← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications | CISA
WHITE eric.ford 2025-01-24 Modified: 2025-02-23
44
IOCs
MEDIUM VOLUME
This intelligence provides actionable insights into the September 2024 exploitation of Ivanti Cloud Service Appliances (CSA) by attackers who chained various Ivanti CSA vulnerabilities with CVE-2024-8963. The chaining of these vulnerabilities led to unauthorized access, remote code execution, credential theft, and webshell deployment. Even though exploitation occurred in September 2024, organizations using affected versions of Ivanti CSA are still at risk. The Advisory warns that "Credentials and sensitive data stored within affected Ivanti appliances should be considered compromised."
threattype/Vulnerability Exploitationthreattype/Webshell Deploymentthreattype/Remote Code Executionthreattype/Credential Theftkevc/Ivanti Cloud Service Appliances (CSA) CVE-2024-8963, CVE-20Industries/All Industries
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (44)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2024-8190 2025-01-24
CVE CVE-2024-8963 2025-01-24
CVE CVE-2024-9379 2025-01-24
CVE CVE-2024-9380 2025-01-24
CVE CVE-2024-9381 2025-01-24
CVE CVE-2025-0282 2025-01-24
CVE CVE-2025-0283 2025-01-24
FileHash-MD5 061e5946c9595e560d64d5a8c65be49e 2025-01-24
FileHash-MD5 1b20e9310ca815f9e2bd366fb94e147f 2025-01-24
FileHash-MD5 30f57e14596f1bcad7cc4284d1af4684 2025-01-24
FileHash-MD5 53c5b7d124f13039eb62409e1ec2089d 2025-01-24
FileHash-MD5 60d5648d35bacf5c7aa713b2a0d267d3 2025-01-24
FileHash-MD5 6401646e701f5f47518ecef48a308a36 2025-01-24
FileHash-MD5 698a752ec1ca43237cb1dc791700afde 2025-01-24
FileHash-MD5 78cc672218949a9ec87407ad3bcb5db6 2025-01-24
FileHash-MD5 86b62ffd33597fd635e01b95f08bb996 2025-01-24
FileHash-MD5 a50660fb31df96b3328640fdfbeea755 2025-01-24
FileHash-MD5 aa69300617faab4eb39b789ebfeb5abe 2025-01-24
FileHash-MD5 ae51c891d2e895b5ca919d14edd42c26 2025-01-24
FileHash-MD5 c2becc553b96ba27d60265d07ec3bd6c 2025-01-24
FileHash-MD5 c7d20ca6fe596009afaeb725fec8635f 2025-01-24
FileHash-MD5 c894f55c8fa9d92e2dd2c78172cff745 2025-01-24
FileHash-MD5 cacc30e2a5b2683e19e45dc4f191cebc 2025-01-24
FileHash-MD5 d13f71e51b38ffef6b9dc8efbed27615 2025-01-24
FileHash-MD5 d88bfac2b43509abdc70308bef75e2a6 2025-01-24
FileHash-MD5 dd975310201079cacd4cde6facab8c1d 2025-01-24
FileHash-MD5 e09fef2f502a41c199046219a6584e8d 2025-01-24
FileHash-MD5 f7f81ae880a17975f60e1e0fe1a4048b 2025-01-24
FileHash-MD5 f82847bccb621e6822a3947bc9ce9621 2025-01-24
FileHash-SHA1 a62af4ac233d914a25e79ec0705e2a187ebd7567 SHA1 of 60d5648d35bacf5c7aa713b2a0d267d3 2025-01-24
FileHash-SHA256 4b16ea1b1273f8746cf399c71bfc1f5bff7378b5414b4ea044c55e0ee08c89d3 SHA256 of 60d5648d35bacf5c7aa713b2a0d267d3 2025-01-24
URL http://107.173.89.16/8000 2025-01-24
URL http://108.174.199.200/Xa27efd2.tmp 2025-01-24
URL http://173.243.138.76/fdsupdate 2025-01-24
URL http://208.184.237.75/fdsupdate 2025-01-24
URL http://45.33.101.53/log 2025-01-24
URL http://45.33.101.53/log2 2025-01-24
URL http://98.98.54.209/a.sh 2025-01-24
URL http://ip.sb 2025-01-24
URL https://pan.xj.hk/d/ 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5 2025-01-24
domain socket.af 2025-01-24
domain subprocess.call 2025-01-24
hostname cri07nnrg958pkh6qhk0977u8c83jog6t.oast.fun 2025-01-24
hostname cri07nnrg958pkh6qhk0yrgy1e76p1od6.oast.fun 2025-01-24
References (1)
↗ https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a