{"vulnerability": "CVE-2024-9380", "sightings": [{"uuid": "5ef086b0-e1e0-40ae-983b-d517da9050ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "", "content": "", "creation_timestamp": "2024-10-21T08:30:29.822504Z"}, {"uuid": "6cf90410-f3ff-4489-925d-d7fcbfda13ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-10-09T18:10:03.000000Z"}, {"uuid": "af4b86b9-286f-42a9-aa0d-4652268193e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lgfg6rd6qb2l", "content": "", "creation_timestamp": "2025-01-23T08:02:53.555945Z"}, {"uuid": "59af0189-8639-4308-b578-554e562a0112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://bsky.app/profile/socprime.com/post/3lggbmc7dc72t", "content": "", "creation_timestamp": "2025-01-23T16:13:39.245755Z"}, {"uuid": "485b661b-5259-4083-b120-c423c8b74d93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3lt4gvohkok2q", "content": "", "creation_timestamp": "2025-07-04T04:49:18.755326Z"}, {"uuid": "e2a0620c-20e4-4625-aafb-2137fefcdd2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lt2omk6vat2d", "content": "", "creation_timestamp": "2025-07-03T12:01:59.673232Z"}, {"uuid": "78e3dd39-06bb-4590-9fae-bc11cb56736e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures", "content": "", "creation_timestamp": "2025-05-14T05:57:49.539353Z"}, {"uuid": "c0f0b9e7-b898-4704-93ad-66b0a46e66fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bd1f7e06-4107-433a-9fa6-fbf3db5cfa34", "content": "", "creation_timestamp": "2025-01-24T12:55:48.457634Z"}, {"uuid": "5d6b98a8-bde1-40cf-8dae-c484193ba24b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113873414203572986", "content": "", "creation_timestamp": "2025-01-22T18:26:48.383762Z"}, {"uuid": "56606491-7a95-4165-aee5-774be7381999", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://bsky.app/profile/bluecyber.bsky.social/post/3lgeaatupu22x", "content": "", "creation_timestamp": "2025-01-22T20:44:01.151764Z"}, {"uuid": "acbb6b37-56c2-4999-8fc2-2046a878b946", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "MISP/c4ff8fa3-9860-48da-a74a-f087aa0a76dd", "content": "", "creation_timestamp": "2025-07-03T14:29:36.000000Z"}, {"uuid": "a4846bab-a806-4b4d-845b-02058342a05d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "MISP/c4ff8fa3-9860-48da-a74a-f087aa0a76dd", "content": "", "creation_timestamp": "2025-07-04T05:01:05.000000Z"}, {"uuid": "2c616be9-6f6c-4695-a91e-413192d60987", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/55fe7259-646b-4f0c-9d71-1c1d4a78fd82", "content": "", "creation_timestamp": "2026-02-02T12:25:28.656658Z"}, {"uuid": "0bb69da9-6fb5-4820-b41f-37af17a34505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3887", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-9379\n\ud83c\udfe2 Vendor: Ivanti\n\ud83d\udda5\ufe0f Product: Cloud Services Appliance (CSA)\n\ud83d\udd39 Description: Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.\n\ud83d\udccf Published: 2024-10-08T00:00:00Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json\n2. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381?language=en_US\n3. https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications.pdf\n4. https://www.fortiguard.com/outbreak-alert/ivanti-csa-zero-day-attack", "creation_timestamp": "2025-02-08T23:20:33.000000Z"}, {"uuid": "998d2800-9a91-4bfa-b47c-7cc2dc277aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "exploited", "source": "https://t.me/thehackernews/5704", "content": "\u26a0\ufe0f WARNING: Ivanti\u2019s CSA is under attack! Three new zero-day vulnerabilities are being actively exploited in the wild. \n \nThese flaws, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, allow attackers to bypass restrictions, execute arbitrary SQL, and gain remote code execution\u2014all with admin privileges. \n \nFind details here: https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html", "creation_timestamp": "2024-10-08T18:43:40.000000Z"}, {"uuid": "8849c1a9-c8fc-4f85-89dd-a7e2bab72b13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lggeheeneu2x", "content": "", "creation_timestamp": "2025-01-23T17:04:34.010878Z"}, {"uuid": "0b41619f-51fd-45f7-9b01-77ec39fb856d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://threatintel.cc/2025/01/23/threat-actors-chained-vulnerabilities-in.html", "content": "", "creation_timestamp": "2025-01-23T13:22:01.000000Z"}, {"uuid": "19897e3c-ab5d-45e1-bcd6-68f5265a4991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:11:00.000000Z"}, {"uuid": "2cf656f6-a4e2-4bd6-97e6-996f77af00f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-221000f4-25831e62bfee571d", "content": "", "creation_timestamp": "2025-07-05T14:25:38.637007Z"}, {"uuid": "b799135f-19df-4002-a3aa-4767bb8d6cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://bsky.app/profile/cecallihelper.bsky.social/post/3lnkzrwu5xs2b", "content": "", "creation_timestamp": "