Exploit Intelligence from VulnCheck
Better Data Faster Through AWS to Enrich Cyber Platforms and Response Team Workflows
Exploit Intelligence for Vulnerability Prioritization
VulnCheck has reimagined vulnerability prioritization, giving teams better data faster to defend against threats that actually matter. VulnCheck's 100% autonomous collection system pulls and curates intelligence from over 500+ sources in real-time across 450M+ records on ALL CVEs to power faster response time to the weaponized or exploited vulnerabilities.
VulnCheck Solutions
Exploit & Vulnerability Intelligence
Leverage Exploit & Vulnerability Intelligence to make better decisions on which vulnerabilities need immediate remediation.
- VulnCheck KEV indexes 2,805 exploited in-the-wild vulnerabilities vs. 1,140 in CISA KEV (146.05% more) and on average, and 27 days earlier than CISA KEV
- Tracking of 5x more exploits than Exploit-DB's 43,590 & at least 1 exploit for 31.4% of CVEs (vs. 12.9% in Exploit-DB)
- Cached copies and git history of all archived exploit code
GET /v3/index/exploits?cve=CVE-2023-22527
{
"data": [
{
"id": "CVE-2023-22527",
"public_exploit_found": true,
"commercial_exploit_found": true,
"weaponized_exploit_found": true,
"max_exploit_maturity": "weaponized",
"reported_exploited": true,
"reported_exploited_by_threat_actors": true,
"reported_exploited_by_ransomware": true,
"reported_exploited_by_botnets": true,
"inKEV": true,
"inVCKEV": true,
"timeline": {
"nvd_published": "2024-01-16T05:15:00Z",
"nvd_last_modified": "2024-08-14T15:23:00Z",
"first_exploit_published": "2024-01-19T00:00:00Z",
"first_exploit_published_weaponized_or_higher": "2024-01-22T00:00:00Z",
"most_recent_exploit_published": "2024-08-30T00:00:00Z",
"first_reported_threat_actor": "2024-01-19T00:00:00Z",
"most_recent_reported_threat_actor": "2024-09-18T00:00:00Z",
"first_reported_ransomware": "2024-03-07T00:00:00Z",
"most_recent_reported_ransomware": "2024-03-07T00:00:00Z",
"first_reported_botnet": "2024-03-20T00:00:00Z",
"most_recent_reported_botnet": "2024-03-20T00:00:00Z",
"cisa_kev_date_added": "2024-01-24T00:00:00Z",
"cisa_kev_date_due": "2024-02-14T00:00:00Z",
"vulncheck_kev_date_added": "2024-01-19T00:00:00Z",
"vulncheck_kev_date_due": "2024-02-14T00:00:00Z"
},
"trending": {
"github": false
},
"epss": {
"epss_score": 0.97094,
"epss_percentile": 0.9982,
"last_modified": "2024-09-22T10:05:43.400094Z"
},
"counts": {
"exploits": 37,
"threat_actors": 3,
"botnets": 1,
"ransomware_families": 1
},
"exploits": [
{
"url": "https://0day.today/exploit/39278",
"name": "Atlassian Confluence SSTI Injection Exploit",
"refsource": "0day.today",
"date_added": "2024-01-29T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://0day.today/exploit/39469",
"name": "Atlassian Confluence < 8.5.3 - Remote Code Execution Exploit",
"refsource": "0day.today",
"date_added": "2024-03-18T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/",
"name": "Atlassian Confluence - Remote Code Execution (CVE-2023-22527)",
"refsource": "blogs",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://attackerkb.com/topics/wONJMCgCgl/cve-2023-22527",
"name": "CVE-2023-22527",
"refsource": "blogs",
"date_added": "2024-01-24T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://boogipop.com/2024/02/13/Atlassian%20Confluence%20CVE-2023-22527%20%E5%88%86%E6%9E%90%E5%8F%8A%E6%AD%A6%E5%99%A8%E5%8C%96%E5%AE%9E%E7%8E%B0/",
"name": "Atlassian Confluence CVE-2023-22527 分析及武器化实现",
"refsource": "blogs",
"date_added": "2024-02-13T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://vulncheck.com/blog/confluence-dreams-of-shells",
"name": "Does Confluence Dream of Shells?",
"refsource": "blogs",
"date_added": "2024-03-08T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.labs.greynoise.io/grimoire/2024-03-confluence-where-are-they-now/",
"name": "Where are they now? Starring: Confluence CVE-2023-22527",
"refsource": "blogs",
"date_added": "2024-03-13T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527",
"name": "Pwning Confluence via OGNL Injection for fun and learning - CVE-2023-22527",
"refsource": "blogs",
