THREAT OPS › Threat News › An update on FortiBleed — what’s happening with victim orgs
An update on FortiBleed — what’s happening with victim orgs
<h3>An update on FortiBleed — what’s happening with victim orgs</h3><p>Two days ago I wrote something about FortiBleed:</p><p><a href="https://doublepulsar.com/fortibleed-75k-fortinet-firewalls-have-admin-passwords-cracked-60299faa65f8">FortiBleed — 75k Fortinet firewalls have admin passwords cracked</a></p><p>Fortinet told media orgs the data was from prior breaches and bruteforcing. That isn’t t
MITRE ATT&CK techniques
Indicators of compromise
- https://www.cloudsek.com/blog/inside-the-fortibleed-open-directory-a-technical-analysis-of-what-the-attacker-left-behindurl
- https://blog.gayint.org/intel/fortibleed.txturl
- https://www.cyber.gc.ca/en/alerts-advisories/al26-014-fortibleed-leak-thousands-compromised-credentials-impacting-fortinet-devicesurl
- 85.11.187.8ipv4
- 193.8.186.7ipv4
- 80.75.212.113ipv4
- 213.21.239.65ipv4
- 208.94.246.58ipv4
- 69.195.129.144ipv4
- 96.45.42.173ipv4
- owned.lab6.comdomain