Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-46604

Source

Properties

Threat Severity

High

Description

Attackers have been exploiting a remote code execution vulnerability (CVE-2023-46604) in Apache ActiveMQ, enabling them to deploy various malicious payloads like Mirai Botnet, HelloKitty Ransomware, SparkRAT, and XMRig. This vulnerability affects both Apache ActiveMQ Artemis and Classic versions, allowing attackers to execute unauthorized code due to insecure deserialization of the OpenWire protocol. The attacks involve tactics like using curl and wget for payload downloads, Base64 encoding for command obfuscation, employing 'nohup' to prevent process termination, and utilizing netcat for creating reverse shells to interact with the compromised host. The Trellix Threat Intelligence Group (TIG) gathers and analyzes information from multiple open and closed sources before disseminating intelligence reports. This campaign was researched by Cybereason and shared publicly https://www.cybereason.com/blog/beware-of-the-messengers-exploiting-activemq-vulnerability

Knowledge Base

Available Soon

External Resources

https://www.cybereason.com/blog/beware-of-the-messengers-exploiting-activemq-vulnerability

Global Prevalence

Low

High

Observed Countries47

Brazil274.25 devices found impacted per 1M devices
Spain50.78 devices found impacted per 1M devices
Poland147.69 devices found impacted per 1M devices
Thailand2146.1 devices found impacted per 1M devices
Turkey698.06 devices found impacted per 1M devices
Taiwan2915.41 devices found impacted per 1M devices
United States105.89 devices found impacted per 1M devices
Puerto Rico2286.51 devices found impacted per 1M devices
Argentina447.71 devices found impacted per 1M devices
Colombia193.29 devices found impacted per 1M devices
India282.48 devices found impacted per 1M devices
Italy220.27 devices found impacted per 1M devices
United Arab Emirates323.85 devices found impacted per 1M devices
China60.76 devices found impacted per 1M devices
United Kingdom37.82 devices found impacted per 1M devices
Canada24.39 devices found impacted per 1M devices
Germany11.82 devices found impacted per 1M devices
Hong Kong169.53 devices found impacted per 1M devices
Czech Rep.200.84 devices found impacted per 1M devices
Japan21.52 devices found impacted per 1M devices
Nicaragua2934.87 devices found impacted per 1M devices
Honduras3822.83 devices found impacted per 1M devices
Panama1125.18 devices found impacted per 1M devices
Malaysia564.56 devices found impacted per 1M devices
Saudi Arabia239.7 devices found impacted per 1M devices
El Salvador856.33 devices found impacted per 1M devices
Vietnam108.07 devices found impacted per 1M devices
South Africa51.48 devices found impacted per 1M devices
Belgium105.79 devices found impacted per 1M devices
France14.68 devices found impacted per 1M devices
Venezuela333.82 devices found impacted per 1M devices
Singapore35.53 devices found impacted per 1M devices
Indonesia59.16 devices found impacted per 1M devices
Romania132.03 devices found impacted per 1M devices
Mexico21.36 devices found impacted per 1M devices
Sweden44.74 devices found impacted per 1M devices
Qatar125.67 devices found impacted per 1M devices
Korea68.98 devices found impacted per 1M devices
Lebanon620.48 devices found impacted per 1M devices
Netherlands12.39 devices found impacted per 1M devices
Hungary47.76 devices found impacted per 1M devices
Slovakia98.85 devices found impacted per 1M devices
Egypt39.42 devices found impacted per 1M devices
Guatemala34.1 devices found impacted per 1M devices
Ireland6.28 devices found impacted per 1M devices
Luxembourg25.46 devices found impacted per 1M devices
Portugal24.15 devices found impacted per 1M devices

Observed Sectors22

Outsourcing & Hosting
428.4 devices found impacted per 1M devices
Telecom
588.26 devices found impacted per 1M devices
Unknown Sectors
289.86 devices found impacted per 1M devices
Wholesale
135.24 devices found impacted per 1M devices
Banking/Financial/Wealth Management
28852.46 devices found impacted per 1M devices
Energy/Oil & Gas
485.49 devices found impacted per 1M devices
Government
35.32 devices found impacted per 1M devices
Hospitality
1980.61 devices found impacted per 1M devices
Healthcare
143.67 devices found impacted per 1M devices
Real Estate
1192.27 devices found impacted per 1M devices
Process Manufacturing
541.07 devices found impacted per 1M devices
Technology/IT
25.51 devices found impacted per 1M devices
Transportation & Shipping
162.04 devices found impacted per 1M devices
Insurance
331.91 devices found impacted per 1M devices
Media & Communications
105.2 devices found impacted per 1M devices
Software
135.96 devices found impacted per 1M devices
Construction
259.11 devices found impacted per 1M devices
Education
63.22 devices found impacted per 1M devices
Services
115.69 devices found impacted per 1M devices
Accounting & Legal
22.16 devices found impacted per 1M devices
Automotive
2.45 devices found impacted per 1M devices
Consumer Products
26.46 devices found impacted per 1M devices

Compare Detections

Detection rate is the number of artifact detections reported by McAfee global sensors for this threat over 4 days.

Threat Prevalence - Past 4 days

Mar 15, 2024

Mar 16, 2024

Mar 17, 2024

Mar 18, 2024

Sector

Country

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Apache ActiveMQ Vulnerability Exploited To Drop Malware (CVE-2023-46604)

Threat Severity

Description

Knowledge Base

External Resources

Observed Countries47

Observed Sectors22

Threat Prevalence - Past 4 days

Vulmon Search

About

Products

Connect