{"vulnerability": "CVE-2024-6473", "sightings": [{"uuid": "799678f1-5721-4ae3-83b1-76ae5332276a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/690", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&amp;CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&amp;CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:26.000000Z"}, {"uuid": "c16a6bab-efbd-45a8-bfc5-46501ab22708", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8925", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aProof of concept for CVE-2024-6473\nURL\uff1ahttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-02T08:05:19.000000Z"}, {"uuid": "818330e5-5349-40fe-9cc3-04554002fc3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "published-proof-of-concept", "source": "Telegram/CEeErVyyjYt_9VBb8y9SYm_t0zu2ZcxX84zFgoTKzVksjQ", "content": "", "creation_timestamp": "2024-11-02T16:28:44.000000Z"}, {"uuid": "0c2a207a-c64e-4dae-bf60-389bd25df6aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "exploited", "source": "https://t.me/ptescalator/341", "content": "Team46 \u0438 TaxOff: \u0434\u0432\u0435 \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u043e\u0434\u043d\u043e\u0439 \u043c\u0435\u0434\u0430\u043b\u0438 \ud83d\ude11\n\n\u0412 \u043c\u0430\u0440\u0442\u0435 2025 \u0433\u043e\u0434\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b TI-\u0434\u0435\u043f\u0430\u0440\u0442\u0430\u043c\u0435\u043d\u0442\u0430 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u043d\u043e\u0433\u043e \u0446\u0435\u043d\u0442\u0440\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Positive Technologies (PT Expert Security Center, PT ESC) \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0443, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0432 \u044d\u0442\u043e \u0436\u0435 \u0432\u0440\u0435\u043c\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f CVE-2025-2783 \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Chrome. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0430\u043c\u0443 \u0430\u0442\u0430\u043a\u0443 \u043e\u043f\u0438\u0441\u0430\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u00ab\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e\u00bb, \u043e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043e\u0441\u0442\u0430\u043b\u0430\u0441\u044c \u0431\u0435\u0437 \u0430\u0442\u0440\u0438\u0431\u0443\u0446\u0438\u0438.\n\n\ud83e\ude9e \u0412 \u043e\u0442\u0447\u0435\u0442\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u0430\u0442\u0440\u0438\u0431\u0443\u0446\u0438\u044f \u0434\u0430\u043d\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043a \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435 TaxOff, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438 \u0440\u0430\u043d\u0435\u0435. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442\u0441\u044f \u0434\u0430\u043d\u043d\u044b\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0435\u0449\u0435 \u043e\u0434\u043d\u0443 \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u0443\u044e \u043d\u0430\u043c\u0438 \u0440\u0430\u043d\u0435\u0435 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0443 Team46 \u0438 TaxOff \u043e\u0434\u043d\u043e\u0439 \u0438 \u0442\u043e\u0439 \u0436\u0435 \u0433\u0440\u0443\u043f\u043f\u043e\u0439.\n\n\u041d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u043c \u0432\u0435\u043a\u0442\u043e\u0440\u043e\u043c \u0430\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u043e \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0435\u0435 \u0441\u0441\u044b\u043b\u043a\u0443, \u043f\u0440\u0438 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0435 \u043f\u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0436\u0435\u0440\u0442\u0432\u0430 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043b\u0430 one-click exploit, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 Trinper \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 TaxOff \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0412 \u044d\u0442\u043e\u0439 \u0430\u0442\u0430\u043a\u0435 \u0431\u044b\u043b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0431\u044d\u043a\u0434\u043e\u0440 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 Team46.\n\n\u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 Team46 \u0431\u044b\u043b\u0430 \u0440\u0430\u043d\u0435\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 DLL-Hijacking \u0434\u043b\u044f \u042f\u043d\u0434\u0435\u043a\u0441 \u0411\u0440\u0430\u0443\u0437\u0435\u0440\u0430 (CVE-2024-6473).\n\n\ud83d\udcd6 \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u0447\u0438\u0442\u0430\u0439\u0442\u0435 \u043d\u0430 \u043d\u0430\u0448\u0435\u043c \u0441\u0430\u0439\u0442\u0435.