WIREFIRE
Associated Software Descriptions |
|
| Name | Description |
|---|---|
| GIFTEDVISITOR | (Citation: Volexity Ivanti Zero-Day Exploitation January 2024) |
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
WIREFIRE can respond to specific HTTP `POST` requests to `/api/v1/cav/client/visits`.(Citation: Mandiant Cutting Edge January 2024)(Citation: Volexity Ivanti Zero-Day Exploitation January 2024) |
| Enterprise | T1132 | .001 | Data Encoding: Standard Encoding |
WIREFIRE can Base64 encode process output sent to C2.(Citation: Mandiant Cutting Edge January 2024) |
| Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography |
WIREFIRE can AES encrypt process output sent from compromised devices to C2.(Citation: Mandiant Cutting Edge January 2024) |
| Enterprise | T1505 | .003 | Server Software Component: Web Shell |
WIREFIRE is a web shell that can download files to and execute arbitrary commands from compromised Ivanti Connect Secure VPNs.(Citation: Mandiant Cutting Edge January 2024) |
References
- McLellan, T. et al. (2024, January 12). Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation. Retrieved February 27, 2024.
- Meltzer, M. et al. (2024, January 10). Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN. Retrieved February 27, 2024.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.