# Prophet Spider's Exploited Vulnerabilities
> [!NOTE]
> This is the list of vulnerabilities that have been observed during intrusions by Prophet Spider (aka GOLD MELODY and UNC961), the initial access broker (IAB) that has helped ransomware deployment, such as MAZE, Egregor, or MountLocker

### `Apache`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Log4j | CVE-2021-44228 ("Log4Shell") | *Prophet Spider | [secureworks.com](https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker) |
| Log4j | CVE-2021-4104 | *Prophet Spider | [secureworks.com](https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker) |
| Struts | CVE-2017-5638 | *Prophet Spider | [secureworks.com](https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker) |

### `Citrix`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| ShareFile Storage Zones Controller | CVE-2021-22941 | *Prophet Spider | [crowdstrike.com](https://www.crowdstrike.com/en-us/blog/prophet-spider-exploits-citrix-sharefile/) |

### `Java Applications`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Jboss Application Server | CVE-2017-7504 | *Prophet Spider | [secureworks.com](https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker) |

### `Oracle`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| WebLogic | CVE-2020-14882 | *Prophet Spider | [secureworks.com](https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker) |
| WebLogic | CVE-2020-14750 | *Prophet Spider | [secureworks.com](https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker) |
| E-Business | CVE-2016-0545 | *Prophet Spider | [secureworks.com](https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker) |

### `Sitecore`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Sitecore XP | CVE-2021-42237 | *Prophet Spider | [secureworks.com](https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker) |

---

#### Sources
| Date Published | Report |
|---|---|
| 20 September 2023	| https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker |
| 23 March 2023	|	https://cloud.google.com/blog/topics/threat-intelligence/unc961-multiverse-financially-motivated |
| 7 March 2022	|	https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile |
| 4 August 2021	|	https://www.crowdstrike.com/blog/prophet-spider-exploits-oracle-weblogic-to-facilitate-ransomware-activity |