Ivanti Connect Secure: Journey to the core of the DSLog backdoor
Common Information
| Type | Value |
|---|---|
| UUID | c9cda795-3929-49d6-a6ea-4c528015ec83 |
| Fingerprint | 161e3191712e9c026b89be5c31efef65bbab0406e265915d55b5137252bba438 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 8, 2024, 6:02 p.m. |
| Added to db | Feb. 9, 2024, 6:41 p.m. |
| Last updated | Aug. 31, 2024, 3:23 a.m. |
| Headline | Ivanti Connect Secure: Journey to the core of the DSLog backdoor |
| Title | Ivanti Connect Secure: Journey to the core of the DSLog backdoor |
| Detected Hints/Tags/Attributes | 56/1/28 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 32 | schemas.xmlsoap.org |
|
| Details | Domain | 150 | www.w3.org |
|
| Details | Domain | 1 | dslog.pm |
|
| Details | Domain | 1 | dslogmb.pm |
|
| Details | File | 1 | portal.cer |
|
| Details | File | 10 | index.txt |
|
| Details | File | 31 | schemas.xml |
|
| Details | File | 1 | index2.txt |
|
| Details | File | 1 | index1.txt |
|
| Details | sha256 | 1 | da58bdb765904300581fe8a818c28cca7c0b62eabd7ce29f181924177c8f13c7 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 1 | 159.65.123.122 |
|
| Details | Url | 1 | https://portal.cert.orangecyberdefense.com/vulns/60095 |
|
| Details | Url | 1 | https://portal.cert.orangecyberdefense.com/worldwatch/839001 |
|
| Details | Url | 24 | http://schemas.xmlsoap.org/soap/envelope |
|
| Details | Url | 7 | http://www.w3.org/2000/09/xmldsig# |
|
| Details | Url | 6 | http://www.w3.org/2001/10/xml-exc-c14n# |
|
| Details | Url | 2 | http://www.w3.org/2000/09/xmldsig#rsa |
|
| Details | Url | 50 | http://www.w3.org/2001/xmlschema-instance |
|
| Details | Url | 1 | http://www.w3.org/2000/09/xmldsig |
|
| Details | Url | 1 | http://127.0.0.1:8090/api/v1/license/keys- |
|
| Details | CVE | 25 | cve-2024-21893 |
|
| Details | CVE | 42 | cve-2023-46805 |
|
| Details | CVE | 14 | cve-2024-21888 |
|
| Details | CVE | 55 | cve-2024-21887 |
|
| Details | Domain | 1 | www.orangecyberdefense.com |
|
| Details | Domain | 1 | portal.cert.orangecyberdefense.com |
|
| Details | Url | 1 | http://127.0.0.1:8090/api/v1/license/keys-status |