VulnCheck for Government
Government agencies see more with VulnCheck
Exploit & Vulnerability Intelligence
Leverage Exploit & Vulnerability Intelligence to make better decisions on which vulnerabilities need immediate remediation.
- More Exploited In-The-Wild Information (& Earlier)
- VulnCheck KEV indexes 2,805 exploited in-the-wild vulnerabilities vs. 1,140 in CISA KEV (146.05% more) and on average, and 27 days earlier than CISA KEV
- More Comprehensive Tracking of Public Exploit PoC Code
- Tracking of 5x more exploits than Exploit-DB's 43,590 & at least 1 exploit for 31.4% of CVEs (vs. 12.9% in Exploit-DB)
- Private Git Server
- Cached copies and git history of all archived exploit code
GET /v3/index/exploits?cve=CVE-2023-22527
{
"data": [
{
"id": "CVE-2023-22527",
"public_exploit_found": true,
"commercial_exploit_found": true,
"weaponized_exploit_found": true,
"max_exploit_maturity": "weaponized",
"reported_exploited": true,
"reported_exploited_by_threat_actors": true,
"reported_exploited_by_ransomware": true,
"reported_exploited_by_botnets": true,
"inKEV": true,
"inVCKEV": true,
"timeline": {
"nvd_published": "2024-01-16T05:15:00Z",
"nvd_last_modified": "2024-08-14T15:23:00Z",
"first_exploit_published": "2024-01-19T00:00:00Z",
"first_exploit_published_weaponized_or_higher": "2024-01-22T00:00:00Z",
"most_recent_exploit_published": "2024-08-30T00:00:00Z",
"first_reported_threat_actor": "2024-01-19T00:00:00Z",
"most_recent_reported_threat_actor": "2024-09-18T00:00:00Z",
"first_reported_ransomware": "2024-03-07T00:00:00Z",
"most_recent_reported_ransomware": "2024-03-07T00:00:00Z",
"first_reported_botnet": "2024-03-20T00:00:00Z",
"most_recent_reported_botnet": "2024-03-20T00:00:00Z",
"cisa_kev_date_added": "2024-01-24T00:00:00Z",
"cisa_kev_date_due": "2024-02-14T00:00:00Z",
"vulncheck_kev_date_added": "2024-01-19T00:00:00Z",
"vulncheck_kev_date_due": "2024-02-14T00:00:00Z"
},
"trending": {
"github": false
},
"epss": {
"epss_score": 0.97094,
"epss_percentile": 0.9982,
"last_modified": "2024-09-22T10:05:43.400094Z"
},
"counts": {
"exploits": 37,
"threat_actors": 3,
"botnets": 1,
"ransomware_families": 1
},
"exploits": [
{
"url": "https://0day.today/exploit/39278",
"name": "Atlassian Confluence SSTI Injection Exploit",
"refsource": "0day.today",
"date_added": "2024-01-29T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://0day.today/exploit/39469",
"name": "Atlassian Confluence < 8.5.3 - Remote Code Execution Exploit",
"refsource": "0day.today",
"date_added": "2024-03-18T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/",
"name": "Atlassian Confluence - Remote Code Execution (CVE-2023-22527)",
"refsource": "blogs",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://attackerkb.com/topics/wONJMCgCgl/cve-2023-22527",
"name": "CVE-2023-22527",
"refsource": "blogs",
"date_added": "2024-01-24T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://boogipop.com/2024/02/13/Atlassian%20Confluence%20CVE-2023-22527%20%E5%88%86%E6%9E%90%E5%8F%8A%E6%AD%A6%E5%99%A8%E5%8C%96%E5%AE%9E%E7%8E%B0/",
"name": "Atlassian Confluence CVE-2023-22527 分析及武器化实现",
"refsource": "blogs",
"date_added": "2024-02-13T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://vulncheck.com/blog/confluence-dreams-of-shells",
"name": "Does Confluence Dream of Shells?",
"refsource": "blogs",
"date_added": "2024-03-08T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.labs.greynoise.io/grimoire/2024-03-confluence-where-are-they-now/",
"name": "Where are they now? Starring: Confluence CVE-2023-22527",
"refsource": "blogs",
"date_added": "2024-03-13T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527",
"name": "Pwning Confluence via OGNL Injection for fun and learning - CVE-2023-22527",
"refsource": "blogs",
"date_added": "2024-04-18T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.vicarius.io/vsociety/posts/automated-pwning-confluence-via-ognl-injection-cve-2023-22527",
"name": "Automated pwning Confluence via OGNL Injection (CVE-2023-22527)",
"refsource": "blogs",
"date_added": "2024-06-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.trendmicro.com/en_us/research/24/h/godzilla-fileless-backdoors.html",
"name": "Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence",
"refsource": "blogs",
"date_added": "2024-08-30T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.coresecurity.com/core-labs/exploits",
"name": "Atlassian Confluence text-inline OGNL Injection Vulnerability Exploit",
