{"id":54589,"date":"2023-11-20T00:00:00","date_gmt":"2023-11-20T00:00:00","guid":{"rendered":"urn:uuid:1d0311c8-1151-e864-8dd0-a5140bdbc679"},"modified":"2023-11-20T00:00:00","modified_gmt":"2023-11-20T00:00:00","slug":"cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/","title":{"rendered":"CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/CVE-2023-46604-cover:Large?qlt=80\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/CVE-2023-46604-cover.png\" class=\"ff-og-image-inserted\"><\/div>\n<div readability=\"54.770919067215\">\n<p>We uncovered the active exploitation of the Apache ActiveMQ vulnerability <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-46604\">CVE-2023-46604<\/a> to download and infect Linux systems with the <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/k\/analysis-of-kinsing-malwares-use-of-rootkit.html\">Kinsing<\/a> malware (also known as h2miner) and cryptocurrency miner. When exploited, this vulnerability leads to remote code execution (RCE), which Kinsing uses to download and install malware. The vulnerability itself is due to OpenWire commands failing to validate throwable class type, leading to RCE.<\/p>\n<p>ActiveMQ (written in Java) is an open-source protocol developed by Apache that implements message-oriented middleware (MOM). Its main function is to send messages between different applications. It also includes additional features like STOMP, Jakarta Messaging (JMS), and OpenWire.<\/p>\n<p>The Kinsing malware is a critical threat that primarily targets Linux-based systems and can infiltrate servers and spread rapidly across a network. It gains entry by exploiting vulnerabilities in web applications or misconfigured container environments.&nbsp;&nbsp;<\/p>\n<p>Recently, the threat actors behind Kinsing have been exploiting high-profile vulnerabilities such as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-4911\">CVE-2023-4911<\/a> (Looney Tunables). Once Kinsing infects a system, it deploys a cryptocurrency-mining script that exploits the host&#8217;s resources to mine cryptocurrencies like Bitcoin, resulting in significant damage to the infrastructure and a negative impact on system performance.<\/p>\n<p>The following list details affected Apache ActiveMQ versions that are vulnerable to CVE-2023-46604:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Apache ActiveMQ 5.18.0 before 5.18.3<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Apache ActiveMQ 5.17.0 before 5.17.6<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Apache ActiveMQ 5.16.0 before 5.16.7<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Apache ActiveMQ before 5.15.16<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16<\/span><\/li>\n<\/ul>\n<p>Users are <a href=\"https:\/\/activemq.apache.org\/news\/cve-2023-46604\">recommended to upgrade<\/a> both Java OpenWire brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, as any of these fixes the issue.<\/p>\n<p>Based on <a href=\"https:\/\/issues.apache.org\/jira\/browse\/AMQ-9370\">AMQ-9370<\/a>, we are able to check the root cause of the vulnerability, which is an issue pertaining to the validation of throwable class types when OpenWire commands are unmarshalled.<\/p>\n<p>OpenWire is a binary protocol that has been specifically designed for working with message-oriented middleware. It serves as the native wire format of ActiveMQ, which is a widely used open-source messaging and integration platform. OpenWire&#8217;s binary format offers several advantages over other formats, such as its efficient use of bandwidth and its ability to support a wide range of message types. These characteristics make it an ideal choice for businesses and organizations that require a reliable and high-performance messaging system.<\/p>\n<p>Based on the patch difference, we can see that the <b>validateIsThrowable<\/b> method has been included in the <b>BaseDataStreamMarshall<\/b> class.<\/p>\n<\/p><\/div>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/k\/cve-2023-46604-exploited-by-kinsing.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":54590,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9555,9523,9509],"class_list":["post-54589","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-network","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-20T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/CVE-2023-46604-cover:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits\",\"datePublished\":\"2023-11-20T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/\"},\"wordCount\":409,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Exploits&amp;Vulnerabilities\",\"Trend Micro Research : Network\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/\",\"name\":\"CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits.png\",\"datePublished\":\"2023-11-20T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits.png\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/","og_locale":"en_US","og_type":"article","og_title":"CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-11-20T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/CVE-2023-46604-cover:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits","datePublished":"2023-11-20T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/"},"wordCount":409,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Exploits&amp;Vulnerabilities","Trend Micro Research : Network","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/","url":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/","name":"CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits.png","datePublished":"2023-11-20T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits.png","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/cve-2023-46604-apache-activemq-exploited-to-infect-systems-with-cryptominers-and-rootkits\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54589"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54589\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/54590"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}