← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
WHITE UTA0178 AlienVault 2024-03-01 Modified: 2024-03-31
37
IOCs
MEDIUM VOLUME
Cyber threat actors are actively exploiting multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways that can be chained to bypass authentication, craft malicious requests, and execute arbitrary commands. This enables threat actors to implant web shells for persistence and harvest credentials stored on compromised devices.
vpncve-2023-46805cve-2024-21888web shelllightwirecve-2024-21893credentialschainlinecve-2024-21887cve-2024-22024glasstokenivantigiftedvisitorbushwalk
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
GLASSTOKEN GIFTEDVISITOR BUSHWALK LIGHTWIRE CHAINLINE
Indicators of Compromise (8 / 37 total)
All CVE FileHash-MD5 FileHash-SHA256 YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 2ec505088b942c234f39a37188e80d7a 2024-03-01
FileHash-MD5 3045f5b3d355a9ab26ab6f44cc831a83 2024-03-01
FileHash-MD5 3d97f55a03ceb4f71671aa2ecf5b24e9 2024-03-01
FileHash-MD5 8eb042da6ba683ef1bae460af103cc44 2024-03-01
FileHash-MD5 a739bd4c2b9f3679f43579711448786f 2024-03-01
FileHash-MD5 a81813f70151a022ea1065b7f4d6b5ab 2024-03-01
FileHash-MD5 d0c7a334a4d9dcd3c6335ae13bee59ea 2024-03-01
FileHash-MD5 e8489983d73ed30a4240a14b1f161254 2024-03-01
References (1)
↗ https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b