Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
The DFIR ReportArchived Mar 16, 2026✓ Full text saved
Key Takeaways The DFIR Report Services Table of Contents: Case Summary In late June 2024, an unpatched Confluence server was compromised via CVE-2023-22527, a template injection vulnerability, first from IP address 45.227.254[.]124, which just ran whoami and exited. Shortly thereafter, a different IP address used the same exploit, running curl to deploy a Metasploit payload […] The post Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware appeared first on The DFIR Report .
Full text archived locally
✦ AI Summary· Claude Sonnet
Access DFIR Labs Book a Demo The DFIR Report provides in-depth, real-world intelligence based on observed intrusions, enabling security analysts and teams to strengthen defenses, enhance detection, and accelerate response. Linkedin X Products Threat Intel DFIR Labs Case Artifacts Threat Feed Detection Pack Active Defense Services Training Professional Services Public Reports Company About us Analysts Careers Contact Us