"refsource": "coreimpact",
"date_added": "2024-01-26T00:00:00Z",
"exploit_maturity": "weaponized",
"exploit_availability": "commercially-available"
},
{
"url": "https://github.com/Drun1baby/CVE-2023-22527",
"name": "Drun1baby/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Drun1baby/CVE-2023-22527/main/PoC.txt",
"clone_ssh_url": "git@github.com:Drun1baby/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Drun1baby/CVE-2023-22527.git"
},
{
"url": "https://github.com/cleverg0d/CVE-2023-22527",
"name": "cleverg0d/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/cleverg0d/CVE-2023-22527/main/README.md",
"clone_ssh_url": "git@github.com:cleverg0d/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/cleverg0d/CVE-2023-22527.git"
},
{
"url": "https://github.com/thanhlam-attt/CVE-2023-22527",
"name": "thanhlam-attt/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/thanhlam-attt/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:thanhlam-attt/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/thanhlam-attt/CVE-2023-22527.git"
},
{
"url": "https://github.com/C1ph3rX13/CVE-2023-22527",
"name": "C1ph3rX13/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/C1ph3rX13/CVE-2023-22527/main/CVE-2023-22527.go",
"clone_ssh_url": "git@github.com:C1ph3rX13/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/C1ph3rX13/CVE-2023-22527.git"
},
{
"url": "https://github.com/Chocapikk/CVE-2023-22527",
"name": "Chocapikk/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Chocapikk/CVE-2023-22527/main/exploit.py",
"clone_ssh_url": "git@github.com:Chocapikk/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Chocapikk/CVE-2023-22527.git"
},
{
"url": "https://github.com/Manh130902/CVE-2023-22527-POC",
"name": "Manh130902/CVE-2023-22527-POC exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Manh130902/CVE-2023-22527-POC/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:Manh130902/CVE-2023-22527-POC.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Manh130902/CVE-2023-22527-POC.git"
},
{
"url": "https://github.com/Niuwoo/CVE-2023-22527",
"name": "Niuwoo/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Niuwoo/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:Niuwoo/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Niuwoo/CVE-2023-22527.git"
},
{
"url": "https://github.com/RevoltSecurities/CVE-2023-22527",
"name": "RevoltSecurities/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/RevoltSecurities/CVE-2023-22527/main/exploit.py",
"clone_ssh_url": "git@github.com:RevoltSecurities/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/RevoltSecurities/CVE-2023-22527.git"
},
{
"url": "https://github.com/VNCERT-CC/CVE-2023-22527-confluence",
"name": "VNCERT-CC/CVE-2023-22527-confluence exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/VNCERT-CC/CVE-2023-22527-confluence/main/exploit-CVE-2023-22527.js",
"clone_ssh_url": "git@github.com:VNCERT-CC/CVE-2023-22527-confluence.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/VNCERT-CC/CVE-2023-22527-confluence.git"
},
{
"url": "https://github.com/Vozec/CVE-2023-22527",
"name": "Vozec/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Vozec/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:Vozec/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Vozec/CVE-2023-22527.git"
},
{
"url": "https://github.com/Privia-Security/CVE-2023-22527",
"name": "Privia-Security/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-24T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Privia-Security/CVE-2023-22527/main/main.go",
"clone_ssh_url": "git@github.com:Privia-Security/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Privia-Security/CVE-2023-22527.git"
},
{
"url": "https://github.com/yoryio/CVE-2023-22527",
"name": "yoryio/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-24T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/yoryio/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:yoryio/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/yoryio/CVE-2023-22527.git"
},
{
"url": "https://github.com/MaanVader/CVE-2023-22527-POC",
"name": "MaanVader/CVE-2023-22527-POC exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-25T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/MaanVader/CVE-2023-22527-POC/master/exploit.py",
"clone_ssh_url": "git@github.com:MaanVader/CVE-2023-22527-POC.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/MaanVader/CVE-2023-22527-POC.git"
