-28T10:40:28Z", + "updated_at": "2023-10-14T10:52:33Z", "pushed_at": "2023-02-04T09:09:35Z", - "stargazers_count": 76, - "watchers_count": 76, + "stargazers_count": 77, + "watchers_count": 77, "has_discussions": false, "forks_count": 57, "allow_forking": true, @@ -210,7 +210,7 @@ "topics": [], "visibility": "public", "forks": 57, - "watchers": 76, + "watchers": 77, "score": 0, "subscribers_count": 3 }, diff --git a/2018/CVE-2018-13382.json b/2018/CVE-2018-13382.json index e57ff4ae1b..ae492e88c4 100644 --- a/2018/CVE-2018-13382.json +++ b/2018/CVE-2018-13382.json @@ -18,13 +18,13 @@ "stargazers_count": 146, "watchers_count": 146, "has_discussions": false, - "forks_count": 57, + "forks_count": 58, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 57, + "forks": 58, "watchers": 146, "score": 0, "subscribers_count": 7 diff --git a/2018/CVE-2018-2628.json b/2018/CVE-2018-2628.json index 885645088d..00cba088d9 100644 --- a/2018/CVE-2018-2628.json +++ b/2018/CVE-2018-2628.json @@ -587,10 +587,10 @@ "description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2023-10-14T05:41:41Z", + "updated_at": "2023-10-14T11:43:31Z", "pushed_at": "2022-07-17T12:41:46Z", - "stargazers_count": 1804, - "watchers_count": 1804, + "stargazers_count": 1805, + "watchers_count": 1805, "has_discussions": false, "forks_count": 335, "allow_forking": true, @@ -620,7 +620,7 @@ ], "visibility": "public", "forks": 335, - "watchers": 1804, + "watchers": 1805, "score": 0, "subscribers_count": 34 }, diff --git a/2019/CVE-2019-2618.json b/2019/CVE-2019-2618.json index 1130a7704c..f9e5d0c050 100644 --- a/2019/CVE-2019-2618.json +++ b/2019/CVE-2019-2618.json @@ -103,10 +103,10 @@ "description": "增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618,CVE-2019-2729检测,Python3支持", "fork": false, "created_at": "2019-06-21T09:22:43Z", - "updated_at": "2023-09-28T11:03:16Z", + "updated_at": "2023-10-14T09:29:58Z", "pushed_at": "2020-04-26T10:49:25Z", - "stargazers_count": 918, - "watchers_count": 918, + "stargazers_count": 919, + "watchers_count": 919, "has_discussions": false, "forks_count": 180, "allow_forking": true, @@ -115,7 +115,7 @@ "topics": [], "visibility": "public", "forks": 180, - "watchers": 918, + "watchers": 919, "score": 0, "subscribers_count": 19 }, @@ -193,10 +193,10 @@ "description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2023-10-14T05:41:41Z", + "updated_at": "2023-10-14T11:43:31Z", "pushed_at": "2022-07-17T12:41:46Z", - "stargazers_count": 1804, - "watchers_count": 1804, + "stargazers_count": 1805, + "watchers_count": 1805, "has_discussions": false, "forks_count": 335, "allow_forking": true, @@ -226,7 +226,7 @@ ], "visibility": "public", "forks": 335, - "watchers": 1804, + "watchers": 1805, "score": 0, "subscribers_count": 34 } diff --git a/2020/CVE-2020-16898.json b/2020/CVE-2020-16898.json index 0e3c5881e7..b99ee4b835 100644 --- a/2020/CVE-2020-16898.json +++ b/2020/CVE-2020-16898.json @@ -13,10 +13,10 @@ "description": "CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP\/IP Vulnerability Detection Logic and Rule", "fork": false, "created_at": "2020-10-07T19:56:09Z", - "updated_at": "2023-09-28T11:20:56Z", + "updated_at": "2023-10-14T07:56:59Z", "pushed_at": "2020-10-26T10:15:32Z", - "stargazers_count": 207, - "watchers_count": 207, + "stargazers_count": 208, + "watchers_count": 208, "has_discussions": false, "forks_count": 29, "allow_forking": true, @@ -44,7 +44,7 @@ ], "visibility": "public", "forks": 29, - "watchers": 207, + "watchers": 208, "score": 0, "subscribers_count": 19 }, @@ -422,10 +422,10 @@ "description": "CVE-2020-16898 Windows TCP\/IP远程代码执行漏洞 EXP&POC", "fork": false, "created_at": "2020-10-28T11:25:58Z", - "updated_at": "2023-09-28T11:21:36Z", + "updated_at": "2023-10-14T07:10:51Z", "pushed_at": "2020-10-28T11:27:17Z", - "stargazers_count": 12, - "watchers_count": 12, + "stargazers_count": 13, + "watchers_count": 13, "has_discussions": false, "forks_count": 10, "allow_forking": true, @@ -434,7 +434,7 @@ "topics": [], "visibility": "public", "forks": 10, - "watchers": 12, + "watchers": 13, "score": 0, "subscribers_count": 3 } diff --git a/2020/CVE-2020-2551.json b/2020/CVE-2020-2551.json index 313c8e27e4..c7f86ad220 100644 --- a/2020/CVE-2020-2551.json +++ b/2020/CVE-2020-2551.json @@ -13,10 +13,10 @@ "description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2023-10-14T05:41:41Z", + "updated_at": "2023-10-14T11:43:31Z", "pushed_at": "2022-07-17T12:41:46Z", - "stargazers_count": 1804, - "watchers_count": 1804, + "stargazers_count": 1805, + "watchers_count": 1805, "has_discussions": false, "forks_count": 335, "allow_forking": true, @@ -46,7 +46,7 @@ ], "visibility": "public", "forks": 335, - "watchers": 1804, + "watchers": 1805, "score": 0, "subscribers_count": 34 }, diff --git a/2021/CVE-2021-1636.json b/2021/CVE-2021-1636.json index 2b1e18298c..fc3637a0f5 100644 --- a/2021/CVE-2021-1636.json +++ b/2021/CVE-2021-1636.json @@ -13,10 +13,10 @@ "description": " ​![​logo​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/ci-logo.png) ​#​ ​Ukraine-Cyber-Operations ​Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine. ([​Blog​](https:\/\/www.curatedintel.org\/2021\/08\/welcome.html) | [​Twitter​](https:\/\/twitter.com\/CuratedIntel) | [​LinkedIn​](https:\/\/www.linkedin.com\/company\/curatedintelligence\/)) ​![​timeline​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/uacyberopsv2.png) ​![​cyberwar​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/Russia-Ukraine%20Cyberwar.png) ​###​ ​Analyst Comments: ​-​ 2022-02-25 ​  ​-​ Creation of the initial repository to help organisations in Ukraine ​  ​-​ Added [​Threat Reports​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations#threat-reports) section ​  ​-​ Added [​Vendor Support​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations#vendor-support) section ​-​ 2022-02-26 ​  ​-​ Additional resources, chronologically ordered (h\/t Orange-CD) ​  ​-​ Added [​Vetted OSINT Sources​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations#vetted-osint-sources) section  ​  ​-​ Added [​Miscellaneous Resources​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations#miscellaneous-resources) section ​-​ 2022-02-27 ​  ​-​ Additional threat reports have been added ​  ​-​ Added [​Data Brokers​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/README.md#data-brokers) section ​  ​-​ Added [​Access Brokers​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/README.md#access-brokers) section ​-​ 2022-02-28 ​  ​-​ Added Russian Cyber Operations Against Ukraine Timeline by ETAC ​  ​-​ Added Vetted and Contextualized [​Indicators of Compromise (IOCs)​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/ETAC_Vetted_UkraineRussiaWar_IOCs.csv) by ETAC ​-​ 2022-03-01 ​  ​-​ Additional threat reports and resources have been added ​-​ 2022-03-02 ​  ​-​ Additional [​Indicators of Compromise (IOCs)​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/ETAC_Vetted_UkraineRussiaWar_IOCs.csv#L2011) have been added ​  ​-​ Added vetted [​YARA rule collection​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/tree\/main\/yara) from the Threat Reports by ETAC ​  ​-​ Added loosely-vetted [​IOC Threat Hunt