"date_added": "2024-04-18T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.vicarius.io/vsociety/posts/automated-pwning-confluence-via-ognl-injection-cve-2023-22527",
"name": "Automated pwning Confluence via OGNL Injection (CVE-2023-22527)",
"refsource": "blogs",
"date_added": "2024-06-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.trendmicro.com/en_us/research/24/h/godzilla-fileless-backdoors.html",
"name": "Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence",
"refsource": "blogs",
"date_added": "2024-08-30T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.coresecurity.com/core-labs/exploits",
"name": "Atlassian Confluence text-inline OGNL Injection Vulnerability Exploit",
"refsource": "coreimpact",
"date_added": "2024-01-26T00:00:00Z",
"exploit_maturity": "weaponized",
"exploit_availability": "commercially-available"
},
{
"url": "https://github.com/Drun1baby/CVE-2023-22527",
"name": "Drun1baby/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Drun1baby/CVE-2023-22527/main/PoC.txt",
"clone_ssh_url": "git@github.com:Drun1baby/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Drun1baby/CVE-2023-22527.git"
},
{
"url": "https://github.com/cleverg0d/CVE-2023-22527",
"name": "cleverg0d/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/cleverg0d/CVE-2023-22527/main/README.md",
"clone_ssh_url": "git@github.com:cleverg0d/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/cleverg0d/CVE-2023-22527.git"
},
{
"url": "https://github.com/thanhlam-attt/CVE-2023-22527",
"name": "thanhlam-attt/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/thanhlam-attt/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:thanhlam-attt/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/thanhlam-attt/CVE-2023-22527.git"
},
{
"url": "https://github.com/C1ph3rX13/CVE-2023-22527",
"name": "C1ph3rX13/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/C1ph3rX13/CVE-2023-22527/main/CVE-2023-22527.go",
"clone_ssh_url": "git@github.com:C1ph3rX13/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/C1ph3rX13/CVE-2023-22527.git"
},
{
"url": "https://github.com/Chocapikk/CVE-2023-22527",
"name": "Chocapikk/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Chocapikk/CVE-2023-22527/main/exploit.py",
"clone_ssh_url": "git@github.com:Chocapikk/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Chocapikk/CVE-2023-22527.git"
},
{
"url": "https://github.com/Manh130902/CVE-2023-22527-POC",
"name": "Manh130902/CVE-2023-22527-POC exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Manh130902/CVE-2023-22527-POC/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:Manh130902/CVE-2023-22527-POC.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Manh130902/CVE-2023-22527-POC.git"
},
{
"url": "https://github.com/Niuwoo/CVE-2023-22527",
"name": "Niuwoo/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Niuwoo/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:Niuwoo/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Niuwoo/CVE-2023-22527.git"
},
{
"url": "https://github.com/RevoltSecurities/CVE-2023-22527",
"name": "RevoltSecurities/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/RevoltSecurities/CVE-2023-22527/main/exploit.py",
"clone_ssh_url": "git@github.com:RevoltSecurities/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/RevoltSecurities/CVE-2023-22527.git"
},
{
"url": "https://github.com/VNCERT-CC/CVE-2023-22527-confluence",
"name": "VNCERT-CC/CVE-2023-22527-confluence exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/VNCERT-CC/CVE-2023-22527-confluence/main/exploit-CVE-2023-22527.js",
"clone_ssh_url": "git@github.com:VNCERT-CC/CVE-2023-22527-confluence.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/VNCERT-CC/CVE-2023-22527-confluence.git"
},
{
"url": "https://github.com/Vozec/CVE-2023-22527",
"name": "Vozec/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Vozec/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:Vozec/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Vozec/CVE-2023-22527.git"
},
{
"url": "https://github.com/Privia-Security/CVE-2023-22527",
