Chinese hackers have unleashed a never-before-seen Linux backdoor::SprySOCKS borrows from open source Windows malware and adds new tricks.
CVE-2022-40684 An authentication bypass vulnerability in Fortinet FortiOS, FortiProxy and FortiSwitchManager
CVE-2022-39952 An unauthenticated remote code execution (RCE) vulnerability in Fortinet FortiNAC
CVE-2021-22205 An unauthenticated RCE vulnerability in GitLab CE/EE
CVE-2019-18935 An unauthenticated remote code execution vulnerability in Progress Telerik UI for ASP.NET AJAX
CVE-2019-9670 / CVE-2019-9621 A bundle of two vulnerabilities for unauthenticated RCE in Zimbra Collaboration Suite
ProxyShell (CVE-2021-34473, CVE-2021-34523v, CVE-2021-31207) A set of three chained vulnerabilities that perform unauthenticated RCE in Microsoft Exchange
SprySOCKS Capabilities:
ID NOTES- 0x09 Gets machine information
- 0x0a Starts interactive shell
- 0x0b Writes data to interactive shell
- 0x0d Stops interactive shell
- 0x0e Lists network connections (parameters: “ip”, “port”, “commName”, “connectType”)
- 0x0f Sends packet (parameter: “target”)
- 0x14, 0x19 Sends initialization packet
- 0x16 Generates and sets clientid
- 0x17 Lists network connections (parameters: “tcp_port”, “udp_port”, “http_port”, “listen_type”, “listen_port”)
- 0x23 Creates SOCKS proxy
- 0x24 Terminates SOCKS proxy
- 0x25 Forwards SOCKS proxy data
- 0x2a Uploads file (parameters: “transfer_id”, “size”)
