MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
CISA received 4 files for analysis from an incident response engagement conducted at an Aeronautical Sector organization. 2 files (bitmap.exe, wkHPd.exe) are identified as variants of Metasploit (Meterpreter) and designed to connect and receive unencrypted payloads from their respective command and control (C2) servers. Note: Metasploit is an open source penetration testing software; Meterpreter is a Metasploit attack payload that runs an interactive shell. These executables are used as attack payloads to run interactive shells, allowing a malicious actor the ability to control and execute code on a system. 2 files (resource.aspx, ConfigLogin.aspx) are Active Server Pages (ASPX) web shells designed to execute remote JavaScript code on the victim server.