216.73.216.214

GLASSTOKEN

The MITRE Corporation · Published 06/03/2024 20:14 · Modified 27/03/2026 01:05 Family

Essential information

Confidence
100/100
Is family
Yes
Published
06/03/2024 20:14
Modified
27/03/2026 01:05
Revoked
No
Author / Source
The MITRE Corporation
Related entities
14 attack patterns (mitre), 1 intrusion sets (apt), 20 indicators, 6 vulnerabilities (cve), 1 campaign, 1 campaigns

Description

[GLASSTOKEN](https://attack.mitre.org/software/S1117) is a custom web shell used by threat actors during [Cutting Edge](https://attack.mitre.org/campaigns/C0029) to execute commands on compromised Ivanti Secure Connect VPNs.(Citation: Volexity Ivanti Zero-Day Exploitation January 2024)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references