Feeds​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/tree\/main\/KPMG-Egyde_Ukraine-Crisis_Feeds\/MISP-CSV_MediumConfidence_Filtered) by KPMG-Egyde CTI (h\/t [​0xDISREL​](https:\/\/twitter.com\/0xDISREL)) ​    ​-​ IOCs shared by these feeds are ​`LOW-TO-MEDIUM CONFIDENCE`​ we strongly recommend NOT adding them to a blocklist ​    ​-​ These could potentially be used for ​`THREAT HUNTING`​ and could be added to a ​`WATCHLIST` ​    ​-​ IOCs are generated in ​`MISP COMPATIBLE`​ CSV format ​-​ 2022-03-03 ​  ​-​ Additional threat reports and vendor support resources have been added ​  ​-​ Updated [​Log4Shell IOC Threat Hunt Feeds​](https:\/\/github.com\/curated-intel\/Log4Shell-IOCs\/tree\/main\/KPMG_Log4Shell_Feeds) by KPMG-Egyde CTI; not directly related to Ukraine, but still a widespread vulnerability. ​  ​-​ Added diagram of Russia-Ukraine Cyberwar Participants 2022 by ETAC ​  ​-​ Additional [​Indicators of Compromise (IOCs)​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/ETAC_Vetted_UkraineRussiaWar_IOCs.csv#L2042) have been added ​####​ ​`Threat Reports` ​| Date | Source | Threat(s) | URL | ​| --- | --- | --- | --- | ​| 14 JAN | SSU Ukraine | Website Defacements | [ssu.gov.ua](https:\/\/ssu.gov.ua\/novyny\/sbu-rozsliduie-prychetnist-rosiiskykh-spetssluzhb-do-sohodnishnoi-kiberataky-na-orhany-derzhavnoi-vlady-ukrainy)| ​| 15 JAN | Microsoft | WhisperGate wiper (DEV-0586) | [microsoft.com](https:\/\/www.microsoft.com\/security\/blog\/2022\/01\/15\/destructive-malware-targeting-ukrainian-organizations\/) | ​| 19 JAN | Elastic | WhisperGate wiper (Operation BleedingBear) | [elastic.github.io](https:\/\/elastic.github.io\/security-research\/malware\/2022\/01\/01.operation-bleeding-bear\/article\/) | ​| 31 JAN | Symantec | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [symantec-enterprise-blogs.security.com](https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/shuckworm-gamaredon-espionage-ukraine) | ​| 2 FEB | RaidForums | Access broker \"GodLevel\" offering Ukrainain algricultural exchange | RaidForums [not linked] | ​| 2 FEB | CERT-UA | UAC-0056 using SaintBot and OutSteel malware | [cert.gov.ua](https:\/\/cert.gov.ua\/article\/18419) | ​| 3 FEB | PAN Unit42 | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [unit42.paloaltonetworks.com](https:\/\/unit42.paloaltonetworks.com\/gamaredon-primitive-bear-ukraine-update-2021\/) | ​| 4 FEB | Microsoft | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [microsoft.com](https:\/\/www.microsoft.com\/security\/blog\/2022\/02\/04\/actinium-targets-ukrainian-organizations\/) | ​| 8 FEB | NSFOCUS | Lorec53 (aka UAC-0056, EmberBear, BleedingBear) | [nsfocusglobal.com](https:\/\/nsfocusglobal.com\/apt-retrospection-lorec53-an-active-russian-hack-group-launched-phishing-attacks-against-georgian-government) | ​| 15 FEB | CERT-UA | DDoS attacks against the name server of government websites as well as Oschadbank (State Savings Bank) & Privatbank (largest commercial bank). False SMS and e-mails to create panic | [cert.gov.ua](https:\/\/cert.gov.ua\/article\/37139) | ​| 23 FEB | The Daily Beast | Ukrainian troops receive threatening SMS messages | [thedailybeast.com](https:\/\/www.thedailybeast.com\/cyberattacks-hit-websites-and-psy-ops-sms-messages-targeting-ukrainians-ramp-up-as-russia-moves-into-ukraine) | ​| 23 FEB | UK NCSC | Sandworm\/VoodooBear (GRU) | [ncsc.gov.uk](https:\/\/www.ncsc.gov.uk\/files\/Joint-Sandworm-Advisory.pdf) | ​| 23 FEB | SentinelLabs | HermeticWiper | [sentinelone.com]( https:\/\/www.sentinelone.com\/labs\/hermetic-wiper-ukraine-under-attack\/ ) | ​| 24 FEB | ESET | HermeticWiper | [welivesecurity.com](https:\/\/www.welivesecurity.com\/2022\/02\/24\/hermeticwiper-new-data-wiping-malware-hits-ukraine\/) | ​| 24 FEB | Symantec | HermeticWiper, PartyTicket ransomware, CVE-2021-1636, unknown webshell | [symantec-enterprise-blogs.security.com](https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/ukraine-wiper-malware-russia) | ​| 24 FEB | Cisco Talos | HermeticWiper | [blog.talosintelligence.com](https:\/\/blog.talosintelligence.com\/2022\/02\/threat-advisory-hermeticwiper.html) | ​| 24 FEB | Zscaler | HermeticWiper | [zscaler.com](https:\/\/www.zscaler.com\/blogs\/security-research\/hermetic-wiper-resurgence-targeted-attacks-ukraine) | ​| 24 FEB | Cluster25 | HermeticWiper | [cluster25.io](https:\/\/cluster25.io\/2022\/02\/24\/ukraine-analysis-of-the-new-disk-wiping-malware\/) | ​| 24 FEB | CronUp | Data broker \"FreeCivilian\" offering multiple .gov.ua | [twitter.com\/1ZRR4H](https:\/\/twitter.com\/1ZRR4H\/status\/1496931721052311557)| ​| 24 FEB | RaidForums | Data broker \"Featherine\" offering diia.gov.ua | RaidForums [not linked] | ​| 24 FEB | DomainTools | Unknown scammers | [twitter.com\/SecuritySnacks](https:\/\/twitter.com\/SecuritySnacks\/status\/1496956492636905473?s=20&t=KCIX_1Ughc2Fs6Du-Av0Xw) | ​| 25 FEB | @500mk500 | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [twitter.com\/500mk500](https:\/\/twitter.com\/500mk500\/status\/1497339266329894920?s=20&t=opOtwpn82ztiFtwUbLkm9Q) | ​| 25 FEB | @500mk500 | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [twitter.com\/500mk500](https:\/\/twitter.com\/500mk500\/status\/1497208285472215042)| ​| 25 FEB | Microsoft | HermeticWiper | [gist.github.com](https:\/\/gist.github.com\/fr0gger\/7882fde2b1b271f9e886a4a9b6fb6b7f) | ​| 25 FEB | 360 NetLab | DDoS (Mirai, Gafgyt, IRCbot, Ripprbot, Moobot) | [blog.netlab.360.com](https:\/\/blog.netlab.360.com\/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days\/) | ​| 25 FEB | Conti [themselves] | Conti ransomware, BazarLoader | Conti News .onion [not linked] | ​| 25 FEB | CoomingProject [themselves] | Data Hostage Group | CoomingProject Telegram [not linked] | ​| 25 FEB | CERT-UA | UNC1151\/Ghostwriter (Belarus MoD) | [CERT-UA Facebook](https:\/\/facebook.com\/story.php?story_fbid=312939130865352&id=100064478028712)| ​| 25 FEB | Sekoia | UNC1151\/Ghostwriter (Belarus MoD) | [twitter.com\/sekoia_io](https:\/\/twitter.com\/sekoia_io\/status\/1497239319295279106) | ​| 25 FEB | @jaimeblascob | UNC1151\/Ghostwriter (Belarus MoD) | [twitter.com\/jaimeblasco](https:\/\/twitter.com\/jaimeblascob\/status\/1497242668627370009)| ​| 25 FEB | RISKIQ | UNC1151\/Ghostwriter (Belarus MoD) | [community.riskiq.com](https:\/\/community.riskiq.com\/article\/e3a7ceea\/) | ​| 25 FEB | MalwareHunterTeam | Unknown phishing | [twitter.com\/malwrhunterteam](https:\/\/twitter.com\/malwrhunterteam\/status\/1497235270416097287) | ​| 25 FEB | ESET | Unknown scammers | [twitter.com\/ESETresearch](https:\/\/twitter.com\/ESETresearch\/status\/1497194165561659394) | ​| 25 FEB | BitDefender | Unknown scammers | [blog.bitdefender.com](https:\/\/blog.bitdefender.com\/blog\/hotforsecurity\/cybercriminals-deploy-spam-campaign-as-tens-of-thousands-of-ukrainians-seek-refuge-in-neighboring-countries\/) | ​| 25 FEB | SSSCIP Ukraine | Unkown phishing | [twitter.com\/dsszzi](https:\/\/twitter.com\/dsszzi\/status\/1497103078029291522) | ​| 25 FEB | RaidForums | Data broker \"NetSec\"  offering FSB (likely SMTP accounts) | RaidForums [not linked] | ​| 25 FEB | Zscaler | PartyTicket decoy ransomware | [zscaler.com](https:\/\/www.zscaler.com\/blogs\/security-research\/technical-analysis-partyticket-ransomware) | ​| 25 FEB | INCERT GIE | Cyclops Blink, HermeticWiper | [linkedin.com](https:\/\/www.linkedin.com\/posts\/activity-6902989337210740736-XohK) [Login Required] | ​| 25 FEB | Proofpoint | UNC1151\/Ghostwriter (Belarus MoD) | [twitter.com\/threatinsight](https:\/\/twitter.com\/threatinsight\/status\/1497355737844133895?s=20&t=Ubi0tb_XxGCbHLnUoQVp8w) | ​| 25 FEB | @fr0gger_ | HermeticWiper capabilities Overview | [twitter.com\/fr0gger_](https:\/\/twitter.com\/fr0gger_\/status\/1497121876870832128?s=20&t=_296n0bPeUgdXleX02M9mg) ​| 26 FEB | BBC Journalist | A fake Telegram account claiming to be President Zelensky is posting dubious messages | [twitter.com\/shayan86](https:\/\/twitter.com\/shayan86\/status\/1497485340738785283?s=21) | ​| 26 FEB | CERT-UA | UNC1151\/Ghostwriter (Belarus MoD) | [CERT_UA Facebook](https:\/\/facebook.com\/story.php?story_fbid=313517477474184&id=100064478028712) | ​| 26 FEB | MHT and TRMLabs | Unknown scammers, linked to ransomware | [twitter.com\/joes_mcgill](https:\/\/twitter.com\/joes_mcgill\/status\/1497609555856932864?s=20&t=KCIX_1Ughc2Fs6Du-Av0Xw) | ​| 26 FEB | US CISA | WhisperGate wiper, HermeticWiper | [cisa.gov](https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-057a) | ​| 26 FEB | Bloomberg | Destructive malware (possibly HermeticWiper) deployed at Ukrainian Ministry of Internal Affairs & data stolen from Ukrainian telecommunications networks | [bloomberg.com](https:\/\/www.bloomberg.com\/news\/articles\/2022-02-26\/hackers-destroyed-data-at-key-ukraine-agency-before-invasion?sref=ylv224K8) | ​| 26 FEB | Vice Prime Minister of Ukraine | IT ARMY of Ukraine created to crowdsource offensive operations against Russian infrastructure | [twitter.com\/FedorovMykhailo](https:\/\/twitter.com\/FedorovMykhailo\/status\/1497642156076511233) | ​| 26 FEB | Yoroi | HermeticWiper | [yoroi.company](https:\/\/yoroi.company\/research\/diskkill-hermeticwiper-a-disruptive-cyber-weapon-targeting-ukraines-critical-infrastructures) | ​| 27 FEB | LockBit [themselves] | LockBit ransomware | LockBit .onion [not linked] |  ​| 27 FEB | ALPHV [themselves] | ALPHV ransomware | vHUMINT [closed source] | ​| 27 FEB | Mēris Botnet [themselves] | DDoS attacks | vHUMINT [closed source] | ​| 28 FEB | Horizon News [themselves] | Leak of China's Censorship Order about Ukraine | [TechARP](https:\/\/www-techarp-com.cdn.ampproject.org\/c\/s\/www.techarp.com\/internet\/chinese-media-leaks-ukraine-censor\/?amp=1)| ​| 28 FEB | Microsoft | FoxBlade (aka HermeticWiper) | [Microsoft](https:\/\/blogs.microsoft.com\/on-the-issues\/2022\/02\/28\/ukraine-russia-digital-war-cyberattacks\/?preview_id=65075) | ​| 28 FEB | @heymingwei | Potential BGP hijacks attempts against Ukrainian Internet Names Center | [https:\/\/twitter.com\/heymingwei](https:\/\/twitter.com\/heymingwei\/status\/1498362715198263300?s=20&t=Ju31gTurYc8Aq_yZMbvbxg) | ​| 28 FEB | @cyberknow20 | Stormous ransomware targets Ukraine Ministry of Foreign Affairs | [twitter.com\/cyberknow20](https:\/\/twitter.com\/cyberknow20\/status\/1498434090206314498?s=21) |  ​| 1 MAR | ESET | IsaacWiper and HermeticWizard | [welivesecurity.com](https:\/\/www.welivesecurity.com\/2022\/03\/01\/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine\/) | ​| 1 MAR | Proofpoint | Ukrainian armed service member's email compromised and sent malspam containing the SunSeed malware (likely TA445\/UNC1151\/Ghostwriter) | [proofpoint.com](https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails) | ​| 1 MAR | Elastic | HermeticWiper | [elastic.github.io](https:\/\/elastic.github.io\/security-research\/intelligence\/2022\/03\/01.hermeticwiper-targets-ukraine\/article\/) | ​| 1 MAR | CrowdStrike | PartyTicket (aka HermeticRansom), DriveSlayer (aka HermeticWiper) | [CrowdStrike](https:\/\/www.crowdstrike.com\/blog\/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine\/) | ​| 2 MAR | Zscaler | DanaBot operators launch DDoS attacks against the Ukrainian Ministry of Defense | [zscaler.com](https:\/\/www.zscaler.com\/blogs\/security-research\/danabot-launches-ddos-attack-against-ukrainian-ministry-defense) | ​| 3 MAR | @ShadowChasing1 | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [twitter.com\/ShadowChasing1](https:\/\/twitter.com\/ShadowChasing1\/status\/1499361093059153921) | ​| 3 MAR | @vxunderground | News website in Poland was reportedly compromised and the threat actor uploaded anti-Ukrainian propaganda | [twitter.com\/vxunderground](https:\/\/twitter.com\/vxunderground\/status\/1499374914758918151?s=20&t=jyy9Hnpzy-5P1gcx19bvIA) | ​| 3 MAR | @kylaintheburgh | Russian botnet on Twitter is pushing \"#istandwithputin\" and \"#istandwithrussia\" propaganda (in English) | [twitter.com\/kylaintheburgh](https:\/\/twitter.com\/kylaintheburgh\/status\/1499350578371067906?s=21) | ​| 3 MAR | @tracerspiff | UNC1151\/Ghostwriter (Belarus MoD) | [twitter.com](https:\/\/twitter.com\/tracerspiff\/status\/1499444876810854408?s=21) | ​####​ ​`Access Brokers` ​| Date | Threat(s) | Source | ​| --- | --- | --- | ​| 23 JAN | Access broker \"Mont4na\" offering UkrFerry | RaidForums [not linked] | ​| 23 JAN | Access broker \"Mont4na\" offering PrivatBank | RaidForums [not linked] | ​| 24 JAN | Access broker \"Mont4na\" offering DTEK | RaidForums [not linked] | ​| 27 FEB | KelvinSecurity Sharing list of IP cameras in Ukraine | vHUMINT [closed source] | ​| 28 FEB | \"w1nte4mute\" looking to buy access to UA and NATO countries (likely ransomware affiliate) | vHUMINT [closed source] | ​####​ ​`Data Brokers` ​| Threat Actor    | Type            | Observation                                                                                               | Validated | Relevance                     | Source                                                     | ​| --------------- | --------------- | --------------------------------------------------------------------------------------------------------- | --------- | ----------------------------- | ---------------------------------------------------------- | ​| aguyinachair    | UA data sharing | PII DB of ukraine.com (shared as part of a generic compilation)                                           | No        | TA discussion in past 90 days | ELeaks Forum \\[not linked\\]                                | ​| an3key          | UA data sharing | DB of Ministry of Communities and Territories Development of Ukraine (minregion\\[.\\]gov\\[.\\]ua)           | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| an3key          | UA data sharing | DB of Ukrainian Ministry of Internal Affairs (wanted\\[.\\]mvs\\[.\\]gov\\[.\\]ua)                              | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (40M) of PrivatBank customers (privatbank\\[.\\]ua)                                                  | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | DB of \"border crossing\" DBs of DPR and LPR                                                                | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (7.5M) of Ukrainian passports                                                                      | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB of Ukrainian car registration, license plates, Ukrainian traffic police records                    | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (2.1M) of Ukrainian citizens                                                                       | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (28M) of Ukrainian citizens (passports, drivers licenses, photos)                                  | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (1M) of Ukrainian postal\/courier service customers (novaposhta\\[.