IOC Radar
TLP:WHITE2 IOCs

More Than The Sum of its Parts: Combining EASM and Pentesting

OU
Outpost24
Published May 22, 2026Original Report

Diamond Model

Attack Flow6 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1190
1/6
Exploit Public-Facing Application
ActionExploit public-facing application
Attackers exploited CVE-2025-31324, a vulnerability in SAP NetWeaver Visual Composer, allowing unauthenticated file uploads.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise2

TypeIndicatorConfidenceScoreFirst Seen
CVECVE-2025-31324
exploitintel-blogmalware
Medium
54
Jun 2, 26
CVECVE-2025-42999
exploitintel-blogvulnerability
Medium
51
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph2 total IOCs
CVE
CVE2REPORTMore Than The Sum of its P
scroll to zoom · drag to pan · click IOC to open