Skip to content
This repository was archived by the owner on Nov 16, 2023. It is now read-only.

Create Pulse Secure.md #388

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Create Pulse Secure.md #388

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
140 changes: 140 additions & 0 deletions Exploits/Pulse Secure.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
Pulse Secure Vulnerabilty

Malicious files hunt for Pulse Connect Secure devices

//Query

let SHA1Hash= dynamic(["2eca4cb00c32a1b8f32601e68080d517ceabf136",
"67642856a2d26025f7482d2a7dec1e402fc152bb",
"6c160643d92111c7ae95803913c311395d7d5b7c",
"cc68a9c5ff57129e8b897d228e54807841f8ff67",
"1e43bc7cde1c2ac7b0db7b74b3be47334171d410",
"1f26ef302ebc881380aa227ddd8eaebdad54679f",
"2f1eddf6af9284f6b6c0a8b14fc3e5986ee601c7",
"620bfbc94296271c3c6d71b97a8b5486d63347b3",
"763b3109f06abfce5528692ede685fd5ddab3fe2",
"93471787f22bedc23c4d60508feffe7903ba5061",
"b4f69befd77f668afc793bb1ccb68226e62df734",
"f1a857f4abd6be94b0a3eeb7930d41bbec078097",
"c8280f0b4391087327138cf14886e6fe48ed102a",
"d864f76565f48a545c5ac8067a65a761402faad5",
"b0e273df5f62724732f795db2e8c51803355dafb",
"b1a91c40690855358be81216c93a47ea5d753e5c",
"e8a04559649cc3d6a9ea36fb8f31d791d2a9f0dc",
"0577f0c4d5c40641448961a7ccf348bcfceec4a5",
"13b53fd7fad41cf727764a0c23a031831c5147ea",
"2c8843427ee85b2212ce7ee1c9d3a5e254154aca",
"7b0bc1c2442d672ffbd1cc0a9e67dbeae4d72f52",
"9df4c1e279e9f9cdd2e5b4fe919490256cfb7adf",
"bca88545f0e413112e1463d9944a9c217e8ddf83",
"df50d0035a86b68d6c382c3364d7e1046fddb8a6",
"04a5d3d01ca5083d8adbae2b84794f0bf506d51f",
"168a7b58875f8c4dfeb9ea311db7ce7275295c74",
"afc52937829c78cb14ec087e66e39be3571e00ca",
"05bd06d3b7fc73ce9210ffa9ff3e0a0efb3a3a78",
"0a4a5be7704fa9f1a8c826888060831051767b52",
"2c8ec97aaa43648f07ddf7e257cc3faaeacbb3f2",
"4991f7ffbb16128fafc1c6d476a5793f4dc2554a",
"ce92ff9cf1a65372d09d8d20e3e9a60665ddce43",
"30ae381feea1b1a84b7996b8c1fa9182b9db15f5",
"3872a44a7e311f21d617531105eff9b390a7d189",
"870f0e58f0a0ff695aab39a93ad26b16698887a7",
"be63eac2efc4a2bdc17dcd067975ccd0113cf70a"]);
let SHA256Hash= dynamic(["a3b60b4bc4a5c7af525491ba37b570f90405aa83e36655da7d91bd68acaedf85",
"bef423bd85a25d14ffa511a0e04194e59b283057bd41689d473f79d227942c98",
"d3982747d9b589ea20581b0448bddfd7c8a7cdad4760a99b4de762742833640a",
"ec3dc5a11b66c5b3ab006ac786914de674e50d0b08c6f6d0cfe7247dbe67a496",
"359b86d7f20430f0418b8401be34251bcddcc8aa48803597d8d78caaa547c875",
"47a8e0a09f87450a7d6984dc7b7700c477b76c155dae7733126de9dbb78d3ef4",
"779d5410b6974cacacfdcddd68e7dac2409ea7957b9be4ae049466bd550de63c",
"8c103a004cdbfb42c82851822e2d5263e33970faa82b83e4cc1fe9697c1e6ef9",
"55800aa55e96ed160dcef2dcc0797085c2d6c9f70b522eed3d269e2f3268014e",
"814b430126795b4b06c0b5c3c4919c7a55be441f45756282b0754e3517141f93",
"4e231b1525c4af04e8bf5dfc7de34a28f3441bc339130bf2a683e42b39953be2",
"85dd35caf68e281b078530493559c6daf1b4ed84b55fad983a8319a397c9a1c9",
"94e1a1262a01b8a343af1c98a190cd607bf6bde83656500ca0b28a5f97ccbe79",
"1e862c3be851c984843f8b36e14decc1b25aed75e1bee4fd184ca70c4aaa7d56",
"463023f0969b2b52bc491d8787de876e59f0d48446f908d16d1ce763bbe05ee9",