2025-04-24T15:33:21.679088Z"}, {"uuid": "27dba0bb-7618-454c-99ad-c2b266e25b7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "MISP/27727c35-f389-4626-aa10-c80dcedac9a5", "content": "", "creation_timestamp": "2025-09-01T18:42:49.000000Z"}, {"uuid": "24ad1f8b-cc1a-4115-a3f6-16d86bf5e1a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d82e641f-e90f-451d-a13e-2aa4eecf8343", "content": "", "creation_timestamp": "2026-02-02T12:26:26.366157Z"}, {"uuid": "5affa916-2c5d-4719-bb06-697593bb4b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d82e641f-e90f-451d-a13e-2aa4eecf8343", "content": "", "creation_timestamp": "2026-02-02T12:26:26.366157Z"}, {"uuid": "e893aa49-6f3f-4f74-acb3-fdcb4b31abe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/4828357e-5b9d-45d5-a952-da459107ce93", "content": "", "creation_timestamp": "2024-10-10T08:32:47.057103Z"}, {"uuid": "c14817af-1c4c-4d39-a0bf-8bb85e39a6c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/3651b195-292d-4150-b4a3-186bbc6fa128", "content": "", "creation_timestamp": "2024-10-21T08:27:33.229801Z"}, {"uuid": "7b8223d1-2e07-4ba7-bc8c-588783b4da95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/55fe7259-646b-4f0c-9d71-1c1d4a78fd82", "content": "", "creation_timestamp": "2026-02-02T12:25:28.656658Z"}, {"uuid": "6d4391cf-9a48-4c5b-8ae5-b502c5b9ef7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "exploited", "source": "https://t.me/itsec_news/5218", "content": "\u200b\u26a1\ufe0f\u0412\u0437\u043b\u043e\u043c Ivanti: \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0435 \u0445\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0448\u043b\u0438 \u0441\u043b\u0430\u0431\u043e\u0435 \u0437\u0432\u0435\u043d\u043e \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445\n\n\ud83d\udcac CISA \u0438 \u0424\u0411\u0420 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u0434\u0432\u0443\u0445 \u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u0446\u0435\u043f\u043e\u0447\u0435\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Ivanti CSA. \u0411\u044b\u043b\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 (IOC) \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0435 \u0432 \u0445\u043e\u0434\u0435 \u043b\u0438\u043a\u0432\u0438\u0434\u0430\u0446\u0438\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u0430\u0442\u0430\u043a.\n\n\u0425\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0434\u0432\u0435 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u043c\u0435\u0442\u043e\u0434\u044b \u0431\u043e\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f (Lateral Movement) \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0441\u0431\u043e\u0440\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432\u0435\u0431-\u0448\u0435\u043b\u043b\u043e\u0432 \u043d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-8963 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9.4), CVE-2024-9379 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 6.5), CVE-2024-8190 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7.2) \u0438 CVE-2024-9380 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7.2) \u0441\u0442\u0430\u043b\u0438 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c\u0438 \u0446\u0435\u043b\u044f\u043c\u0438 \u0434\u043b\u044f \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u043e\u0432. \u0412 \u043e\u0434\u043d\u043e\u043c \u0438\u0437 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 \u0430\u0442\u0430\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-8963, CVE-2024-8190 \u0438 CVE-2024-9380, \u0430 \u0432\u043e \u0432\u0442\u043e\u0440\u043e\u043c \u2014 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044f CVE-2024-8963 \u0438 CVE-2024-9379. \u0412 \u0440\u044f\u0434\u0435 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043b\u0438 \u043d\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0432\u043d\u0443\u0442\u0440\u0438 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Ivanti CSA 4.6x \u0434\u043e 519, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 5.0.1 \u0438 \u043d\u0438\u0436\u0435. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0432\u0435\u0440\u0441\u0438\u044f 4.6 \u0431\u043e\u043b\u044c\u0448\u0435 \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0438 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0435\u0451 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439. \u041e\u0434\u043d\u0430\u043a\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Ivanti \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u043d\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 CSA 5.0 \u0434\u0430\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c.