위협 경보 : Ivanti Connect 보안 VPN 제로 데이 착취 관련 IOC 48개 발견
Impotant:
http://146[.]0[.]228[.]66
http://50[.]215[.]39[.]49
a739bd4c2b9f3679f43579711448786f
465600cece80861497e8c1c86a07a23e
186[.]179[.]39[.]235
http://entraide-internationale[.]fr
https://www[.]mandiant[.]com/resources/blog/suspected-apt-targets-ivanti-zero-day
3d97f55a03ceb4f71671aa2ecf5b24e9
http://173[.]220[.]106[.]166
173[.]220[.]106[.]166
https://SAMLHostName/dana-na/auth/saml-logout[.]cgi
http://symantke[.]com
http://clickcom[.]click
http://logclear[.]pl
8[.]137[.]112[.]245
e8489983d73ed30a4240a14b1f161254
https://SAMLHostName/dana-na/auth/saml-endpoint[.]cgi
http://line-api[.]com
http://Secure-cama[.]com
http://request[.]data
8eb042da6ba683ef1bae460af103cc44
a81813f70151a022ea1065b7f4d6b5ab
3045f5b3d355a9ab26ab6f44cc831a83
http://159[.]65[.]130[.]146
https://SAMLHostName/dana-na/auth/saml-consumer[.]cgi
http://ehangmun[.]com
https://www[.]cisa[.]gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure
https://SAMLHostName/dana-na/auth/saml-sso[.]cgi
https://www[.]volexity[.]com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
http://duorhytm[.]fun
http://clicko[.]click
b15f47e234b5d26fb2cc81fc6fd89775
2ec505088b942c234f39a37188e80d7a
http://miltonhouse[.]nl
http://186[.]179[.]39[.]235
50[.]215[.]39[.]49
http://45[.]61[.]136[.]14
146[.]0[.]228[.]66
91[.]92[.]254[.]14
159[.]65[.]130[.]146
http://areekaweb[.]com
45[.]61[.]136[.]14
d0c7a334a4d9dcd3c6335ae13bee59ea
http://91[.]92[.]254[.]14
https://www[.]mandiant[.]com/resources/blog/investigating-ivanti-zero-day-exploitation
https://www[.]volexity[.]com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/
http://8[.]137[.]112[.]245
요약:
Ivanti Connect Secure VPN 제로 데이 착취와 같은 중요한 취약점이 공개되었으며, 사이버 시즌은 이러한 위협을 알리고 보호하기 위한 경고를 발행합니다. Volexity와 Mandiant는 이러한 취약점을 밝히는 보고를 발표했습니다.
위협 경보 : Ivanti Connect 보안 VPN 제로 데이 착취:
https://www.cybereason.com/blog/threat-alert-ivanti-connect-secure-vpn-zero-day-exploitation