QuoINT continued their analysis of the ongoing investigation into the worm activity exploiting the RCE vulnerability in the Exim Mail Server. In a recently distributed brief, the team describes the artifacts involved in the attack, as well as provides an update to the attackers’ infrastructure. This coming week, the team will release additional analysis into the C2 infrastructure and threat actor attribution! – PDF 1,98 MB
QuoINT INTELBRIEF – Actors Exploiting the RCE Vulnerability
18. November 19