},
{
"url": "https://github.com/adminlove520/CVE-2023-22527",
"name": "adminlove520/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-25T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/adminlove520/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:adminlove520/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/adminlove520/CVE-2023-22527.git"
},
{
"url": "https://github.com/YongYe-Security/CVE-2023-22527",
"name": "YongYe-Security/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-02-02T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/YongYe-Security/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:YongYe-Security/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/YongYe-Security/CVE-2023-22527.git"
},
{
"url": "https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL",
"name": "Boogipop/CVE-2023-22527-Godzilla-MEMSHELL exploit repository",
"refsource": "github-exploits",
"date_added": "2024-02-11T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL/main/src/main/Main.java",
"clone_ssh_url": "git@github.com:Boogipop/CVE-2023-22527-Godzilla-MEMSHELL.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL.git"
},
{
"url": "https://github.com/M0untainShley/CVE-2023-22527-MEMSHELL",
"name": "M0untainShley/CVE-2023-22527-MEMSHELL exploit repository",
"refsource": "github-exploits",
"date_added": "2024-02-26T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/M0untainShley/CVE-2023-22527-MEMSHELL/master/src/main/Main.java",
"clone_ssh_url": "git@github.com:M0untainShley/CVE-2023-22527-MEMSHELL.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/M0untainShley/CVE-2023-22527-MEMSHELL.git"
},
{
"url": "https://github.com/vulncheck-oss/cve-2023-22527",
"name": "vulncheck-oss/cve-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-03-04T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/vulncheck-oss/cve-2023-22527/main/README.md?token=GHSAT0AAAAAACO2HCW4FJ4YNPSHC4TPP4AUZPHLNSQ",
"clone_ssh_url": "git@github.com:vulncheck-oss/cve-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/vulncheck-oss/cve-2023-22527.git"
},
{
"url": "https://github.com/BBD-YZZ/Confluence-RCE",
"name": "BBD-YZZ/Confluence-RCE exploit repository",
"refsource": "github-exploits",
"date_added": "2024-05-29T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/BBD-YZZ/Confluence-RCE/master/pocs/CVE_2023_22527.py",
"clone_ssh_url": "git@github.com:BBD-YZZ/Confluence-RCE.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/BBD-YZZ/Confluence-RCE.git"
},
{
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/atlassian_confluence_rce_cve_2023_22527.rb",
"name": "Atlassian Confluence SSTI Injection",
"refsource": "metasploit",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "weaponized",
"exploit_availability": "publicly-available"
},
{
"url": "https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2023/CVE-2023-22527.yaml",
"name": "Atlassian Confluence - Remote Code Execution",
"refsource": "nuclei-templates",
"date_added": "2024-01-25T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html",
"name": "Atlassian Confluence SSTI Injection",
"refsource": "packetstorm",
"date_added": "2024-01-26T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://packetstormsecurity.com/files/177643/Atlassian-Confluence-8.5.3-Remote-Code-Execution.html",
"name": "Atlassian Confluence 8.5.3 Remote Code Execution",
"refsource": "packetstorm",
"date_added": "2024-03-19T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://packetstormsecurity.com/files/179520/Confluence-Template-Injection-Remote-Code-Execution.html",
"name": "Confluence Template Injection Remote Code Execution",
"refsource": "packetstorm",
"date_added": "2024-07-15T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://api.vulncheck.com/v3/index/initial-access?cve=CVE-2023-22527",
"name": "Confluence Template Injection (text-inline.vm)",
"refsource": "vulncheck-initial-access",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "weaponized",
"exploit_availability": "commercially-available",
"exploit_type": "initial-access",
"clone_ssh_url": "git@git.vulncheck.com:vulncheck/initial-access.git"
},
{
"url": "https://x.com/ptswarm/status/1748331385968795882",
"name": "We have reproduced CVE-2023-22527 in Atlassian Confluence",
"refsource": "x",
"date_added": "2024-01-19T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "privately-available"