"name": "Privia-Security/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-24T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Privia-Security/CVE-2023-22527/main/main.go",
"clone_ssh_url": "git@github.com:Privia-Security/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Privia-Security/CVE-2023-22527.git"
},
{
"url": "https://github.com/yoryio/CVE-2023-22527",
"name": "yoryio/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-24T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/yoryio/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:yoryio/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/yoryio/CVE-2023-22527.git"
},
{
"url": "https://github.com/MaanVader/CVE-2023-22527-POC",
"name": "MaanVader/CVE-2023-22527-POC exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-25T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/MaanVader/CVE-2023-22527-POC/master/exploit.py",
"clone_ssh_url": "git@github.com:MaanVader/CVE-2023-22527-POC.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/MaanVader/CVE-2023-22527-POC.git"
},
{
"url": "https://github.com/adminlove520/CVE-2023-22527",
"name": "adminlove520/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-25T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/adminlove520/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:adminlove520/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/adminlove520/CVE-2023-22527.git"
},
{
"url": "https://github.com/YongYe-Security/CVE-2023-22527",
"name": "YongYe-Security/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-02-02T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/YongYe-Security/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:YongYe-Security/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/YongYe-Security/CVE-2023-22527.git"
},
{
"url": "https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL",
"name": "Boogipop/CVE-2023-22527-Godzilla-MEMSHELL exploit repository",
"refsource": "github-exploits",
"date_added": "2024-02-11T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL/main/src/main/Main.java",
"clone_ssh_url": "git@github.com:Boogipop/CVE-2023-22527-Godzilla-MEMSHELL.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL.git"
},
{
"url": "https://github.com/M0untainShley/CVE-2023-22527-MEMSHELL",
"name": "M0untainShley/CVE-2023-22527-MEMSHELL exploit repository",
"refsource": "github-exploits",
"date_added": "2024-02-26T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/M0untainShley/CVE-2023-22527-MEMSHELL/master/src/main/Main.java",
"clone_ssh_url": "git@github.com:M0untainShley/CVE-2023-22527-MEMSHELL.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/M0untainShley/CVE-2023-22527-MEMSHELL.git"
},
{
"url": "https://github.com/vulncheck-oss/cve-2023-22527",
"name": "vulncheck-oss/cve-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-03-04T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/vulncheck-oss/cve-2023-22527/main/README.md?token=GHSAT0AAAAAACO2HCW4FJ4YNPSHC4TPP4AUZPHLNSQ",
"clone_ssh_url": "git@github.com:vulncheck-oss/cve-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/vulncheck-oss/cve-2023-22527.git"
},
{
"url": "https://github.com/BBD-YZZ/Confluence-RCE",
"name": "BBD-YZZ/Confluence-RCE exploit repository",
"refsource": "github-exploits",
"date_added": "2024-05-29T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/BBD-YZZ/Confluence-RCE/master/pocs/CVE_2023_22527.py",
"clone_ssh_url": "git@github.com:BBD-YZZ/Confluence-RCE.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/BBD-YZZ/Confluence-RCE.git"
},
{
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/atlassian_confluence_rce_cve_2023_22527.rb",
"name": "Atlassian Confluence SSTI Injection",
"refsource": "metasploit",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "weaponized",
"exploit_availability": "publicly-available"
},
{
"url": "https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2023/CVE-2023-22527.yaml",
"name": "Atlassian Confluence - Remote Code Execution",
"refsource": "nuclei-templates",
"date_added": "2024-01-25T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html",
"name": "Atlassian Confluence SSTI Injection",
