Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
Tags
attack-pattern: Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Ntds - T1003.003 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID a598835d-8dbd-4d2c-b5b2-55d4b3e123b0
Fingerprint b5afdb17ca4310e1
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 10, 2024, 7 p.m.
Added to db Aug. 31, 2024, 10:27 a.m.
Last updated Nov. 17, 2024, 6:44 p.m.
Headline UNKNOWN
Title Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
Detected Hints/Tags/Attributes 81/1/31
Source URLs
Redirection Url
Details Source https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/
URL Provider
Details Provider Source level domain
Details volexity.com www.volexity.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 396 Blog | Threat Intelligence & Memory Forensics | Volexity https://www.volexity.com/blog/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 42 
cve-2023-46805
Details CVE 55 
cve-2024-21887
Details Domain 95 
ip-api.com
Details Domain 1 
dslogconfig.pm
Details Domain 2 
sessionserver.pl
Details Domain 2 
sessionserver.sh
Details Domain 3 
visits.py
Details Domain 1 
download.pulsesecure.net
Details Domain 2 
gpoaccess.com
Details Domain 2 
webb-institute.com
Details Domain 2 
symantke.com
Details File 1 
sessionserver.pl
Details File 1 
lastauthserverused.js
Details File 2 
s.py
Details File 1 
s.jar
Details File 2 
visits.py
Details IPv4 198 
1.1.1.1
Details IPv4 2 
206.189.208.156
Details IPv4 2 
75.145.243.85
Details IPv4 2 
47.207.9.89
Details IPv4 3 
98.160.48.170
Details IPv4 3 
173.220.106.166
Details IPv4 2 
73.128.178.221
Details IPv4 2 
50.243.177.161
Details IPv4 2 
50.213.208.89
Details IPv4 2 
64.24.179.210
Details IPv4 2 
75.145.224.109
Details IPv4 2 
50.215.39.49
Details IPv4 2 
71.127.149.194
Details IPv4 2 
173.53.43.7
Details Threat Actor Identifier by Volexity 14 
UTA0178