FOCUS MODE
EXTRACT IOC
0Trash

Green Alliance Threat Intelligence Weekly Report (2025.01.20-2025.01.26) – Green Alliance Technology Blog

iocOne
This article discusses various cybersecurity threats, including remote code execution and denial-of-service vulnerabilities affecting Oracle WebLogic Server and MongoDB Mongoose, as well as insider threats involving ransomware gangs and malicious software. Key points from the article also highlight the rise of AI threats, phishing attacks during California wildfires, and vulnerabilities in popular software like 7-Zip. Affected: Oracle WebLogic Server, MongoDB Mongoose, Discord, 7-Zip, Russian Telecommunications, users affected by malicious AI and phishing attacks.

Keypoints :

  • Oracle WebLogic Server vulnerabilities (CVE-2025-21535/CVE-2025-21549) reported.
  • MongoDB Mongoose search injection vulnerability (CVE-2025-23061) identified.
  • 7-Zip high-risk vulnerability (CVE-2025-0411) allows remote code execution.
  • New AI tool GhostGPT raises concerns about cybercrime facilitation.
  • Attacks on Russian telecommunications confirmed, with no user data leak.
  • Ransomware groups posing as tech support reported by Sophos.
  • Phishing scams exploiting California wildfires highlighted.
  • Malicious PyPi package “pycord-self” targets Discord developers.
  • Gootloader malware family uses black hat SEO techniques for infectious attacks.

MITRE Techniques :

  • Execution (T1203) – Remote code execution via vulnerabilities in Oracle WebLogic Server and 7-Zip.
  • Exploitation for Client Execution (T1203) – Exploit of search injection vulnerability in MongoDB Mongoose.
  • Credential Dumping (T1003) – Exploitation through the malicious PyPi package to steal Discord tokens for unauthorized access.
  • Phishing (T1566) – Phishing campaigns leveraging news around California wildfires.
  • Command and Control (T1071) – Use of Microsoft Teams for ransomware operations by STAC5143 and STAC5777 groups.

Indicator of Compromise :

  • URL https://nti.nsfocus.com/threatNotice (Reference for Oracle WebLogic vulnerabilities)
  • URL https://nti.nsfocus.com/threatNotice (Reference for MongoDB Mongoose vulnerability)
  • URL https://ti.nsfocus.com/security-news/79vRBA (Malicious PyPi package)
  • URL https://ti.nsfocus.com/security-news/79vRC5 (7-Zip vulnerability reference)
  • URL https://ti.nsfocus.com/security-news/79vRBC (Information on Gootloader malware)

Full Story: https://blog.nsfocus.net/2025-01-20-2025-01-26/

Tags: TOOL, EXPLOIT, LEAK, MDR, CREDENTIAL, PHISHING, VULNERABILITY, WINDOWS