"829b3a9e91ed8c2a0a9d77ea9c4d8adeb0b815e03502d7b5d643400d3b0828bf",
"859bfee6ebbc8823e998fe7140303292c2925f57a11368d1be5b393b1015f136",
"c366c9d41c2bff9fce8a74e2a323f2e104149cf993413dddd8514bb69b054d69",
"db389b866913e5af287eb3288cc1f5e8a114484bb9309cc05afbea8943d0887c",
"e1efbc8b6ed320bc5762ebd6d59b8ba4c5792c4a6e7f3a605c8c7cb61fadd9a2",
"0460f9c22127055b337d2b67ee782e7454dc13e7993430020e62518654cb045b",
"c964594ed0afaf64611514eb53f14ee5ab95e25da986dca9e28586bfc053da16",
"64c87520565165ac95b74d6450b3ab8379544933dd3e2f2c4dc9b03a3ec570a7",
"4ebb25ef9621c44cdb52630e44bcd1b5a848c0c56f01fa759863d50166bb0928",
"5fbdc77bfce54b023a82f04cbe9b1c891d93f63cd782f1875111f0bbc79ca6f5",
"6092a24ca3853fb351989ee1aa2eca604fc438afc1e64df3ede10ffda577d475",
"e3137135f4ad5ecdc7900a619d7f1b88ba252b963b38ae9a156299cc9bce92a1",
"876b93ecff1bf3fd053d3fdc523c8b5d92cc958a8af2db2f2924c167083f3256",
"49a243e7a7cccf0f4242a00827ff2da27ca0e268f2673b3f3569ec92745ca0c5",
"6d96963c87a6682b7b3a050d7a4a4a827e1a0e115f83b550b7b424a0f6a7f392",
"44a8b2187c8d181a73285379b4566ed9d39d4ed208d633dcd0dda67a0a64e2a4",
"85f74424fb4c7dba9f2e9c60a95c8a226a97f7dfc277f5ce6f34862a9f500226"]);
let MD5Hash = dynamic(["003876ee2d188ccb409ea451b3a1a0d3",
"4d5b410e1756072a701dfd3722951907",
"9b526db005ee8075912ca6572d69a5d6",
"fe60ede07532d79c5745fabbf139b98a",
"a0ce730cffc65e6950c6a5d1d2de0ebb",
"d855ebd2adeaf2b3c87b28e77e9ce4d4",
"e50edf64239b84be02ee5902c22ab336",
"f23e94a38f0a93df46ba83786f3180e0",
"172ab78099064c7cbf717e82ac13448d",
"3c6a2c49f5fb8d09ab780b6c68168274",
"5626be90307b8e575970c7d7b1966d86",
"da1bc0efb6eb7261b9edfc1e88ee73eb",
"b0106374ad72e0e63c73d4013cd1284a",
"b817140c6e511e1a6254c19aa855c0b4",
"0881290a982888eac6a9d663c9416f70",
"266fba25469fd99ca7edecee1f64497d",
"e3aae9d16b492a5c85cef8f63c68d2b1",
"00f8c2497fadd2979c08487181cfc4fd",
"07eb01481c6b72800c0a0eed17a2b3bd",
"51751d9ed17047f8dd579e3b8a9e82be",
"5903d2d544533cd43e82527faac6567a",
"6644c8001e89069128a6def1772ab104",
"8b89bd0395c3db9a85b340e5bd8775fc",
"dee973c4ba232541b689b67ab41aa925",
"92dfab44b0777f1b0da83c3c4cca4d56",
"a3b98da94d6d65745df01314a5a5d0f5",
"5009b307214abc4ba5e24fa99133b934",
"1e5e454420c3a70faff883e0e9a511b7",
"53a3bce53a360a8614337ac52672cd20",
"d1993f12d7fa6adfc493afb5327ccbee",
"e7e2f79ade6f198c5d9707b6f94a9a41",
"6f6d1b326e32cf7ddc58cf1f4eb16156",
"5b1364cde69be60172092855debc4b44",
"7955317db3ba639cd467508a3052fa25",
"6a5ba3223f1eac63f9bb29262f73e90d",
"e3903c8e9715080795b3fc045d8f8db7"]);
DeviceFileEvents
| where SHA1 in(SHA1Hash) or SHA256 in(SHA256Hash) or MD5 in(MD5Hash)

Category

This query can be used to detect the following attack techniques and tactics (see MITRE ATT&CK framework) or security configuration states.
Technique, tactic, or state Covered? (v=yes) Notes
Initial access
Execution
Persistence
Privilege escalation
Defense evasion
Credential Access
Discovery
Lateral movement
Collection
Command and control
Exfiltration
Impact
Vulnerability V
Exploit V
Misconfiguration
Malware, component
Ransomware
Contributor info

Contributor: Shviam Malaviya
GitHub alias: shivammalaviya
Organization: OS
Contact info: www.linkedin.com/in/shviam-m-6767971b3