Threat Brief: CVE-2025-0282 and CVE-2025-0283

    Friday, January 17, 2025 In: Threat Research Print

    Date: 01/17/2025

    Severity: High

    Summary

    On January 8, 2025, Ivanti issued a security advisory addressing two vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in its Connect Secure, Policy Secure, and ZTA gateway products. This threat brief shares insights from a recent incident response engagement, offering actionable intelligence to help detect ongoing attacks exploiting CVE-2025-0282. These Ivanti products are network-facing appliances designed to enable remote access, making them potential targets for attackers seeking to infiltrate networks.

    Indicators of Compromise (IOC) List

    IP Address :

    185.219.141.95

    185.195.71.244

    193.149.180.128

    168.100.8.144

    Hash :

    7144B8C77D261985205AE2621EB6242F43D6244E18B8D01D05048337346B6EFD

AAE291AC5767CFE93676DACB67BA50C98D8FD520F5821FB050FD63E38B000B18

366635c00b8e6f749a4d948574a0f1e7b4c842ca443176de27af45debbc14f71

3526af9189533470bc0e90d54bafb0db7bda784be82a372ce112e361f7c7b104

43363AA0D1FDAB0174D94BD5A9E16D47CBB08B4B089C5A12E370133AB8E640A6

1dc0a3a5904ec35103538a018ef069fbe95b0a3c26cb0ff9ba0d1c268d1aaf98

f9ca95119b32a18491e3cc28c7020ee00f6e7a45ae089c876d87252e754e5a2e

723711ccbb3eaf1daea3d5b00aa6aaee48a359be395d9500d8a56609ec5238e9

75a3d53c1d63ecb338d4b2d6f5b3d980b0caceb77808ed81ab73b49138cc0a26

a6b24fcef2e018c9ef634aa21e26a74ff94ea508a8b132fad38d48f5ab10fcd3

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    IP Address :

    dstipaddress IN ("185.195.71.244","193.149.180.128","185.219.141.95","168.100.8.144") or ipaddress IN ("185.195.71.244","193.149.180.128","185.219.141.95","168.100.8.144") or publicipaddress IN ("185.195.71.244","193.149.180.128","185.219.141.95","168.100.8.144") or srcipaddress IN ("185.195.71.244","193.149.180.128","185.219.141.95","168.100.8.144")

    Hash :

    sha256hash IN ("7144B8C77D261985205AE2621EB6242F43D6244E18B8D01D05048337346B6EFD","AAE291AC5767CFE93676DACB67BA50C98D8FD520F5821FB050FD63E38B000B18","366635c00b8e6f749a4d948574a0f1e7b4c842ca443176de27af45debbc14f71","3526af9189533470bc0e90d54bafb0db7bda784be82a372ce112e361f7c7b104","43363AA0D1FDAB0174D94BD5A9E16D47CBB08B4B089C5A12E370133AB8E640A6","1dc0a3a5904ec35103538a018ef069fbe95b0a3c26cb0ff9ba0d1c268d1aaf98","f9ca95119b32a18491e3cc28c7020ee00f6e7a45ae089c876d87252e754e5a2e","723711ccbb3eaf1daea3d5b00aa6aaee48a359be395d9500d8a56609ec5238e9","75a3d53c1d63ecb338d4b2d6f5b3d980b0caceb77808ed81ab73b49138cc0a26","a6b24fcef2e018c9ef634aa21e26a74ff94ea508a8b132fad38d48f5ab10fcd3")

    Reference:   

    https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2025-0282-cve-2025-0283/ 


    Tags

    MalwareCVE-2025

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.