"refsource": "packetstorm",
"date_added": "2024-01-26T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://packetstormsecurity.com/files/177643/Atlassian-Confluence-8.5.3-Remote-Code-Execution.html",
"name": "Atlassian Confluence 8.5.3 Remote Code Execution",
"refsource": "packetstorm",
"date_added": "2024-03-19T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://packetstormsecurity.com/files/179520/Confluence-Template-Injection-Remote-Code-Execution.html",
"name": "Confluence Template Injection Remote Code Execution",
"refsource": "packetstorm",
"date_added": "2024-07-15T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://api.vulncheck.com/v3/index/initial-access?cve=CVE-2023-22527",
"name": "Confluence Template Injection (text-inline.vm)",
"refsource": "vulncheck-initial-access",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "weaponized",
"exploit_availability": "commercially-available",
"exploit_type": "initial-access",
"clone_ssh_url": "git@git.vulncheck.com:vulncheck/initial-access.git"
},
{
"url": "https://x.com/ptswarm/status/1748331385968795882",
"name": "We have reproduced CVE-2023-22527 in Atlassian Confluence",
"refsource": "x",
"date_added": "2024-01-19T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "privately-available"
}
],
"reported_exploitation": [
{
"url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"name": "Atlassian Confluence Data Center and Server Template Injection Vulnerability",
"refsource": "cisa-kev",
"date_added": "2024-01-24T00:00:00Z"
},
{
"url": "https://www.imperva.com/blog/new-sysrv-botnet-variant-makes-use-of-google-subdomain-to-spread-xmrig-miner/",
"name": "Sysrv",
"refsource": "vulncheck-botnets",
"date_added": "2024-03-20T00:00:00Z"
},
{
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"name": "Unattributed",
"refsource": "vulncheck-ransomware",
"date_added": "2024-03-07T00:00:00Z"
},
{
"url": "https://www.rapid7.com/blog/post/2024/01/19/etr-critical-cves-in-outdated-versions-of-atlassian-confluence-and-vmware-vcenter-server/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-19T00:00:00Z"
},
{
"url": "https://twitter.com/TheDFIRReport/status/1749066611678466205",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-21T00:00:00Z"
},
{
"url": "https://isc.sans.edu/diary/rss/30576",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-22T00:00:00Z"
},
{
"url": "https://twitter.com/Shadowserver/status/1749372138685915645",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-22T00:00:00Z"
},
{
"url": "https://twitter.com/TheDFIRReport/status/1749424404063232099?s=20",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-22T00:00:00Z"
},
{
"url": "https://twitter.com/catc0n/status/1749912359127105813?s=20",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-23T00:00:00Z"
},
{
"url": "https://www.tenable.com/blog/cve-2023-22527-atlassian-confluence-data-center-and-server-template-injection-exploited-in-the",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-01-23T00:00:00Z"
},
{
"url": "https://www.fortiguard.com/threat-signal-report/5376/atlassian-confluence-remote-code-execution-cve-2023-22527",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-02-01T00:00:00Z"
},
{
"url": "https://www.rapid7.com/blog/post/2024/02/15/rce-to-sliver-ir-tales-from-the-field/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-02-15T00:00:00Z"
},
{
"url": "https://www.imperva.com/blog/attackers-quick-to-weaponize-cve-2023-22527-for-malware-delivery/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-02-21T00:00:00Z"
},
{
"url": "https://vulncheck.com/blog/confluence-dreams-of-shells",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-03-08T00:00:00Z"
},
{
"url": "https://www.labs.greynoise.io/grimoire/2024-03-confluence-where-are-they-now/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-03-13T00:00:00Z"
},
{
"url": "https://www.imperva.com/blog/new-sysrv-botnet-variant-makes-use-of-google-subdomain-to-spread-xmrig-miner/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-03-20T00:00:00Z"
},
{