\n\n#TI #APT #cve\n@ptescalator", "creation_timestamp": "2025-04-18T10:08:08.000000Z"}, {"uuid": "2cc9fbec-1bc1-4cd5-a6a6-1769c8a96f9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/20362", "content": "https://github.com/12345qwert123456/CVE-2024-6473-PoC\n\nProof of Concept of CVE-2024-6473\n#github #exploit", "creation_timestamp": "2024-11-02T16:39:33.000000Z"}, {"uuid": "5ffa1904-2542-4f59-8adf-304c6ab7cfd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "seen", "source": "https://t.me/cvedetector/4678", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-6473 - Yandex Browser for Desktop DLL Hijacking\", \n  \"Content\": \"CVE ID : CVE-2024-6473 \nPublished : Sept. 3, 2024, 11:15 a.m. | 42\u00a0minutes ago \nDescription : Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-03T14:07:48.000000Z"}, {"uuid": "94dcf60b-e34c-49f6-a24f-dd3944966f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/9017", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&amp;CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&amp;CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:21.000000Z"}, {"uuid": "580ceda6-23a7-4ee3-be8d-c1da3c9d0204", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3386", "content": "https://github.com/12345qwert123456/CVE-2024-6473-PoC\n\nProof of Concept of CVE-2024-6473\n#github #exploit", "creation_timestamp": "2024-11-02T16:19:42.000000Z"}, {"uuid": "f0b60796-5fad-4fe3-b8ec-6d25012469ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11381", "content": "#exploit\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\nhttps://blog.sonicwall.com/en-us/2024/10/vmware-vcenter-server-cve-2024-38812-dcerpc-vulnerability\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380\u00a0DLL Hijacking\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC", "creation_timestamp": "2024-11-04T17:28:48.000000Z"}, {"uuid": "7db182f6-27ba-4537-94fe-023e12ed982a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1216", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&amp;CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&amp;CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T04:10:10.000000Z"}, {"uuid": "d5b5d6d3-136a-4d91-b5a9-db8560da9048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24431", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&amp;CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&amp;CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:25.000000Z"}, {"uuid": "ba2c6bd9-dc96-4ab3-b3f4-a70aa499c7d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3901", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\n\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&amp;CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&amp;CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T04:10:09.000000Z"}, {"uuid": "e03dea55-8bc7-4bc0-955a-01a77ddced38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7636", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&amp;CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&amp;CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:21.000000Z"}, {"uuid": "bfd29cd0-3ee4-492b-84e7-26db6de5e9d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6473", "type": "seen", "source": "https://t.me/true_secator/6970", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Positive Technologies \u0441\u0432\u044f\u0437\u0430\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0433\u0440\u0443\u043f\u043f\u044b Team46 (\u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u0443\u044e \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u043f\u0440\u0438 \u0430\u0442\u0430\u043a\u0435 \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0433\u043e \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430 \u0436/\u0434-\u043f\u0435\u0440\u0435\u0432\u043e\u0437\u043e\u043a) \u0441\u00a0\u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 TaxOff, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044f \u043e\u0431\u0435 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0435\u0434\u0438\u043d\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b.\n\n\u0412 \u043c\u0430\u0440\u0442\u0435 2025 \u0433\u043e\u0434\u0430 \u041f\u043e\u0437\u0438\u0442\u0438\u0432\u044b \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0430\u0442\u0430\u043a\u0443, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c 0-day \u0434\u043b\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Chrome, \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0440\u043e\u0432\u0430\u0432 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442 \u043a \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435 TaxOff, \u0440\u0430\u043d\u0435\u0435 \u0443\u0436\u0435 \u043f\u043e\u043f\u0430\u0434\u0430\u0432\u0448\u0435\u0439 \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f.