\\]ua)                             | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (10M) of Ukrainian telecom customers (vodafone\\[.\\]ua)                                             | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (3M) of Ukrainian telecom customers (lifecell\\[.\\]ua)                                              | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (13M) of Ukrainian telecom customers (kyivstar\\[.\\]ua)                                             | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| danieltx51      | UA data sharing | DB of Ministry of Foreign Affairs of Ukraine (mfa\\[.\\]gov\\[.\\]ua)                                         | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| DueDiligenceCIS | UA data sharing | PII DB (63M) of Ukrainian citizens (name, DOB, birth country, phone, TIN, passport, family, etc)          | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| Featherine      | UA data sharing | DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine              | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| FreeCivilian    | UA data sharing | DB of Ministry for Internal Affairs of Ukraine public data search engine (wanted\\[.\\]mvs\\[.\\]gov\\[.\\]ua)  | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| FreeCivilian    | UA data sharing | DB of Ministry for Communities and Territories Development of Ukraine (minregion\\[.\\]gov\\[.\\]ua)          | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| FreeCivilian    | UA data sharing | DB of Motor Insurance Bureau of Ukraine (mtsbu\\[.\\]ua)                                                    | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| FreeCivilian    | UA data sharing | PII DB of Ukrainian digital-medicine provider (medstar\\[.\\]ua)                                            | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| FreeCivilian    | UA data sharing | DB of ticket.kyivcity.gov.ua                                                                              | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of id.kyivcity.gov.ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of my.kyivcity.gov.ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of portal.kyivcity.gov.ua                                                                              | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of anti-violence-map.msp.gov.ua                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dopomoga.msp.gov.ua                                                                                 | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of e-services.msp.gov.ua                                                                               | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of edu.msp.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of education.msp.gov.ua                                                                                | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of ek-cbi.msp.gov.ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mail.msp.gov.ua                                                                                     | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of portal-gromady.msp.gov.ua                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of web-minsoc.msp.gov.ua                                                                               | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of wcs-wim.dsbt.gov.ua                                                                                 | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of bdr.mvs.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of motorsich.com                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dsns.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mon.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of minagro.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of zt.gov.ua                                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of kmu.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mvs.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dsbt.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of forest.gov.ua                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of nkrzi.gov.ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dabi.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of comin.gov.ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dp.dpss.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of esbu.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mms.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mova.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mspu.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of nads.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of reintegration.gov.ua                                                                                | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of sies.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of sport.gov.ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mepr.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mfa.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of va.gov.ua                                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mtu.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of cg.mvs.gov.ua                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of ch-tmo.mvs.gov.ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of cp.mvs.gov.ua                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of cpd.mvs.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of hutirvilnij-mrc.mvs.gov.ua                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dndekc.mvs.gov.ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of visnyk.dndekc.mvs.gov.ua                                                                            | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dpvs.hsc.gov.ua                                                                                     | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of odk.mvs.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of e-driver\\[.\\]hsc\\[.\\]gov\\[.\\]ua                                                                     | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of wanted\\[.\\]mvs\\[.\\]gov\\[.\\]ua                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of minregeion\\[.\\]gov\\[.\\]ua                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of health\\[.\\]mia\\[.\\]solutions                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mtsbu\\[.