A few months ago, RocketMQ[1], a real-time message queue platform, suffered of a nasty vulnerability referred as %%cve:2023-33246%%. I found another malicious script in the wild a few weeks ago that exploits this vulnerability. It has still today a very low VirusTotal detection score:2/60 [2] (SHA256:70710c630390dbf74a97162ab61aae78d3e18eacb41e16d3dd6bbd872fee66c5).
Article Link: https://isc.sans.edu/diary/rss/30492