{ "name": "Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation", "slug": "protecting-networks-from-opportunistic-ivanti-pulse-secure-vulnerability-exploitation", "description": "Juniper Threat Labs has observed attempts to exploit Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities (CVE-2023-46805 and CVE-2024-21887), leading to the delivery of Mirai botnet payloads. This analysis explores the vulnerabilities, exploitation methods, observed payloads, and Juniper's response, highlighting the importance of understanding and mitigating these threats to protect network security.", "published": "2024-05-10T07:06:22+00:00", "created_at": "2024-05-10T07:06:22+00:00", "modified_at": "2024-05-10T07:27:12+00:00", "created_at_opencti": "2024-05-10T07:06:22+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-05-05", "2024-05-06", "2024-05-07", "2024-05-08", "2024-05-09", "2024-05-10", "CVE-2023-46805", "CVE-2024-21887", "botnet", "ivanti", "mirai" ], "related_entities": { "observables": [ { "id": "", "name": "192.3.152.183" }, { "id": "", "name": "f20da76d75c7966abcbc050dde259a2c85b331c80cce0d113bc976734b78d61d" }, { "id": "", "name": "d6f5fc248e4c8fc7a86a8193eb970fe9503f2766951a3e4b8c084684e423e917" }, { "id": "", "name": "cf1b85d4812f7ee052666276a184b481368f0c0c7a43e6d5df903535f466c5fd" }, { "id": "", "name": "b9d92f637996e981006173eb207734301ff69ded8f9c2a7f0c9b6d5fcc9063a2" }, { "id": "", "name": "b0bc9a42a874cab6583e4993de7cc11a2b8343a4453bda97b83b0c2975e7181d" }, { "id": "", "name": "a843971908aa31a81d96cc8383dcde7f386050c6e3437ad6a470f43dc2bf894b" }, { "id": "", "name": "9b5fe87aaa4f7ae1c375276bfe36bc862a150478db37450858bbfb3fb81123c2" }, { "id": "", "name": "8f0c5baaca3b81bdaf404de8e7dcca1e60b01505297d14d85fea36067c2a0f14" }, { "id": "", "name": "850d3521693b4e1ec79981b3232e87b0bc22af327300dfdc7ea1b7a7e97619cd" }, { "id": "", "name": "67d989388b188a817a4d006503e5350a1a2af7eb64006ec6ad6acc51e29fdcd5" }, { "id": "", "name": "5fcbe868a8c53b7146724d579ff82252f00d62049a75a04baa4476e300b42d15" }, { "id": "", "name": "5d155f86425b02e45a6a5d62eb8ce7827c9c43f3025bffd6d996aabd039d27f9" }, { "id": "", "name": "5b20ed646362a2c6cdc5ca0a79850c7d816248c7fd5f5203ce598a4acd509f6b" }, { "id": "", "name": "575f0acd67df2620378fb5bd8379fd2f2ba0539b614986d60e85822ba0e9aa08" }, { "id": "", "name": "53f6cedcf89fccdcb6b4b9c7c756f73be3e027645548ee7370fd3486840099c4" }, { "id": "", "name": "3e785100c227af58767f253e4dfe937b2aa755c363a1497099b63e3079209800" }, { "id": "", "name": "3d19de117388d50e5685d203683c2045881a92646c69ee6d4b99a71bf65dafa7" }, { "id": "", "name": "1e6d93a27b0d7e97df5405650986e32641696967c07df3fa8edd41063b49507b" }, { "id": "", "name": "10686a12b7241a0836db6501a130ab67c7b38dbd583ccd39c9e655096695932e" }, { "id": "", "name": "038187ceb4df706b13967d2a4bff9f67256ba9615c43196f307145a01729b3b8" }, { "id": "", "name": "c27b64277c3d14b4c78f42ca9ee2438b602416f988f06cb1a3e026eab2425ffc" }, { "id": "", "name": "4e2c5513cf1c4a3c12c6e108d0120d57355b3411c30d59dfb0d263ad932b6868" } ], "malware": [ { "id": "legacy:malware:e203cadb3aafcc78", "name": "Mirai", "slug": "mirai" } ], "attack_patterns": [ { "id": "30fcebc4-6a32-43bc-b86f-09ec8d055dbc", "name": "T1609" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571", "name": "T1105" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62", "name": "T1190" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ], "vulnerabilities": [ { "id": "", "name": "CVE-2024-21887" }, { "id": "", "name": "CVE-2023-46805" } ] }, "external_refs": [ "https://blogs.juniper.net/en-us/security/protecting-your-network-from-opportunistic-ivanti-pulse-secure-vulnerability-exploitation", "https://otx.alienvault.com/pulse/663de38e4eaac52e30197797" ] }