\\]ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of motorsich\\[.\\]com                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of kyivcity\\[.\\]com                                                                                    | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of bdr\\[.\\]mvs\\[.\\]gov\\[.\\]ua                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of gkh\\[.\\]in\\[.\\]ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of kmu\\[.\\]gov\\[.\\]ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mon\\[.\\]gov\\[.\\]ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of minagro\\[.\\]gov\\[.\\]ua                                                                              | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mfa\\[.\\]gov\\[.\\]ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| Intel\\_Data     | UA data sharing | PII DB (56M) of Ukrainian Citizens                                                                        | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| Kristina        | UA data sharing | DB of Ukrainian National Police (mvs\\[.\\]gov\\[.\\]ua)                                                      | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| NetSec          | UA data sharing | PII DB (53M) of Ukrainian citizens                                                                        | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| Psycho\\_Killer  | UA data sharing | PII DB (56M) of Ukrainian Citizens                                                                        | No        | TA discussion in past 90 days | Exploit Forum .onion \\[not linked\\]                        | ​| Sp333           | UA data sharing | PII DB of Ukrainian and Russian interpreters, translators, and tour guides                                | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| Vaticano        | UA data sharing | DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine \\[copy\\]     | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| Vaticano        | UA data sharing | DB of Ministry for Communities and Territories Development of Ukraine (minregion\\[.\\]gov\\[.\\]ua) \\[copy\\] | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​####​ ​`Vendor Support` ​| Vendor | Offering | URL | ​| --- | --- | --- | ​| Dragos | Access to Dragos service if from US\/UK\/ANZ and in need of ICS cybersecurity support | [twitter.com\/RobertMLee](https:\/\/twitter.com\/RobertMLee\/status\/1496862093588455429) | ​| GreyNoise |  Any and all `Ukrainian` emails registered to GreyNoise have been upgraded to VIP which includes full, uncapped enterprise access to all GreyNoise products | [twitter.com\/Andrew___Morris](https:\/\/twitter.com\/Andrew___Morris\/status\/1496923545712091139) | ​| Recorded Future | Providing free intelligence-driven insights, perspectives, and mitigation strategies as the situation in Ukraine evolves| [recordedfuture.com](https:\/\/www.recordedfuture.com\/ukraine\/) | ​| Flashpoint | Free Access to Flashpoint’s Latest Threat Intel on Ukraine | [go.flashpoint-intel.com](https:\/\/go.flashpoint-intel.com\/trial\/access\/30days) | ​| ThreatABLE | A Ukraine tag for free threat intelligence feed that's more highly curated to cyber| [twitter.com\/threatable](https:\/\/twitter.com\/threatable\/status\/1497233721803644950) | ​| Orange | IOCs related to Russia-Ukraine 2022 conflict extracted from our Datalake Threat Intelligence platform. | [github.com\/Orange-Cyberdefense](https:\/\/github.com\/Orange-Cyberdefense\/russia-ukraine_IOCs)| ​| FSecure | F-Secure FREEDOME VPN is now available for free in all of Ukraine | [twitter.com\/FSecure](https:\/\/twitter.com\/FSecure\/status\/1497248407303462960) | ​| Multiple vendors | List of vendors offering their services to Ukraine for free, put together by [@chrisculling](https:\/\/twitter.com\/chrisculling\/status\/1497023038323404803) | [docs.google.com\/spreadsheets](https:\/\/docs.google.com\/spreadsheets\/d\/18WYY9p1_DLwB6dnXoiiOAoWYD8X0voXtoDl_ZQzjzUQ\/edit#gid=0) | ​| Mandiant | Free threat intelligence, webinar and guidance for defensive measures relevant to the situation in Ukraine. | [mandiant.com](https:\/\/www.mandiant.com\/resources\/insights\/ukraine-crisis-resource-center) | ​| Starlink | Satellite internet constellation operated by SpaceX providing satellite Internet access coverage to Ukraine | [twitter.com\/elonmusk](https:\/\/twitter.com\/elonmusk\/status\/1497701484003213317) | ​| Romania DNSC | Romania’s DNSC – in partnership with Bitdefender – will provide technical consulting, threat intelligence and, free of charge, cybersecurity technology to any business, government institution or private citizen of Ukraine for as long as it is necessary. | [Romania's DNSC Press Release](https:\/\/dnsc.ro\/citeste\/press-release-dnsc-and-bitdefender-work-together-in-support-of-ukraine)| ​| BitDefender | Access to Bitdefender technical consulting, threat intelligence and both consumer and enterprise cybersecurity technology | [bitdefender.com\/ukraine\/](https:\/\/www.bitdefender.com\/ukraine\/) | ​| NameCheap | Free anonymous hosting and domain name registration to any anti-Putin anti-regime and protest websites for anyone located within Russia and Belarus | [twitter.com\/Namecheap](https:\/\/twitter.com\/Namecheap\/status\/1498998414020861953) | ​| Avast | Free decryptor for PartyTicket ransomware | [decoded.avast.io](https:\/\/decoded.avast.io\/threatresearch\/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware\/) |  ​####​ ​`Vetted OSINT Sources` ​| Handle | Affiliation | ​| --- | --- | ​| [@KyivIndependent](https:\/\/twitter.com\/KyivIndependent) | English-language journalism in Ukraine | ​| [@IAPonomarenko](https:\/\/twitter.com\/IAPonomarenko) | Defense reporter with The Kyiv Independent | ​| [@KyivPost](https:\/\/twitter.com\/KyivPost) | English-language journalism in Ukraine | ​| [@Shayan86](https:\/\/twitter.com\/Shayan86) | BBC World News Disinformation journalist | ​| [@Liveuamap](https:\/\/twitter.com\/Liveuamap) | Live Universal Awareness Map (“Liveuamap”) independent global news and information site | ​| [@DAlperovitch](https:\/\/twitter.com\/DAlperovitch) | The Alperovitch Institute for Cybersecurity Studies, Founder & Former CTO of CrowdStrike | ​| [@COUPSURE](https:\/\/twitter.com\/COUPSURE) | OSINT investigator for Centre for Information Resilience | ​| [@netblocks](https:\/\/twitter.com\/netblocks) | London-based Internet's Observatory | ​####​ ​`Miscellaneous Resources` ​| Source | URL | Content | ​| --- | --- | --- | ​| PowerOutages.com | https:\/\/poweroutage.com\/ua | Tracking PowerOutages across Ukraine | ​| Monash IP Observatory | https:\/\/twitter.com\/IP_Observatory | Tracking IP address outages across Ukraine | ​| Project Owl Discord | https:\/\/discord.com\/invite\/projectowl | Tracking foreign policy, geopolitical events, military and governments, using a Discord-based crowdsourced approach, with a current emphasis on Ukraine and Russia | ​| russianwarchatter.info | https:\/\/www.russianwarchatter.info\/ | Known Russian Military Radio Frequencies |", "fork": false, "created_at": "2022-03-04T09:00:59Z", - "updated_at": "2023-10-10T19:28:50Z", + "updated_at": "2023-10-14T09:47:06Z", "pushed_at": "2022-03-04T09:03:14Z", - "stargazers_count": 