"url": "https://go.catonetworks.com/rs/245-RJK-441/images/CATO-NETWORKS-THREAT-REPORT2024.pdf",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-05-07T00:00:00Z"
},
{
"url": "https://rt-solar.ru/solar-4rays/blog/4333/",
"name": "Cobalt Spider",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-05-24T00:00:00Z"
},
{
"url": "https://rt-solar.ru/solar-4rays/blog/4527/",
"name": "Cobalt Spider",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-07-18T00:00:00Z"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/08/06/2024-midyear-threat-landscape-review",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-08-06T00:00:00Z"
},
{
"url": "https://go.catonetworks.com/rs/245-RJK-441/images/Q2_24_Cato_CTRL_Threat_Report.pdf",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-08-13T00:00:00Z"
},
{
"url": "https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-08-28T00:00:00Z"
},
{
"url": "https://www.trendmicro.com/en_us/research/24/h/godzilla-fileless-backdoors.html",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-08-30T00:00:00Z"
},
{
"url": "https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/0/CSA-PRC-LINKED-ACTORS-BOTNET.PDF",
"name": "Ethereal Panda",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-09-18T00:00:00Z"
}
],
"date_added": "2024-01-19T00:00:00Z",
"_timestamp": "2024-09-23T09:31:01.930889947Z"
}
]
}
Initial Access Intelligence
Initial Access Intelligence provides organizations the detection artifacts, such as Suricata signatures, YARA rules, PCAPs, and private exploit PoCs, to defend against initial access vulnerabilities, already exploited or likely to be soon.
- In-house developed proprietary exploit code (including bypass techniques) and detections (PCAPs, Suricata & Snort rules, YARA rules, etc.)
- Custom Shodan, Censys, & GreyNoise queries (before Censys or GreyNoise tags exist) to find potentially impacted devices
- VulnCheck for Government SLA commits to covering at least 200 new vulnerabilities per year with proprietary exploit code & detection artifacts
GET /v3/index/initial-access?cve=CVE-2023-22527
{
"data": [
{
"cve": "CVE-2023-22527",
"inKEV": true,
"inVCKEV": true,
"artifacts": [
{
"vendor": "Confluence",
"product": [
"Confluence Server",
"Confluence Data Center"
],
"dateAdded": "2024-01-22T00:00:00Z",
"artifactName": "Confluence Template Injection (text-inline.vm)",
"exploit": true,
"versionScanner": true,
"pcap": true,
"suricataRule": true,
"snortRule": true,
"yara": true,
"nmapScript": true,
"zeroday": false,
"targetService": "HTTP",
"targetDocker": true,
"shodanQueries": [
"https://www.shodan.io/search?query=%2Bhttp.favicon.hash%3A-305179312+%22X-Confluence-Request-Time%22+%2B%22Set-Cookie%3A+JSESSIONID%3D%22+%2Bhtml%3A%22confluence-context-path%22",
"https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22JSESSIONID%22+%2Bhtml%3A%22atlassian-authentication-plugin%22+-%22145DF9C4CDE560B2699212692B867CDA%22",
"https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22Set-Cookie%3A+JSESSIONID%22+%2Bhtml%3A%22SAML+POST+Binding%22"
],
"censysQueries": [
"https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=labels%3A+%60atlassian-confluence%60+and+services.banner%3A%22Set-Cookie%3A+JSESSIONID%22"
],
"greynoiseQueries": [
"https://viz.greynoise.io/query?gnql=raw_data.web.paths%3A%22%2Ftemplate%2Faui%2Ftext-inline.vm%22",
"https://viz.greynoise.io/tag/atlassian-confluence-template-injection-rce-attempt-cve-2023-22527"
],
"shodanRawQueries": [
"+http.favicon.hash:-305179312 \"X-Confluence-Request-Time\" +\"Set-Cookie: JSESSIONID=\" +html:\"confluence-context-path\"",
"X-Confluence-Request-Time +\"JSESSIONID\" +html:\"atlassian-authentication-plugin\" -\"145DF9C4CDE560B2699212692B867CDA\"",
"X-Confluence-Request-Time +\"Set-Cookie: JSESSIONID\" +html:\"SAML POST Binding\""
],
"censysRawQueries": [
"labels: `atlassian-confluence` and services.banner:\"Set-Cookie: JSESSIONID\""
],
"cloneSSHURL": "git@git.vulncheck.com:vulncheck/initial-access.git"
}
],
"_timestamp": "2024-08-31T00:22:25.801484Z"
}
]
}
IP Intelligence
IP Intelligence data on potentially vulnerable systems, attacker command & control infrastructure (C2), honeypots, proxies, and more.