\n\n\u0412 \u0430\u0442\u0430\u043a\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e \u0441\u043e \u0441\u0441\u044b\u043b\u043a\u043e\u0439, \u043f\u0440\u0438 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0435 \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0436\u0435\u0440\u0442\u0432\u0430 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043b\u0430 1-click exploit (CVE-2025-2783) \u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u043b\u0430 \u0431\u044d\u043a\u0434\u043e\u0440\u00a0Trinper, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043b\u0430 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 TaxOff.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u044d\u0442\u043e\u0433\u043e \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430 \u0438\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0432\u044b\u0439\u0442\u0438 \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u044e\u044e \u0430\u0442\u0430\u043a\u0443, \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u0443\u044e \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0430\u0447\u0438\u043d\u0430\u043b\u0430\u0441\u044c \u0441 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0433\u043e \u043f\u0438\u0441\u044c\u043c\u0430, \u043f\u043e \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u0438 \u0441\u0442\u0438\u043b\u0438\u0441\u0442\u0438\u043a\u0435 \u0434\u043e \u0431\u043e\u043b\u0438 \u043f\u043e\u0445\u043e\u0436\u0435\u0433\u043e \u043d\u0430 \u043f\u0438\u0441\u044c\u043c\u043e \u0438\u0437 \u043d\u043e\u0432\u043e\u0439 \u0430\u0442\u0430\u043a\u0438.\n\n\u041f\u043e \u0441\u0441\u044b\u043b\u043a\u0435\u00a0https[://]mil-by[.]info/#/i?id=[REDACTED] \u0438\u0437 \u043f\u0438\u0441\u044c\u043c\u0430 \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0430\u0440\u0445\u0438\u0432 \u0441 \u044f\u0440\u043b\u044b\u043a\u043e\u043c, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0438\u043c\u00a0powershell.exe\u00a0\u0441 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u043d\u0435\u0435\u00a0\u0442\u0430\u043a\u0436\u0435 \u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 Team46.\n\nPowershell-\u0441\u043a\u0440\u0438\u043f\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043b\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u043e\u0441\u043b\u0435 \u0434\u0435\u043e\u0431\u0444\u0443\u0441\u043a\u0430\u0446\u0438\u0438 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0445\u043e\u0436\u0438 \u043d\u0430 \u0441\u043a\u0440\u0438\u043f\u0442\u044b \u0438\u0437 \u0430\u0440\u0441\u0435\u043d\u0430\u043b\u0430 Team46.\n\n\u0414\u043b\u044f \u043d\u0435\u0439\u043c\u0438\u043d\u0433\u0430 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430-\u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0438 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u0436\u0435\u0440\u0442\u0432\u044b \u043e\u0431\u0435 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u043e\u0434\u0438\u043d \u0438 \u0442\u043e\u0442 \u0436\u0435 \u043f\u0430\u0442\u0442\u0435\u0440\u043d: umawbfez-bkw5-f85a-3idl-3z4ql69v8it0.pdf \u0438 399ha122-tt9d-6f14-s9li-lqw7di42c792.pdf.\n\n\u0412 \u043e\u0431\u043e\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u043f\u0440\u0438 \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u0438 \u0444\u0430\u0439\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f User-Agent Edge, \u0430 \u043f\u0440\u0438 \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438\u00a0- User\u2011Agent \u042f\u043d\u0434\u0435\u043a\u0441 \u0411\u0440\u0430\u0443\u0437\u0435\u0440\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u0432 \u043e\u0431\u043e\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0438\u043c\u044f \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u043b\u043e\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u00a0query.\n\n\u041e\u0442\u043b\u0438\u0447\u0430\u043b\u0430\u0441\u044c \u043b\u0438\u0448\u044c \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430.\n\n\u0420\u0430\u043d\u0435\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0434\u043b\u044f \u0435\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c DLL-Hijacking \u0434\u043b\u044f \u042f\u043d\u0434\u0435\u043a\u0441.\u0411\u0440\u0430\u0443\u0437\u0435\u0440\u0430 (CVE-2024-6473) \u0441 \u043f\u043e\u0434\u043c\u0435\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Wldp.dll.\n\n\u0412 \u043d\u043e\u0432\u043e\u043c \u043a\u0435\u0439\u0441\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u00a0rdpclip.exe, \u0442\u0430\u043a\u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u043a DLL-Hijacking, \u0441 \u043f\u043e\u0434\u043c\u0435\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 winsta.dll.