5, - "watchers_count": 5, + "stargazers_count": 6, + "watchers_count": 6, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 5, + "watchers": 6, "score": 0, "subscribers_count": 0 } diff --git a/2021/CVE-2021-34473.json b/2021/CVE-2021-34473.json index 1ac9f80d0c..0c7152d02b 100644 --- a/2021/CVE-2021-34473.json +++ b/2021/CVE-2021-34473.json @@ -103,10 +103,10 @@ "description": "Proof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207", "fork": false, "created_at": "2021-09-04T15:34:03Z", - "updated_at": "2023-10-04T15:58:02Z", + "updated_at": "2023-10-14T07:37:31Z", "pushed_at": "2023-08-25T22:42:24Z", - "stargazers_count": 90, - "watchers_count": 90, + "stargazers_count": 89, + "watchers_count": 89, "has_discussions": false, "forks_count": 35, "allow_forking": true, @@ -115,7 +115,7 @@ "topics": [], "visibility": "public", "forks": 35, - "watchers": 90, + "watchers": 89, "score": 0, "subscribers_count": 3 }, diff --git a/2022/CVE-2022-21371.json b/2022/CVE-2022-21371.json index 2c33d6405c..cc450f3c4a 100644 --- a/2022/CVE-2022-21371.json +++ b/2022/CVE-2022-21371.json @@ -43,10 +43,10 @@ "description": "Oracle WebLogic CVE-2022-21371", "fork": false, "created_at": "2022-08-25T14:12:33Z", - "updated_at": "2023-09-28T11:42:12Z", + "updated_at": "2023-10-14T07:28:48Z", "pushed_at": "2022-08-31T19:59:45Z", - "stargazers_count": 16, - "watchers_count": 16, + "stargazers_count": 17, + "watchers_count": 17, "has_discussions": false, "forks_count": 8, "allow_forking": true, @@ -55,7 +55,7 @@ "topics": [], "visibility": "public", "forks": 8, - "watchers": 16, + "watchers": 17, "score": 0, "subscribers_count": 2 } diff --git a/2022/CVE-2022-22965.json b/2022/CVE-2022-22965.json index a0605544fe..8cce70c927 100644 --- a/2022/CVE-2022-22965.json +++ b/2022/CVE-2022-22965.json @@ -13,10 +13,10 @@ "description": "Spring4Shell Proof Of Concept\/And vulnerable application CVE-2022-22965", "fork": false, "created_at": "2022-03-30T07:54:45Z", - "updated_at": "2023-10-13T12:47:12Z", + "updated_at": "2023-10-14T07:02:02Z", "pushed_at": "2022-11-09T15:46:06Z", - "stargazers_count": 338, - "watchers_count": 338, + "stargazers_count": 339, + "watchers_count": 339, "has_discussions": false, "forks_count": 107, "allow_forking": true, @@ -34,7 +34,7 @@ ], "visibility": "public", "forks": 107, - "watchers": 338, + "watchers": 339, "score": 0, "subscribers_count": 18 }, diff --git a/2022/CVE-2022-26134.json b/2022/CVE-2022-26134.json index 5c254c1d24..a5a3a2a06a 100644 --- a/2022/CVE-2022-26134.json +++ b/2022/CVE-2022-26134.json @@ -13,10 +13,10 @@ "description": "【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。", "fork": false, "created_at": "2022-05-31T07:44:01Z", - "updated_at": "2023-10-13T02:58:53Z", + "updated_at": "2023-10-14T09:03:56Z", "pushed_at": "2023-02-26T14:06:05Z", - "stargazers_count": 1049, - "watchers_count": 1049, + "stargazers_count": 1050, + "watchers_count": 1050, "has_discussions": true, "forks_count": 180, "allow_forking": true, @@ -45,7 +45,7 @@ ], "visibility": "public", "forks": 180, - "watchers": 1049, + "watchers": 1050, "score": 0, "subscribers_count": 18 }, diff --git a/2022/CVE-2022-30075.json b/2022/CVE-2022-30075.json index 168d9ffa38..f2a3438187 100644 --- a/2022/CVE-2022-30075.json +++ b/2022/CVE-2022-30075.json @@ -13,10 +13,10 @@ "description": "Tp-Link Archer AX50 Authenticated RCE (CVE-2022-30075)", "fork": false, "created_at": "2022-06-07T23:26:47Z", - "updated_at": "2023-10-10T20:16:33Z", + "updated_at": "2023-10-14T07:38:27Z", "pushed_at": "2022-11-20T03:03:53Z", - "stargazers_count": 202, - "watchers_count": 202, + "stargazers_count": 201, + "watchers_count": 201, "has_discussions": false, "forks_count": 49, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 49, - "watchers": 202, + "watchers": 201, "score": 0, "subscribers_count": 3 }, diff --git a/2022/CVE-2022-38694.json b/2022/CVE-2022-38694.json index d8de5d8893..a8896655f9 100644 --- a/2022/CVE-2022-38694.json +++ b/2022/CVE-2022-38694.json @@ -14,7 +14,7 @@ "fork": false, "created_at": "2023-06-10T08:31:26Z", "updated_at": "2023-10-13T13:44:32Z", - "pushed_at": "2023-10-14T06:10:44Z", + "pushed_at": "2023-10-14T08:02:40Z", "stargazers_count": 102, "watchers_count": 102, "has_discussions": false, diff --git a/2022/CVE-2022-39952.json b/2022/CVE-2022-39952.json index 9ac02fdab0..e39ee8c30b 100644 --- a/2022/CVE-2022-39952.json +++ b/2022/CVE-2022-39952.json @@ -13,19 +13,19 @@ "description": "POC for CVE-2022-39952", "fork": false, "created_at": "2023-02-20T15:12:33Z", - "updated_at": "2023-10-05T19:11:54Z", + "updated_at": "2023-10-14T07:31:47Z", "pushed_at": "2023-02-25T08:52:03Z", - "stargazers_count": 269, - "watchers_count": 269, + "stargazers_count": 268, + "watchers_count": 268, "has_discussions": false, - "forks_count": 57, + "forks_count": 58, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 57, - "watchers": 269, + "forks": 58, + "watchers": 268, "score": 0, "subscribers_count": 9 }, diff --git a/2022/CVE-2022-40684.json b/2022/CVE-2022-40684.json index 8c07483cc1..28c16ea418 100644 --- a/2022/CVE-2022-40684.json +++ b/2022/CVE-2022-40684.json @@ -13,10 +13,10 @@ "description": "A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager", "fork": false, "created_at": "2022-10-13T14:24:12Z", - "updated_at": "2023-10-12T19:49:41Z", + "updated_at": "2023-10-14T07:37:52Z", "pushed_at": "2022-10-13T15:25:00Z", - "stargazers_count": 326, - "watchers_count": 326, + "stargazers_count": 325, + "watchers_count": 325, "has_discussions": false, "forks_count": 98, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 98, - "watchers": 326, + "watchers": 325, "score": 0, "subscribers_count": 8 }, diff --git a/2022/CVE-2022-46689.json b/2022/CVE-2022-46689.json index bda1b0cd0c..d254386680 100644 --- a/2022/CVE-2022-46689.json +++ b/2022/CVE-2022-46689.json @@ -13,10 +13,10 @@ "description": "Get root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple's XNU source.", "fork": false, "created_at": "2022-12-17T16:45:24Z", - "updated_at": "2023-10-11T16:05:33Z", + "updated_at": "2023-10-14T07:33:27Z", "pushed_at": "2022-12-21T17:53:19Z", - "stargazers_count": 369, - "watchers_count": 369, + "stargazers_count": 368, + "watchers_count": 368, "has_discussions": false, "forks_count": 32, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 32, - "watchers": 369, + "watchers": 368, "score": 0, "subscribers_count": 11 }, @@ -43,10 +43,10 @@ "description": "CVE-2022-46689", "fork": false, "created_at": "2022-12-26T00:08:55Z", - "updated_at": "2023-09-27T02:43:40Z", + "updated_at": "2023-10-14T07:39:49Z", "pushed_at": "2023-10-10T16:53:48Z", - "stargazers_count": 110, - "watchers_count": 110, + "stargazers_count": 111, + "watchers_count": 111, "has_discussions": false, "forks_count": 4, "allow_forking": true, @@ -55,7 +55,7 @@ "topics": [], "visibility": "public", "forks": 4, - "watchers": 110, + "watchers": 111, "score": 0, "subscribers_count": 7 }, @@ -73,10 +73,10 @@ "description": "Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.", "fork": false, "created_at": "2022-12-26T06:56:35Z", - "updated_at": "2023-10-08T07:37:34Z", + "updated_at": "2023-10-14T07:58:56Z", "pushed_at": "2023-08-02T09:35:14Z", - "stargazers_count": 