}
],
"reported_exploitation": [
{
"url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"name": "Atlassian Confluence Data Center and Server Template Injection Vulnerability",
"refsource": "cisa-kev",
"date_added": "2024-01-24T00:00:00Z"
},
{
"url": "https://www.imperva.com/blog/new-sysrv-botnet-variant-makes-use-of-google-subdomain-to-spread-xmrig-miner/",
"name": "Sysrv",
"refsource": "vulncheck-botnets",
"date_added": "2024-03-20T00:00:00Z"
},
{
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"name": "Unattributed",
"refsource": "vulncheck-ransomware",
"date_added": "2024-03-07T00:00:00Z"
},
{
"url": "https://www.rapid7.com/blog/post/2024/01/19/etr-critical-cves-in-outdated-versions-of-atlassian-confluence-and-vmware-vcenter-server/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-19T00:00:00Z"
},
{
"url": "https://twitter.com/TheDFIRReport/status/1749066611678466205",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-21T00:00:00Z"
},
{
"url": "https://isc.sans.edu/diary/rss/30576",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-22T00:00:00Z"
},
{
"url": "https://twitter.com/Shadowserver/status/1749372138685915645",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-22T00:00:00Z"
},
{
"url": "https://twitter.com/TheDFIRReport/status/1749424404063232099?s=20",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-22T00:00:00Z"
},
{
"url": "https://twitter.com/catc0n/status/1749912359127105813?s=20",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-23T00:00:00Z"
},
{
"url": "https://www.tenable.com/blog/cve-2023-22527-atlassian-confluence-data-center-and-server-template-injection-exploited-in-the",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-23T00:00:00Z"
},
{
"url": "https://www.fortiguard.com/threat-signal-report/5376/atlassian-confluence-remote-code-execution-cve-2023-22527",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-02-01T00:00:00Z"
},
{
"url": "https://www.rapid7.com/blog/post/2024/02/15/rce-to-sliver-ir-tales-from-the-field/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-02-15T00:00:00Z"
},
{
"url": "https://www.imperva.com/blog/attackers-quick-to-weaponize-cve-2023-22527-for-malware-delivery/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-02-21T00:00:00Z"
},
{
"url": "https://vulncheck.com/blog/confluence-dreams-of-shells",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-03-08T00:00:00Z"
},
{
"url": "https://www.labs.greynoise.io/grimoire/2024-03-confluence-where-are-they-now/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-03-13T00:00:00Z"
},
{
"url": "https://www.imperva.com/blog/new-sysrv-botnet-variant-makes-use-of-google-subdomain-to-spread-xmrig-miner/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-03-20T00:00:00Z"
},
{
"url": "https://go.catonetworks.com/rs/245-RJK-441/images/CATO-NETWORKS-THREAT-REPORT2024.pdf",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-05-07T00:00:00Z"
},
{
"url": "https://rt-solar.ru/solar-4rays/blog/4333/",
"name": "Cobalt Spider",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-05-24T00:00:00Z"
},
{
"url": "https://rt-solar.ru/solar-4rays/blog/4527/",
"name": "Cobalt Spider",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-07-18T00:00:00Z"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/08/06/2024-midyear-threat-landscape-review",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-08-06T00:00:00Z"
},
{
"url": "https://go.catonetworks.com/rs/245-RJK-441/images/Q2_24_Cato_CTRL_Threat_Report.pdf",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-08-13T00:00:00Z"
},
{
"url": "https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-08-28T00:00:00Z"
},
{
"url": "https://www.trendmicro.com/en_us/research/24/h/godzilla-fileless-backdoors.html",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-08-30T00:00:00Z"
},
{
"url": "https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/0/CSA-PRC-LINKED-ACTORS-BOTNET.PDF",
"name": "Ethereal Panda",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-09-18T00:00:00Z"
}
],
"date_added": "2024-01-19T00:00:00Z",
"_timestamp": "2024-09-23T09:31:01.930889947Z"
}
]
}
Initial Access Intelligence
Initial Access Intelligence provides organizations the detection artifacts, such as Suricata signatures, YARA rules, PCAPs, and private exploit PoCs, to defend against initial access vulnerabilities, already exploited or likely to be soon.
