Атака злоумышленников на Ivanti CSA - SEC-1275-1
Tags
| attack-pattern: | Cloud Services - T1021.007 Domains - T1583.001 Domains - T1584.001 |
Common Information
| Type | Value |
|---|---|
| UUID | b64e3a66-6f75-4b95-bd63-edf8e478817c |
| Fingerprint | d2dce5a6369e5a4b |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 14, 2024, midnight |
| Added to db | Oct. 14, 2024, 8:13 a.m. |
| Last updated | Nov. 15, 2024, 7:43 a.m. |
| Headline | Атака злоумышленников на Ivanti CSA |
| Title | Атака злоумышленников на Ivanti CSA - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 5/1/37 |
Source URLs
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 85 | cve-2024-8190 |
|
| Details | CVE | 70 | cve-2024-8963 |
|
| Details | Domain | 3 | 189f31ed7d.ipv6.bypass.eu.org |
|
| Details | Domain | 3 | apiv5.serverbks.xyz |
|
| Details | Domain | 3 | c67f045c2f.ipv6.1433.eu.org |
|
| Details | Domain | 3 | iowxuintgredogzgblrsmr2cx2e471bor.oast.fun |
|
| Details | Domain | 18 | lencr.org |
|
| Details | Domain | 121 | portswigger.net |
|
| Details | Domain | 3 | l8u6aolk4ejfsl9zeq6321zvwm2eq3.burpcollaborator.net |
|
| Details | Domain | 32 | temp.sh |
|
| Details | File | 9 | datetimetab.php |
|
| Details | File | 12 | reports.php |
|
| Details | sha1 | 3 | 64efc1aad330ea9d98c0c705e16cd4b3af7e74f8 |
|
| Details | sha1 | 3 | beb723a5f20a1a2c4375f9aa250d968d55155689 |
|
| Details | sha256 | 3 | 6edd7b3123de985846a805931ca8ee5f6f7ed7b160144aa0e066967bc7c0423a |
|
| Details | sha256 | 3 | 8d016d02f8fbe25dce76481a90dd0b48630ce9e74e8c31ba007cf133e48b8526 |
|
| Details | sha256 | 3 | d57a2cac394a778e19ce9b926f2e0a71936510798f30d20f207f2a49b49ce7b1 |
|
| Details | IPv4 | 3 | 156.234.193.18 |
|
| Details | IPv4 | 3 | 193.189.100.197 |
|
| Details | IPv4 | 3 | 206.189.156.69 |
|
| Details | IPv4 | 3 | 208.105.190.170 |
|
| Details | IPv4 | 3 | 216.131.75.52 |
|
| Details | IPv4 | 3 | 23.236.66.97 |
|
| Details | IPv4 | 3 | 24.166.100.255 |
|
| Details | IPv4 | 2 | 3.248.33.252 |
|
| Details | IPv4 | 2 | 34.250.195.30 |
|
| Details | IPv4 | 3 | 38.207.159.76 |
|
| Details | IPv4 | 3 | 45.61.136.189 |
|
| Details | IPv4 | 3 | 51.91.79.17 |
|
| Details | IPv4 | 2 | 54.77.139.23 |
|
| Details | IPv4 | 3 | 67.217.228.92 |
|
| Details | IPv4 | 3 | 69.49.88.235 |
|
| Details | IPv4 | 3 | 74.62.81.162 |
|
| Details | Mandiant Temporary Group Assumption | 18 | TEMP.SH |
|
| Details | Url | 3 | http://l8u6aolk4ejfsl9zeq6321zvwm2eq3.burpcollaborator.net |
|
| Details | Url | 3 | http://temp.sh/khkzg/datetimetab.php |
|
| Details | Url | 3 | http://temp.sh/vquow/reports.php |