843, - "watchers_count": 843, + "stargazers_count": 844, + "watchers_count": 844, "has_discussions": false, "forks_count": 72, "allow_forking": true, @@ -85,7 +85,7 @@ "topics": [], "visibility": "public", "forks": 72, - "watchers": 843, + "watchers": 844, "score": 0, "subscribers_count": 26 }, @@ -133,10 +133,10 @@ "description": "CVE-2022-46689", "fork": false, "created_at": "2023-01-03T21:46:37Z", - "updated_at": "2023-08-12T16:46:18Z", + "updated_at": "2023-10-14T07:59:09Z", "pushed_at": "2023-01-19T08:04:02Z", - "stargazers_count": 57, - "watchers_count": 57, + "stargazers_count": 58, + "watchers_count": 58, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -145,7 +145,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 57, + "watchers": 58, "score": 0, "subscribers_count": 2 }, @@ -163,10 +163,10 @@ "description": "CVE-2022-46689", "fork": false, "created_at": "2023-01-04T05:08:20Z", - "updated_at": "2023-10-13T08:35:11Z", + "updated_at": "2023-10-14T07:40:00Z", "pushed_at": "2023-01-19T08:12:40Z", - "stargazers_count": 41, - "watchers_count": 41, + "stargazers_count": 42, + "watchers_count": 42, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -175,7 +175,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 41, + "watchers": 42, "score": 0, "subscribers_count": 3 }, diff --git a/2023/CVE-2023-2023.json b/2023/CVE-2023-2023.json index 458b607bc7..fc1489a2b3 100644 --- a/2023/CVE-2023-2023.json +++ b/2023/CVE-2023-2023.json @@ -43,10 +43,10 @@ "description": "HW2023@POC@EXP@CVE-2023-2023", "fork": false, "created_at": "2023-08-13T05:54:17Z", - "updated_at": "2023-10-12T02:34:01Z", + "updated_at": "2023-10-14T07:43:47Z", "pushed_at": "2023-09-04T02:47:29Z", - "stargazers_count": 40, - "watchers_count": 40, + "stargazers_count": 41, + "watchers_count": 41, "has_discussions": false, "forks_count": 17, "allow_forking": true, @@ -55,7 +55,7 @@ "topics": [], "visibility": "public", "forks": 17, - "watchers": 40, + "watchers": 41, "score": 0, "subscribers_count": 0 } diff --git a/2023/CVE-2023-21608.json b/2023/CVE-2023-21608.json index a4667b3b4b..5acce8b48f 100644 --- a/2023/CVE-2023-21608.json +++ b/2023/CVE-2023-21608.json @@ -13,10 +13,10 @@ "description": "Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit", "fork": false, "created_at": "2023-01-30T12:57:48Z", - "updated_at": "2023-10-13T09:57:49Z", + "updated_at": "2023-10-14T09:15:03Z", "pushed_at": "2023-02-27T04:51:20Z", - "stargazers_count": 254, - "watchers_count": 254, + "stargazers_count": 255, + "watchers_count": 255, "has_discussions": false, "forks_count": 58, "allow_forking": true, @@ -35,7 +35,7 @@ ], "visibility": "public", "forks": 58, - "watchers": 254, + "watchers": 255, "score": 0, "subscribers_count": 5 }, diff --git a/2023/CVE-2023-22515.json b/2023/CVE-2023-22515.json index bd0c397c9c..eefdd4f5a6 100644 --- a/2023/CVE-2023-22515.json +++ b/2023/CVE-2023-22515.json @@ -78,7 +78,7 @@ "stargazers_count": 41, "watchers_count": 41, "has_discussions": false, - "forks_count": 9, + "forks_count": 10, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -93,7 +93,7 @@ "vulnerability" ], "visibility": "public", - "forks": 9, + "forks": 10, "watchers": 41, "score": 0, "subscribers_count": 1 @@ -112,19 +112,19 @@ "description": "Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具", "fork": false, "created_at": "2023-10-11T08:42:17Z", - "updated_at": "2023-10-14T06:25:08Z", + "updated_at": "2023-10-14T11:20:11Z", "pushed_at": "2023-10-12T02:21:47Z", - "stargazers_count": 44, - "watchers_count": 44, + "stargazers_count": 50, + "watchers_count": 50, "has_discussions": false, - "forks_count": 2, + "forks_count": 3, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 2, - "watchers": 44, + "forks": 3, + "watchers": 50, "score": 0, "subscribers_count": 2 }, @@ -244,10 +244,10 @@ "description": "Confluence Broken Access Control", "fork": false, "created_at": "2023-10-13T08:19:07Z", - "updated_at": "2023-10-13T08:19:07Z", + "updated_at": "2023-10-14T09:17:41Z", "pushed_at": "2023-10-13T08:23:22Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -256,7 +256,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 0, + "watchers": 2, "score": 0, "subscribers_count": 1 }, diff --git a/2023/CVE-2023-23752.json b/2023/CVE-2023-23752.json index 772386c527..bba6942ca4 100644 --- a/2023/CVE-2023-23752.json +++ b/2023/CVE-2023-23752.json @@ -106,10 +106,10 @@ "description": " Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.", "fork": false, "created_at": "2023-02-20T10:30:17Z", - "updated_at": "2023-02-22T09:59:00Z", + "updated_at": "2023-10-14T07:30:50Z", "pushed_at": "2023-02-20T10:43:20Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -118,7 +118,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0, "subscribers_count": 1 }, diff --git a/2023/CVE-2023-25136.json b/2023/CVE-2023-25136.json index d906573980..37d6447080 100644 --- a/2023/CVE-2023-25136.json +++ b/2023/CVE-2023-25136.json @@ -73,10 +73,10 @@ "description": "OpenSSH 9.1 vulnerability mass scan and exploit", "fork": false, "created_at": "2023-02-22T19:44:08Z", - "updated_at": "2023-09-28T11:45:16Z", + "updated_at": "2023-10-14T07:31:58Z", "pushed_at": "2023-03-07T10:43:36Z", - "stargazers_count": 104, - "watchers_count": 104, + "stargazers_count": 103, + "watchers_count": 103, "has_discussions": false, "forks_count": 23, "allow_forking": true, @@ -85,7 +85,7 @@ "topics": [], "visibility": "public", "forks": 23, - "watchers": 104, + "watchers": 103, "score": 0, "subscribers_count": 2 }, diff --git a/2023/CVE-2023-27997.json b/2023/CVE-2023-27997.json index 3a9b869e27..ccf9ce7928 100644 --- a/2023/CVE-2023-27997.json +++ b/2023/CVE-2023-27997.json @@ -223,10 +223,10 @@ "description": "xortigate-cve-2023-27997", "fork": false, "created_at": "2023-10-12T16:12:41Z", - "updated_at": "2023-10-13T20:02:01Z", + "updated_at": "2023-10-14T09:57:58Z", "pushed_at": "2023-10-12T16:17:23Z", - "stargazers_count": 20, - "watchers_count": 20, + "stargazers_count": 21, + "watchers_count": 21, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -235,7 +235,7 @@ "topics": [], "visibility": "public", "forks": 3, - "watchers": 20, + "watchers": 21, "score": 0, "subscribers_count": 3 }, diff --git a/2023/CVE-2023-28229.json b/2023/CVE-2023-28229.json index c0cff1ae0d..98ffc2dbaa 100644 --- a/2023/CVE-2023-28229.json +++ b/2023/CVE-2023-28229.json @@ -13,10 +13,10 @@ "description": null, "fork": false, "created_at": "2023-09-04T07:48:13Z", - "updated_at": "2023-10-13T08:22:00Z", + "updated_at": "2023-10-14T09:15:55Z", "pushed_at": "2023-09-04T07:51:58Z", - "stargazers_count": 103, - "watchers_count": 103, + "stargazers_count": 104, + "watchers_count": 104, "has_discussions": false, "forks_count": 26, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 26, - "watchers": 103, + "watchers": 104, "score": 0, "subscribers_count": 2 } diff --git a/2023/CVE-2023-36723.json b/2023/CVE-2023-36723.json index cdb812979f..a72348bded 100644 --- a/2023/CVE-2023-36723.json +++ b/2023/CVE-2023-36723.json @@ -13,10 +13,10 @@ "description": null, "fork": false, "created_at": "2023-09-28T21:20:23Z", - "updated_at": "2023-10-14T02:56:48Z", + "updated_at": "2023-10-14T10:22:42Z", "pushed_at": "2023-10-10T17:29:32Z", - "stargazers_count": 