[CDP-development] Confluence-related Open Source Threat Intel available
Masse, Theresa
theresa.masse at cisa.dhs.gov
Thu Jun 9 09:14:55 PDT 2022
FYSA
Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>
[cid:image001.png at 01D87BE1.03024C90]
[cid:image002.png at 01D87BE1.617BA1E0]
Due to ongoing exploitation of the Confluence RCE vulnerability (CVE-2022-26124), CISA would like to point to a few notable examples of TLP:WHITE open source threat intel.
* https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
* CISA recommends reviewing the Yara rules at the bottom of the blog to detect webshell activity
* Snort signatures (expected to be added to the public rule set on snort.org<http://snort.org> today) from Cisco Talos
* See attachment for full text of snort rules
* CISA recommends periodically checking snort.org<http://snort.org> in case there are updates to the rules.
* SIDs:
* sid 1:59927<https://snort.org/rule_docs/1-59927>
* sid 1:59928<https://snort.org/rule_docs/1-59928>
* sid 1:59929<https://snort.org/rule_docs/1-59929>
* sid 1:59930<https://snort.org/rule_docs/1-59930>
* sid 1:59931<https://snort.org/rule_docs/1-59931>
* sid 1:59932<https://snort.org/rule_docs/1-59932>
* sid 1:59933<https://snort.org/rule_docs/1-59933>
* sid 1:59934<https://snort.org/rule_docs/1-59934>
* sid 1:59941<https://snort.org/rule_docs/1-59941>
As a reminder, all organizations should report incidents and anomalous activity to CISA, via secure message through the Incident Reporting System | CISA<https://us-cert.cisa.gov/forms/report>. Questions and concerns may be directed to CISA Central at Central at cisa.dhs.gov<mailto:Central at cisa.dhs.gov> or at 1-888-282-0870.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220609/9304b075/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 103795 bytes
Desc: image004.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220609/9304b075/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 5129 bytes
Desc: image005.jpg
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220609/9304b075/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220609/9304b075/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 103841 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220609/9304b075/attachment-0005.png>
More information about the CDP-development
mailing list