Zero Day Initiative — Riding the InfoRail to Exploit Ivanti Avalanche
Tags
attack-pattern: Data Credentials - T1589.001 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID bd40a9ac-7a25-44ef-ad5c-05df65b83715
Fingerprint b819985348a383c1
Analysis status DONE
Considered CTI value 2
Text language
Published July 19, 2022, 8:59 a.m.
Added to db Jan. 19, 2023, 12:15 a.m.
Last updated Dec. 22, 2024, 12:40 p.m.
Headline Riding the InfoRail to Exploit Ivanti Avalanche
Title Zero Day Initiative — Riding the InfoRail to Exploit Ivanti Avalanche
Detected Hints/Tags/Attributes 63/1/31
Source URLs
Redirection Url
Details Source http://www.thezdi.com/blog/2022/7/19/riding-the-inforail-to-exploit-ivanti-avalanche
URL Provider
Details Provider Source level domain
Details thezdi.com www.thezdi.com
Attributes
Details Type #Events CTI Value
Details CVE 1 
cve-2021-42124
Details CVE 1 
cve-2021-42126
Details CVE 1 
cve-2021-42125
Details CVE 3 
cve-2021-39146
Details Domain 1 
objectgraphpart.java
Details Domain 1 
distributionvariables.java
Details Domain 1 
processmessage.java
Details Domain 1 
processinforailrequest.java
Details Domain 1 
messageprocessorvector.java
Details Domain 1 
anstesthandler.java
Details Domain 3 
dologin.java
Details Domain 1 
authenticate.java
Details Domain 1 
logininner.java
Details File 1 
x06h.msg
Details File 2 
h.msg
Details File 1 
requestpayload.xml
Details File 1 
objectgraphpart.java
Details File 1 
distributionvariables.java
Details File 1 
processmessage.java
Details File 1 
processinforailrequest.java
Details File 1 
messageprocessorvector.java
Details File 1 
anstesthandler.java
Details File 1 
aspectjweaver.xml
Details File 1 
jndigadget.xml
Details File 3 
dologin.java
Details File 1 
authenticate.java
Details File 1 
userbean.log
Details File 1 
logininner.java
Details IPv4 676 
0.0.0.0
Details IPv4 1 
255.3.2.8
Details IPv4 1 
255.3.2.12