48, - "watchers_count": 48, + "stargazers_count": 49, + "watchers_count": 49, "has_discussions": false, "forks_count": 10, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 10, - "watchers": 48, + "watchers": 49, "score": 0, "subscribers_count": 1 } diff --git a/2023/CVE-2023-36884.json b/2023/CVE-2023-36884.json index 1c23f8503b..db3c6c4ade 100644 --- a/2023/CVE-2023-36884.json +++ b/2023/CVE-2023-36884.json @@ -261,10 +261,10 @@ "description": "MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit", "fork": false, "created_at": "2023-09-28T11:53:44Z", - "updated_at": "2023-10-13T06:12:44Z", + "updated_at": "2023-10-14T10:52:09Z", "pushed_at": "2023-10-12T07:07:18Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "has_discussions": false, "forks_count": 5, "allow_forking": true, @@ -273,7 +273,7 @@ "topics": [], "visibility": "public", "forks": 5, - "watchers": 4, + "watchers": 5, "score": 0, "subscribers_count": 1 } diff --git a/2023/CVE-2023-3710.json b/2023/CVE-2023-3710.json index 6af69e0d71..7c7b2b5d2a 100644 --- a/2023/CVE-2023-3710.json +++ b/2023/CVE-2023-3710.json @@ -32,5 +32,35 @@ "watchers": 0, "score": 0, "subscribers_count": 1 + }, + { + "id": 704890581, + "name": "CVE-2023-3710", + "full_name": "Mahdi22228\/CVE-2023-3710", + "owner": { + "login": "Mahdi22228", + "id": 123639864, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/123639864?v=4", + "html_url": "https:\/\/github.com\/Mahdi22228" + }, + "html_url": "https:\/\/github.com\/Mahdi22228\/CVE-2023-3710", + "description": null, + "fork": false, + "created_at": "2023-10-14T12:18:15Z", + "updated_at": "2023-10-14T12:18:15Z", + "pushed_at": "2023-10-14T12:18:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2023/CVE-2023-38146.json b/2023/CVE-2023-38146.json index 22d5e31da7..7dacc2849a 100644 --- a/2023/CVE-2023-38146.json +++ b/2023/CVE-2023-38146.json @@ -44,7 +44,7 @@ "fork": false, "created_at": "2023-10-13T15:33:42Z", "updated_at": "2023-10-13T15:38:38Z", - "pushed_at": "2023-10-13T15:39:13Z", + "pushed_at": "2023-10-14T08:33:49Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2023/CVE-2023-38840.json b/2023/CVE-2023-38840.json index 4ca9b77d3c..8230f85b13 100644 --- a/2023/CVE-2023-38840.json +++ b/2023/CVE-2023-38840.json @@ -13,7 +13,7 @@ "description": "A proof-of-concept for (CVE-2023-38840) that extracts plaintext master passwords from a locked Bitwarden vault.", "fork": false, "created_at": "2022-09-18T21:03:07Z", - "updated_at": "2023-10-03T18:37:54Z", + "updated_at": "2023-10-14T10:21:36Z", "pushed_at": "2023-10-03T18:32:14Z", "stargazers_count": 37, "watchers_count": 37, diff --git a/2023/CVE-2023-42442.json b/2023/CVE-2023-42442.json index 2f87a22c0b..785c6f7fec 100644 --- a/2023/CVE-2023-42442.json +++ b/2023/CVE-2023-42442.json @@ -13,10 +13,10 @@ "description": null, "fork": false, "created_at": "2023-09-27T05:09:20Z", - "updated_at": "2023-10-10T16:55:16Z", + "updated_at": "2023-10-14T10:02:25Z", "pushed_at": "2023-10-12T05:03:19Z", - "stargazers_count": 35, - "watchers_count": 35, + "stargazers_count": 36, + "watchers_count": 36, "has_discussions": false, "forks_count": 7, "allow_forking": true, @@ -25,8 +25,38 @@ "topics": [], "visibility": "public", "forks": 7, - "watchers": 35, + "watchers": 36, "score": 0, "subscribers_count": 1 + }, + { + "id": 704850042, + "name": "blackjump", + "full_name": "tarimoe\/blackjump", + "owner": { + "login": "tarimoe", + "id": 39155974, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/39155974?v=4", + "html_url": "https:\/\/github.com\/tarimoe" + }, + "html_url": "https:\/\/github.com\/tarimoe\/blackjump", + "description": "JumpServer 堡垒机未授权综合漏洞利用, CVE-2023-42442 \/ CVE-2023-42820", + "fork": false, + "created_at": "2023-10-14T09:35:07Z", + "updated_at": "2023-10-14T12:03:37Z", + "pushed_at": "2023-10-14T10:25:14Z", + "stargazers_count": 2, + "watchers_count": 2, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 2, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2023/CVE-2023-42820.json b/2023/CVE-2023-42820.json index 7c065904a8..59129fc0c4 100644 --- a/2023/CVE-2023-42820.json +++ b/2023/CVE-2023-42820.json @@ -43,19 +43,19 @@ "description": "CVE-2023-42820", "fork": false, "created_at": "2023-10-10T06:32:51Z", - "updated_at": "2023-10-13T13:09:22Z", + "updated_at": "2023-10-14T10:02:24Z", "pushed_at": "2023-10-13T02:36:33Z", - "stargazers_count": 25, - "watchers_count": 25, + "stargazers_count": 26, + "watchers_count": 26, "has_discussions": false, - "forks_count": 4, + "forks_count": 5, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 4, - "watchers": 25, + "forks": 5, + "watchers": 26, "score": 0, "subscribers_count": 1 }, diff --git a/2023/CVE-2023-44487.json b/2023/CVE-2023-44487.json index 944cb52187..e6212768ea 100644 --- a/2023/CVE-2023-44487.json +++ b/2023/CVE-2023-44487.json @@ -13,19 +13,19 @@ "description": "Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487", "fork": false, "created_at": "2023-10-10T14:20:42Z", - "updated_at": "2023-10-14T05:40:32Z", - "pushed_at": "2023-10-12T21:19:32Z", - "stargazers_count": 122, - "watchers_count": 122, + "updated_at": "2023-10-14T11:36:23Z", + "pushed_at": "2023-10-14T06:54:10Z", + "stargazers_count": 131, + "watchers_count": 131, "has_discussions": false, - "forks_count": 24, + "forks_count": 28, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 24, - "watchers": 122, + "forks": 28, + "watchers": 131, "score": 0, "subscribers_count": 5 }, @@ -141,10 +141,10 @@ "description": "Tool for testing mitigations and exposure to Rapid Reset DDoS (CVE-2023-44487)", "fork": false, "created_at": "2023-10-13T23:55:32Z", - "updated_at": "2023-10-14T00:35:13Z", + "updated_at": "2023-10-14T08:53:44Z", "pushed_at": "2023-10-14T00:08:56Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 3, + "watchers_count": 3, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -153,7 +153,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 3, "score": 0, "subscribers_count": 1 } diff --git a/2023/CVE-2023-4911.json b/2023/CVE-2023-4911.json index 00b5a8fa90..9a74e94709 100644 --- a/2023/CVE-2023-4911.json +++ b/2023/CVE-2023-4911.json @@ -43,10 +43,10 @@ "description": "PoC for CVE-2023-4911", "fork": false, "created_at": "2023-10-04T14:12:16Z", - "updated_at": "2023-10-13T13:07:50Z", + "updated_at": "2023-10-14T07:50:17Z", "pushed_at": "2023-10-04T14:16:36Z", - "stargazers_count": 322, - "watchers_count": 322, + "stargazers_count": 323, + "watchers_count": 323, "has_discussions": false, "forks_count": 48, "allow_forking": true, @@ -55,7 +55,7 @@ "topics": [], "visibility": "public", "forks": 48, - "watchers": 322, + "watchers": 323, "score": 0, "subscribers_count": 2 }, diff --git a/README.md b/README.md index bbd95e4372..cb6572c28f 100644 --- a/README.md +++ b/README.md @@ -587,6 +587,7 @@ - [vpxuser/CVE-2023-3710-POC](https://github.com/vpxuser/CVE-2023-3710-POC) +- [Mahdi22228/CVE-2023-3710](https://github.com/Mahdi22228/CVE-2023-3710) ### CVE-2023-3711 (2023-09-12) @@ -4066,6 +4067,7 @@ - [HolyGu/CVE-2023-42442](https://github.com/HolyGu/CVE-2023-42442) +- [tarimoe/blackjump](https://github.com/tarimoe/blackjump) ### CVE-2023-42468 (2023-09-13)