\n\n\u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u043c \u0440\u0430\u0431\u043e\u0442\u044b \u0445\u0430\u043a\u0435\u0440\u043e\u0432. \u0412 \u043e\u0434\u043d\u043e\u043c \u0438\u0437 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0438 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u043b \u0430\u0442\u0430\u043a\u0443. \u0412 \u0434\u0440\u0443\u0433\u043e\u043c \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0437\u0430\u0449\u0438\u0442\u044b \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u0435\u043a \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0432\u0435\u0431-\u0448\u0435\u043b\u043b\u043e\u0432. \u0412 \u0442\u0440\u0435\u0442\u044c\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043f\u043e\u043c\u043e\u0433\u043b\u0438 \u0431\u044b\u0441\u0442\u0440\u043e \u0432\u044b\u044f\u0432\u0438\u0442\u044c \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 Obelisk \u0438 GoGo Scanner.\n\n\u0412\u043e \u0432\u0441\u0435\u0445 \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f\u0445 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u0432\u0448\u0438\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0437\u0430\u043c\u0435\u043d\u0438\u043b\u0438 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u043c\u0430\u0448\u0438\u043d\u044b \u043d\u0430 \u0447\u0438\u0441\u0442\u044b\u0435 \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0451\u043d\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438. \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430 \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u043e\u0433\u0438 \u0438 \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u044b \u0434\u043b\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u0441\u043b\u0435\u0434\u043e\u0432 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u0432\u0441\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u043d\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445, \u043a\u0430\u043a \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435.\n\nMandiant \u0441\u0432\u044f\u0437\u0430\u043b\u0430 \u0430\u0442\u0430\u043a\u0438 \u0441 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 APT -\u0433\u0440\u0443\u043f\u043f\u043e\u0439 UNC5221, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u043d\u0435\u0435 \u0432 \u0434\u0435\u043a\u0430\u0431\u0440\u0435 2023 \u0433\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 VPN-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Ivanti Connect Secure. \u0412 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043a\u0430\u0441\u0442\u043e\u043c\u043d\u044b\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0431\u044d\u043a\u0434\u043e\u0440 Zipline, \u0434\u0440\u043e\u043f\u043f\u0435\u0440 Thinspool, \u0432\u0435\u0431-\u0448\u0435\u043b\u043b Lightwire \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 Warpwire. \u0422\u0430\u043a\u0436\u0435 \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PySoxy \u0438 BusyBox \u0434\u043b\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-01-24T10:31:22.000000Z"}, {"uuid": "2c166829-4c6c-4282-b3b7-6c00ca6f0a27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "exploited", "source": "https://t.me/itsec_news/5811", "content": "\u200b\u26a1\ufe0fVShell? \u0421\u043a\u043e\u0440\u0435\u0435 \u0443\u0436 VHell: \u043d\u043e\u0432\u044b\u0439 \u043a\u043e\u0448\u043c\u0430\u0440 \u0434\u043b\u044f Linux \u043e\u0442 UNC5174\n\n\ud83d\udcac \u041a\u0438\u0442\u0430\u0439\u0441\u043a\u0430\u044f \u043a\u0438\u0431\u0435\u0440\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 UNC5174, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Uteus \u0438\u043b\u0438 Uetus, \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u043b\u0430 \u043d\u043e\u0432\u0443\u044e \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 SNOWLIGHT \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 VShell \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c. \u041a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0431\u044b\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Sysdig, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u043d\u0443\u043b\u0438, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0432\u0441\u0451 \u0447\u0430\u0449\u0435 \u043f\u0440\u0438\u0431\u0435\u0433\u0430\u044e\u0442 \u043a \u0442\u0430\u043a\u0438\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u0441\u043e\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u044d\u043a\u043e\u043d\u043e\u043c\u0438\u0438, \u043d\u043e \u0438 \u0447\u0442\u043e\u0431\u044b \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043f\u043e\u0434 \u043c\u0435\u043d\u0435\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0438 \u043c\u0430\u043b\u043e\u043a\u043e\u043c\u043f\u0435\u0442\u0435\u043d\u0442\u043d\u044b\u0445 \u043d\u0430\u043f\u0430\u0434\u0430\u044e\u0449\u0438\u0445.