IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

Connecting the Dots: Detecting the Exploitation of ConnectWise ScreenConnect Vulnerabilities

DATE : 2024-05-12T13:08:14
SOURCE : darktrace.com

CVE:
cve-2024-1708
cve-2024-1709
cve-2024-17091
cve-2024-1597
cve-2024-22245

FILE_HASH_MD5:
a21768190f3b9feae33aaef660cb7a83

FILE_HASH_SHA1:
24780657328783ef50ae0964b23288e68841a421

Domain:
speedguide.net
connectwise.com
securityweek.com
arcticwolf.com
socradar.io
otx.alienvault.com
screenconnect.com

Url:
https://www.speedguide.net/port.php?port=8041
https://www.connectwise.com/company/announcements/labtech-now-connectwise-automate
https://www.connectwise.com/solutions/software-for-internal-it/automate
https://www.securityweek.com/slashandgrab-screenconnect-vulnerability-widely-exploited-for-malware-delivery
https://arcticwolf.com/resources/blog/cve-2024-1709-cve-2024-1708-follow-up-active-exploitation-and-pocs-observed-for-critical-screenconnect-vulnerabilities/https://success.trendmicro.com/dcx/s/solution/000296805?language=en_US&am
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
https://socradar.io/critical-vulnerabilities-in-connectwise-screenconnect-postgresql-jdbc-and-vmware-eap-cve-2024-1597-cve-2024-22245
https://otx.alienvault.com/indicator/ip/185.62.58.132
https://otx.alienvault.com/indicator/ip/108.61.210.72
https://otx.alienvault.com/indicator/ip/116.0.56.101