Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA

Oct. 15, 2024, 6:19 p.m.

Description

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

External References

https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa
https://otx.alienvault.com/pulse/670eaec50e8004d11d044338
Tags
rootkit
powershell
lockbit
attack
service
malicious
web shell
2024-10-15
threat actor
zero-day vulnerability
csa appliance
cve20248190
zero
life

Date

  • Created: Oct. 15, 2024, 6:04 p.m.
  • Published: Oct. 15, 2024, 6:04 p.m.
  • Modified: Oct. 15, 2024, 6:19 p.m.

Indicators

  • d57a2cac394a778e19ce9b926f2e0a71936510798f30d20f207f2a49b49ce7b1
  • 8d016d02f8fbe25dce76481a90dd0b48630ce9e74e8c31ba007cf133e48b8526
  • 6edd7b3123de985846a805931ca8ee5f6f7ed7b160144aa0e066967bc7c0423a
  • 74.62.81.162
  • 69.49.88.235
  • 67.217.228.92
  • 51.91.79.17
  • 38.207.159.76
  • 208.105.190.170
  • 156.234.193.18
  • 45.61.136.189
  • 216.131.75.52
  • 23.236.66.97
  • l8u6aolk4ejfsl9zeq6321zvwm2eq3.burpcollaborator.net
  • iowxuintgredogzgblrsmr2cx2e471bor.oast.fun
  • apiv5.serverbks.xyz
  • oast.fun
Download all indicators here!

Attack Patterns

  • T1110
  • T1014
  • T1505
  • T1055
  • T1036
  • T1140
  • T1566
  • T1190
  • T1068