{
  "name": "Patch or Peril: A Veeam vulnerability incident",
  "slug": "patch-or-peril-a-veeam-vulnerability-incident",
  "description": "While the vulnerability CVE-2023-27532 was made public in March 2023 and subsequently patched by Veeam for versions 12/11a and later for Veeam Backup & Replication software, Group-IB\u2019s Digital Forensics and Incident Response (DFIR) team recently observed a notable incident related to this vulnerability.",
  "published": "2024-07-12T15:31:19+00:00",
  "created_at": "2024-07-12T15:31:19+00:00",
  "modified_at": "2024-07-12T15:49:45+00:00",
  "created_at_opencti": "2024-07-12T15:31:19+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-07-12",
    "CVE-2023-27532",
    "adfind",
    "backdoor",
    "fortigate",
    "netscan",
    "ransomware",
    "svhost",
    "veeam",
    "vpn"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "149.28.99.61"
      },
      {
        "id": "",
        "name": "149.28.106.252"
      }
    ],
    "intrusion_sets": [
      {
        "id": "24fbe7b9-d508-47e1-8322-a414b7849d37",
        "name": "EstateRansomware",
        "slug": "estateransomware"
      }
    ],
    "attack_patterns": [
      {
        "id": "f6ceeba2-b50c-47dc-8642-ab9842ca76d7",
        "name": "T1018"
      },
      {
        "id": "16e26db7-7376-40c1-b8a9-23d56c44f7ee",
        "name": "T1571"
      },
      {
        "id": "6efb8bea-11d7-418d-a429-9f4a3e6c50f6",
        "name": "T1087"
      },
      {
        "id": "a72b6e11-a5d5-4f5a-8f0d-8861e90c34f7",
        "name": "T1555"
      },
      {
        "id": "eb118bf2-fdf2-4b49-a470-0acabf7608ad",
        "name": "T1505"
      },
      {
        "id": "fc699aef-8931-4a79-8f79-9651be9abd50",
        "name": "T1021"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "53b3b18c-d0d0-4bf6-bc6b-2c0ab9180deb",
        "name": "T1070"
      },
      {
        "id": "e46a9411-d2a1-47c9-8820-c7f818f4c0b5",
        "name": "T1203"
      },
      {
        "id": "33962583-7396-47ef-913d-1db78d6685c9",
        "name": "T1569"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "ccb28547-a340-4193-a5d9-69222f3d5051",
        "name": "T1049"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d",
        "name": "T1053"
      },
      {
        "id": "fcd96dc0-500e-4354-bd97-5c65718a9004",
        "name": "T1562"
      },
      {
        "id": "b9eab970-53dd-4977-9a26-c4fe566e422d",
        "name": "T1133"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      }
    ]
  },
  "external_refs": [
    "https://www.group-ib.com/blog/estate-ransomware/",
    "https://otx.alienvault.com/pulse/66916868e0b575ac0469ac57"
  ]
}