- Proprietary exploit code and detections
- In-house developed proprietary exploit code (including bypass techniques) and detections (PCAPs, Suricata & Snort rules, YARA rules, etc.)
- Potentially vulnerable systems
- Custom Shodan, Censys, & GreyNoise queries (before Censys or GreyNoise tags exist) to find potentially impacted devices
- 200+ proprietary Initial Access exploits per year
- VulnCheck for Government SLA commits to covering at least 200 new vulnerabilities per year with proprietary exploit code & detection artifacts
GET /v3/index/initial-access?cve=CVE-2023-22527
{
"data": [
{
"cve": "CVE-2023-22527",
"inKEV": true,
"inVCKEV": true,
"artifacts": [
{
"vendor": "Confluence",
"product": [
"Confluence Server",
"Confluence Data Center"
],
"dateAdded": "2024-01-22T00:00:00Z",
"artifactName": "Confluence Template Injection (text-inline.vm)",
"exploit": true,
"versionScanner": true,
"pcap": true,
"suricataRule": true,
"snortRule": true,
"yara": true,
"nmapScript": true,
"zeroday": false,
"targetService": "HTTP",
"targetDocker": true,
"shodanQueries": [
"https://www.shodan.io/search?query=%2Bhttp.favicon.hash%3A-305179312+%22X-Confluence-Request-Time%22+%2B%22Set-Cookie%3A+JSESSIONID%3D%22+%2Bhtml%3A%22confluence-context-path%22",
"https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22JSESSIONID%22+%2Bhtml%3A%22atlassian-authentication-plugin%22+-%22145DF9C4CDE560B2699212692B867CDA%22",
"https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22Set-Cookie%3A+JSESSIONID%22+%2Bhtml%3A%22SAML+POST+Binding%22"
],
"censysQueries": [
"https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=labels%3A+%60atlassian-confluence%60+and+services.banner%3A%22Set-Cookie%3A+JSESSIONID%22"
],
"greynoiseQueries": [
"https://viz.greynoise.io/query?gnql=raw_data.web.paths%3A%22%2Ftemplate%2Faui%2Ftext-inline.vm%22",
"https://viz.greynoise.io/tag/atlassian-confluence-template-injection-rce-attempt-cve-2023-22527"
],
"shodanRawQueries": [
"+http.favicon.hash:-305179312 \"X-Confluence-Request-Time\" +\"Set-Cookie: JSESSIONID=\" +html:\"confluence-context-path\"",
"X-Confluence-Request-Time +\"JSESSIONID\" +html:\"atlassian-authentication-plugin\" -\"145DF9C4CDE560B2699212692B867CDA\"",
"X-Confluence-Request-Time +\"Set-Cookie: JSESSIONID\" +html:\"SAML POST Binding\""
],
"censysRawQueries": [
"labels: `atlassian-confluence` and services.banner:\"Set-Cookie: JSESSIONID\""
],
"cloneSSHURL": "git@git.vulncheck.com:vulncheck/initial-access.git"
}
],
"_timestamp": "2024-08-31T00:22:25.801484Z"
}
]
}
IP Intelligence
IP Intelligence data on potentially vulnerable systems, attacker command & control infrastructure (C2), honeypots, proxies, and more.
