The Threat Codex5d ago
Rapid7 Detection Coverage for Iran-Linked Cyber Activity
#MuddyWater #VoidManticore #HandalaHackTeam #CyberAv3ngers #Keymous+ #DieNet #NoName057(16) #CVE_2026_1281 #CVE_2024_4577 #CVE_2025_32433 #CVE_2025_52691 #CVE_2025_9316 #CVE_2026_21514
https://www.rapid7.com/blog/post/tr-detection-coverage-iran-linked-cyber-activity/
Rapid7 Detection Coverage for Iran-Linked Cyber Activity

Explore the detection & enrichment coverage available to Rapid7 customers in a new blog, broadly assessing the macro cyber threat landscape and demonstrating the specific actions undertaken within the Rapid7 portfolio.

Rapid7
The Threat CodexMar 11, 2025
GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577), Signaling Broad Campaign
#CVE_2024_4577
https://www.greynoise.io/blog/mass-exploitation-critical-php-cgi-vulnerability-cve-2024-457
GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577)

‍GreyNoise data confirms that exploitation of CVE-2024-4577 extends far beyond initial reports. Attack attempts have been observed across multiple regions, with notable spikes in the United States, Singapore, Japan, and other countries throughout January 2025.

Show thread decioJul 11, 2024

Exploitation de masse sur internet confirmée et détectée par Akamai:

"As early as one day after disclosure, the SIRT observed numerous exploit attempts to abuse this vulnerability, indicating high exploitability and quick adoption by threat actors.

The exploitations include command injection and multiple malware campaigns: Gh0st RAT, RedTail cryptominers, and XMRig."

(IoCs Inside)
👇
https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure

et la distribution géographique de ces détections (basées sur le readme10) des serveurs pwned sur internet confirme que la vulnérabilité affecte principalement les systèmes ayant la localisation en langues chinoise et japonaise
👀 ⬇️
https://www.onyphe.io/search?q=category%3Adatascan+%22READ_ME10.html%22

wallet
⬇️
https://btcscan.org/address/bc1qnuxx83nd4keeegrumtnu8kup8g02yzgff6z53legrumtnu8kup8g02yzgff6z53l

message IoC
⬇️
"send 0.1btc to my address:bc1qnuxx83nd4keeegrumtnu8kup8g02yzgff6z53l. contact email:[email protected],if you can't contact my email, please contact some data recovery company(suggest taobao.com), may they can contact to me .your id: "

#Cyberveille #CVE_2024_4577

The Threat CodexJun 12, 2024
Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware
#CVE_2024_4577 #TellYouThePass
https://www.imperva.com/blog/update-cve-2024-4577-quickly-weaponized-to-distribute-tellyouthepass-ransomware/
Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware | Imperva

CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Blog
 decioJun 11, 2024

⚠️ 🩹 patch Windows+PHP & please, do not expose XAMPP!

hem...
👀
https://www.shodan.io/search?query=READ_ME10.html

( context :

https://www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-exploits-recent-php-rce-flaw-to-breach-servers/ )

#CVE_2024_4577 #infosec

Konstantin Jun 10, 2024

SCNR

https://infosec.exchange/@ibboard@hachyderm.io/112585613637222411

#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE #CVE_2024_4577 #Memes

Infosec Exchange