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 winsta.dll \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u0431\u044d\u043a\u0434\u043e\u0440\u0430 Trinper'a \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 TaxOff. \n\n\u0411\u044d\u043a\u0434\u043e\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u0435\u0440\u0432\u0435\u0440\u00a0common-rdp-front.global.ssl.fastly.net.\n\n\u0412 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0435, \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430, \u0440\u0430\u0441\u0441\u044b\u043b\u0430\u043b\u0441\u044f \u0430\u0440\u0445\u0438\u0432 \u0441 \u044f\u0440\u043b\u044b\u043a\u043e\u043c\u00a0\u0420\u043e\u0441\u0442\u0435\u043b\u0435\u043a\u043e\u043c.pdf.lnk, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u043b powershell.exe \u0441 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u043e\u0439 \u0434\u043b\u044f Team46 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439.\n\n\u0414\u043e\u043a\u0443\u043c\u0435\u043d\u0442-\u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0430 \u0432 \u0434\u0430\u043d\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u043b \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435 \u043d\u043e\u043c\u0435\u0440\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0430 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d \u0432 \u0441\u0442\u0438\u043b\u0435 Team46: \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u0439, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u043e \u043d\u0430\u0431\u0440\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 \u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u0435 \u043d\u0430\u0431\u043e\u0440 \u0446\u0438\u0444\u0440.\n\n\u041f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u043e\u0439 \u0432 \u0434\u0430\u043d\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0435 \u044f\u0432\u043b\u044f\u043b\u0441\u044f \u0444\u0430\u0439\u043b\u00a0AdobeARM.exe, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u043e\u0431\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u0438\u0437 \u043f\u0435\u0440\u0432\u043e\u0439 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u041f\u043e\u0437\u0438\u0442\u0438\u0432\u0430\u043c \u0430\u0442\u0430\u043a\u0438 Team46, \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0438\u0437 Dr.Web.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0440\u0430\u043d\u0435\u0435 \u041f\u0422 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u044d\u0442\u043e\u0442 \u0431\u044d\u043a\u0434\u043e\u0440, \u0442\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0438\u043c\u044f\u00a0AdobeARM.exe, \u043d\u0430 \u043e\u0434\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0441 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c Trinper \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043e\u0434\u043d\u043e\u0433\u043e \u0438\u0437 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432, \u0430 \u0430\u043d\u0430\u043b\u0438\u0437 \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a TaxOff \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e \u0438\u0434\u0435\u043d\u0442\u0438\u0447\u0435\u043d \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0443 Trojan.Siggen27.11306 Team46.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043e\u0431\u0435 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u0438 \u043f\u043e\u0445\u043e\u0436\u0438\u0435 \u0434\u043e\u043c\u0435\u043d\u044b \u0441 \u043c\u0438\u043c\u0438\u043a\u0440\u0438\u0435\u0439 \u043f\u043e\u0434 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b \u0441\u00a0\u0434\u0435\u0444\u0438\u0441\u0430\u043c\u0438 \u0432\u00a0\u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0438: ms\u2011appdata\u2011fonts.global.ssl.fastly[.]net (Team46) \u0438\u00a0fast\u2011telemetry\u2011api.global.ssl.fastly[.]net (TaxOff).\n\n\u041f\u043e \u0438\u0442\u043e\u0433\u0443, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0437\u0430\u043a\u043b\u044e\u0447\u0438\u043b\u0438, \u0447\u0442\u043e Team46 \u0438 TaxOff \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043e\u0434\u043d\u043e\u0439 \u0438 \u0442\u043e\u0439 \u0436\u0435 APT-\u0433\u0440\u0443\u043f\u043f\u043e\u0439, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u041f\u043e\u0437\u0438\u0442\u0438\u0432\u044b \u0442\u0435\u043f\u0435\u0440\u044c \u0432\u044b\u0431\u0440\u0430\u043b\u0438 \u0435\u0434\u0438\u043d\u043e\u0435 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 - Team46.", "creation_timestamp": "2025-04-21T20:20:05.000000Z"}]}