- C2, webshells, open directories, implant detection, etc.
- 3 days (what's live right now), 10 days, 30 days, & 90 days
- For our Government partners, instead of just reporting we found implanted devices, we report how we detected the implants
GET v3/index/ipintel-3d?id=initial-access&country=Kenya
{
"_meta": {
"timestamp": "2024-05-31T16:24:26.652434716Z",
"index": "ipintel-3d"
},
"data": [
{
"ip": "41.60.234.236",
"port": 80,
"ssl": false,
"lastSeen": "2024-05-29T17:07:36.112496",
"asn": "AS30844",
"country": "Kenya",
"country_code": "KE",
"city": "Nairobi",
"cve": [
"CVE-2023-30799"
],
"matches": [
"Mikrotik RouterOS FoisHandler Code Execution (mipsbe)"
],
"hostnames": [],
"type": {
"id": "initial-access",
"finding": "potentially vulnerable"
},
"feed_ids": [
"80597145-be58-4754-b96a-fd0afa199657"
],
"_timestamp": "2024-05-31T10:59:07.093811Z"
},
{
"ip": "41.72.199.244",
"port": 80,
"ssl": false,
"lastSeen": "2024-05-30T00:04:20.804833",
"asn": "AS30844",
"country": "Kenya",
"country_code": "KE",
"city": "Nairobi",
"cve": [
"CVE-2023-30799"
],
"matches": [
"Mikrotik RouterOS FoisHandler Code Execution (mipsbe)"
],
"hostnames": [
"41.72.199.244.liquidtelecom.net"
],
"type": {
"id": "initial-access",
"finding": "potentially vulnerable"
},
"feed_ids": [
"80597145-be58-4754-b96a-fd0afa199657"
],
"_timestamp": "2024-05-31T10:55:26.690585Z"
},
{
"ip": "41.222.9.14",
"port": 80,
"ssl": false,
"lastSeen": "2024-05-29T16:10:29.939581",
"asn": "AS36866",
"country": "Kenya",
"country_code": "KE",
"city": "Nairobi",
"cve": [
"CVE-2023-30799"
],
"matches": [
"Mikrotik RouterOS FoisHandler Code Execution (mipsbe)"
],
"hostnames": [],
"type": {
"id": "initial-access",
"finding": "potentially vulnerable"
},
"feed_ids": [
"80597145-be58-4754-b96a-fd0afa199657"
],
"_timestamp": "2024-05-31T10:48:54.36694Z"
},
{
"ip": "41.60.235.65",
"port": 80,
"ssl": false,
"lastSeen": "2024-05-28T03:05:34.651439",
"asn": "AS30844",
"country": "Kenya",
"country_code": "KE",
"city": "Nairobi",
"cve": [
"CVE-2023-30799"
],
"matches": [
"Mikrotik RouterOS FoisHandler Code Execution (mipsbe)"
],
"hostnames": [],
"type": {
"id": "initial-access",
"finding": "potentially vulnerable"
},
"feed_ids": [
"80597145-be58-4754-b96a-fd0afa199657"
],
"_timestamp": "2024-05-31T10:54:33.208194Z"
}
]
}
Get Started with VulnCheck