VDB

GCVE-110-OSM-2026-2011

GCVE-110-OSM-2026-2011
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 12, 2026
Malicious package detected. Behaviors: data exfiltration, code execution, network activity, obfuscated code. Payload: data/sigma-core/rules/windows/network_connection/net_connection_win_domain_dead_drop_resolvers.yml Secondary files: data/sigma-core/rules/windows/process_creation/proc_creation_win_powershell_base64_hidden_flag.yml, data/sigma-core/rules/windows/builtin/appxdeployment_server/win_appxdeployment_server_appx_downloaded_from_file_sharing_domains.yml Key findings: - Download and Execute in data/sigma-core/rules/linux/builtin/lnx_shell_susp_commands.yml: "wget * - http* | sh" - Reverse Shell in data/sigma-core/rules/linux/builtin/lnx_shell_susp_rev_shells.yml: "/bin/sh -i" - Ngrok Tunneling Service in data/sigma-core/rules/linux/network_connection/net_connection_lnx_ngrok_tunnel.yml: "ngrok.com" - Sensitive File Access in data/sigma-core/rules/linux/process_creation/proc_creation_lnx_susp_history_delete.yml: "'/.bash_history'" - OAST/Interactsh Exfiltration in data/sigma-core/rules/network/dns/net_dns_external_service_interaction_domains.yml: ".oast.fun" IOCs: - ipv4: 1.9.2.13, 1.6.3.8, 22.36.35.06, 4.0.221.6, 1.9.1.2 (+6 more) - ipv6: fe80::, fc00::, 2620:83:8000:: - urls: https://attack.mitre.org/groups/G0007, https://attack.mitre.org/groups/G0016, https://attack.mitre.org/groups/G0032, https://attack.mitre.org/groups/G0046, https://attack.mitre.org/groups/G0008 (+45 more) - domains: attack.mitre.org, secariolabs.com, org.apache.logging.log4j.core.net, rules.sonarsource.com, owasp.org (+45 more) - emails: daniel.bohannon@permiso.io, ODB-user@domain.com - bitcoinAddresses: 3AB3655E5A14D4EEFC547F4781BF7F9E, 3AD59991CCF1D67339B319B15A41B35D, 3f11a94f1ac5efdd19767c6976da9ba4, 1cd158a64f3d886357535382a6fdad75, 1f2888e57fdd6aee466962c25ba7d62d (+43 more) - pasteSites: http://pastebin.com/FtygZ1cg - sha256Hashes: 925b0b28472d4d79b4bf92050e38cc2b8f722691c713fc28743ac38551bc3797, 8f8daabe1c8ceb5710949283818e16c4aa8059bf2ce345e2f2c90b8692978424, d9669f7e3eb3a9cdf6a750eeb2ba303b5ae148a43e36546896f1d1801e912466, 5fcda49ee7f202559a6cbbb34edb65c33c9a1e0bde9fa2af06a6f11b55ded619, a4edfbd42595d5bddb442c82a02cf0aaa10893c1bf79ea08b9ce576f82749448 (+45 more) - payloadFileHash: d1e436594003056eb24e48d3b4cec916a308537d8548428d45a64677f2837ba1

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@thrunt/mcpall (affected)

References

vendor

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›