- Attacker Command & Control (C2) infrastructure
- C2, webshells, open directories, implant detection, etc.
- Time scales covered
- 3 days (what's live right now), 10 days, 30 days, & 90 days
- Command & Control (C2) fingerprints
- For our Government partners, instead of just reporting we found implanted devices, we report how we detected the implants
GET v3/index/ipintel-3d?id=initial-access&country=Kenya
{
"_meta": {
"timestamp": "2024-05-31T16:24:26.652434716Z",
"index": "ipintel-3d"
},
"data": [
{
"ip": "41.60.234.236",
"port": 80,
"ssl": false,
"lastSeen": "2024-05-29T17:07:36.112496",
"asn": "AS30844",
"country": "Kenya",
"country_code": "KE",
"city": "Nairobi",
"cve": [
"CVE-2023-30799"
],
"matches": [
"Mikrotik RouterOS FoisHandler Code Execution (mipsbe)"
],
"hostnames": [],
"type": {
"id": "initial-access",
"finding": "potentially vulnerable"
},
"feed_ids": [
"80597145-be58-4754-b96a-fd0afa199657"
],
"_timestamp": "2024-05-31T10:59:07.093811Z"
},
{
"ip": "41.72.199.244",
"port": 80,
"ssl": false,
"lastSeen": "2024-05-30T00:04:20.804833",
"asn": "AS30844",
"country": "Kenya",
"country_code": "KE",
"city": "Nairobi",
"cve": [
"CVE-2023-30799"
],
"matches": [
"Mikrotik RouterOS FoisHandler Code Execution (mipsbe)"
],
"hostnames": [
"41.72.199.244.liquidtelecom.net"
],
"type": {
"id": "initial-access",
"finding": "potentially vulnerable"
},
"feed_ids": [
"80597145-be58-4754-b96a-fd0afa199657"
],
"_timestamp": "2024-05-31T10:55:26.690585Z"
},
{
"ip": "41.222.9.14",
"port": 80,
"ssl": false,
"lastSeen": "2024-05-29T16:10:29.939581",
"asn": "AS36866",
"country": "Kenya",
"country_code": "KE",
"city": "Nairobi",
"cve": [
"CVE-2023-30799"
],
"matches": [
"Mikrotik RouterOS FoisHandler Code Execution (mipsbe)"
],
"hostnames": [],
"type": {
"id": "initial-access",
"finding": "potentially vulnerable"
},
"feed_ids": [
"80597145-be58-4754-b96a-fd0afa199657"
],
"_timestamp": "2024-05-31T10:48:54.36694Z"
},
{
"ip": "41.60.235.65",
"port": 80,
"ssl": false,
"lastSeen": "2024-05-28T03:05:34.651439",
"asn": "AS30844",
"country": "Kenya",
"country_code": "KE",
"city": "Nairobi",
"cve": [
"CVE-2023-30799"
],
"matches": [
"Mikrotik RouterOS FoisHandler Code Execution (mipsbe)"
],
"hostnames": [],
"type": {
"id": "initial-access",
"finding": "potentially vulnerable"
},
"feed_ids": [
"80597145-be58-4754-b96a-fd0afa199657"
],
"_timestamp": "2024-05-31T10:54:33.208194Z"
}
]
}
Partnering With Agencies
How VulnCheck Partners with Government Agencies
Government Use Cases
VulnCheck supports a wide variety of Government use cases.
- Vulnerability Intelligence
- Active Cyber Defense
- Mass Exploitation Defense
- Vulnerability Prioritization
- Adversary Cyber Intelligence
- Emerging Threat Response
See More with VulnCheck
VulnCheck works closely with government agencies to solidify defenses, collaborate, and respond to emerging threats.
- US Intelligence Community
- US Department of Defense
- Civilian Agencies
- National CERTs
- International Intelligence Agencies
- NATO and Friendly Allies
Get Started with VulnCheck