\n\n\u0413\u0440\u0443\u043f\u043f\u0443 UNC5174 \u0440\u0430\u043d\u0435\u0435 \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u043b\u0438 \u0441 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u043c \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e\u043c, \u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u0433\u043e\u0434\u0430 \u043e\u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435 \u043f\u0440\u0438\u0432\u043b\u0435\u043a\u0430\u043b\u0430 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f. \u041e\u0434\u043d\u0430\u043a\u043e \u043d\u043e\u0432\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0432\u043e\u0437\u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430\u0441\u044c, \u043f\u0440\u0438\u0447\u0451\u043c \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u043e\u0434\u0432\u0438\u043d\u0443\u0442\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b.\n\n\u0412 \u0447\u0438\u0441\u043b\u0435 \u0440\u0430\u043d\u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432\u0435\u043a\u0442\u043e\u0440\u0430\u043c\u0438 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0444\u0438\u0433\u0443\u0440\u0438\u0440\u0443\u044e\u0442 Connectwise ScreenConnect \u0438 F5 BIG-IP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 ELF-\u0444\u0430\u0439\u043b SNOWLIGHT, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 C. \u042d\u0442\u043e\u0442 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u0432\u044b\u0441\u0442\u0443\u043f\u0430\u0435\u0442 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u043e\u043c \u0434\u043b\u044f \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u0443\u044e\u0449\u0435\u0433\u043e \u043c\u043e\u0434\u0443\u043b\u044f GOHEAVY \u043d\u0430 Go, \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u0441 C2-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0447\u0435\u0440\u0435\u0437 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 SUPERSHELL.\n\n\u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 GOREVERSE \u2014 \u043e\u0431\u0440\u0430\u0442\u043d\u044b\u0439 \u0448\u0435\u043b\u043b \u043d\u0430 Go, \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u0443\u044e\u0449\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 SSH. \u0424\u0440\u0430\u043d\u0446\u0443\u0437\u0441\u043a\u043e\u0435 \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 ANSSI \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c, \u0441\u0445\u043e\u0436\u0443\u044e \u0441 \u043c\u0435\u0442\u043e\u0434\u0430\u043c\u0438 UNC5174, \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044f \u043d\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0432 Ivanti Cloud Service Appliance. \u0421\u0440\u0435\u0434\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u044e\u0442\u0441\u044f CVE-2024-8963 , CVE-2024-9380 \u0438 CVE-2024-8190 , \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u041e\u0431\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u2014 SNOWLIGHT \u0438 VShell \u2014 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 Linux, \u043d\u043e \u0438 \u043d\u0430 macOS. VShell \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043c\u0430\u0441\u043a\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0434 \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Cloudflare \u0434\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0430, \u0442\u0430\u043a\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b\u0438\u0441\u044c \u043d\u0430 VirusTotal \u0438\u0437 \u041a\u0438\u0442\u0430\u044f \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430, \u0447\u0442\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0435\u0435 \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0432\u044f\u0437\u043a\u0438.\n\n\u0412 \u0445\u043e\u0434\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439 \u0430\u0442\u0430\u043a\u0438, \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2025 \u0433\u043e\u0434\u0430, SNOWLIGHT \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u043b \u0440\u043e\u043b\u044c \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u0434\u043b\u044f VShell \u2014 RAT-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u0431\u0435\u0437 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043d\u0430 \u0434\u0438\u0441\u043a, \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u0442\u043e \u0443\u0441\u043b\u043e\u0436\u043d\u044f\u0435\u0442 \u0435\u0433\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u044b\u043c\u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\u043c\u0438. \u041d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0432\u0435\u043a\u0442\u043e\u0440 \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e bash-\u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u00abdownload_backd.sh\u00bb, \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u044e\u0449\u0435\u0433\u043e \u0434\u0432\u0430 \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u0430: \u00abdnsloger\u00bb (SNOWLIGHT) \u0438 \u00absystem_worker\u00bb (\u043c\u043e\u0434\u0443\u043b\u044c Sliver), \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0437\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u0441\u0442\u0432\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u0441\u0432\u044f\u0437\u044c \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041d\u0430 \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u044e\u0449\u0435\u043c \u044d\u0442\u0430\u043f\u0435 \u0430\u0442\u0430\u043a\u0438 SNOWLIGHT \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043b \u0437\u0430\u043f\u0440\u043e\u0441 \u043a C2-\u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u043f\u043e\u043b\u0443\u0447\u0430\u044f VShell. \u042d\u0442\u043e\u0442 RAT \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0438 \u0432\u044b\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0437\u0430\u0440\u0430\u0436\u0451\u043d\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u043e\u0439. \u041e\u0441\u043e\u0431\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u043c\u044b\u0435 \u0442\u0430\u043a\u0442\u0438\u043a\u0438: \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 WebSocket-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0441\u0432\u044f\u0437\u0438 \u0438 \u043f\u043e\u043b\u043d\u043e\u0435 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0441\u043b\u0435\u0434\u043e\u0432 \u043d\u0430 \u0434\u0438\u0441\u043a\u0435.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f TeamT5 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u0441\u0445\u043e\u0436\u0435\u0439 \u0430\u0442\u0430\u043a\u0435, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u0433\u0434\u0435 \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Ivanti \u0431\u044b\u043b\u0438 \u0440\u0430\u0437\u0432\u0451\u0440\u043d\u0443\u0442\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b SPAWNCHIMERA. \u041f\u043e\u0434 \u043f\u0440\u0438\u0446\u0435\u043b \u043f\u043e\u043f\u0430\u043b\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438\u0437 20 \u0441\u0442\u0440\u0430\u043d, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0410\u0432\u0441\u0442\u0440\u0438\u044e, \u0410\u0432\u0441\u0442\u0440\u0430\u043b\u0438\u044e, \u0424\u0440\u0430\u043d\u0446\u0438\u044e, \u042f\u043f\u043e\u043d\u0438\u044e, \u042e\u0436\u043d\u0443\u044e \u041a\u043e\u0440\u0435\u044e, \u0421\u0438\u043d\u0433\u0430\u043f\u0443\u0440, \u041e\u0410\u042d, \u0412\u0435\u043b\u0438\u043a\u043e\u0431\u0440\u0438\u0442\u0430\u043d\u0438\u044e \u0438 \u0421\u0428\u0410.\n\n\u041d\u0430 \u0444\u043e\u043d\u0435 \u044d\u0442\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u041a\u0438\u0442\u0430\u0439 \u043e\u0431\u0432\u0438\u043d\u0438\u043b \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0437\u0438\u043c\u043d\u0438\u0445 \u0410\u0437\u0438\u0430\u0442\u0441\u043a\u0438\u0445 \u0438\u0433\u0440, \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0432\u0448\u0438\u0445 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u0432 \u0425\u0430\u0440\u0431\u0438\u043d\u0435. \u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0433\u043e CVERC, \u0442\u043e\u043b\u044c\u043a\u043e \u0441 26 \u044f\u043d\u0432\u0430\u0440\u044f \u043f\u043e 14 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u044b\u043b\u043e \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u043e \u0431\u043e\u043b\u0435\u0435 170 \u0442\u044b\u0441\u044f\u0447 \u0430\u0442\u0430\u043a \u0441 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u0445 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0430 \u043e\u0431\u0449\u0435\u0435 \u0447\u0438\u0441\u043b\u043e \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0430\u0442\u0430\u043a \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u043e \u0441\u0432\u044b\u0448\u0435 270 \u0442\u044b\u0441\u044f\u0447. \u041f\u0435\u043a\u0438\u043d \u0440\u0430\u0441\u0446\u0435\u043d\u0438\u043b \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0421\u0428\u0410 \u043a\u0430\u043a \u0443\u0433\u0440\u043e\u0437\u0443 \u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0432\u043c\u0435\u0448\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e \u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0441\u0442\u0440\u0430\u043d\u044b.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-04-16T10:49:28.000000Z"}, {"uuid": "4197e809-c22d-4809-bfd7-710206b19661", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://t.me/cvedetector/7382", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-9380 - Ivanti CSA OS Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-9380 \nPublished : Oct. 8, 2024, 5:15 p.m. | 40\u00a0minutes ago \nDescription : An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T20:23:57.000000Z"}]}