Hide Navigation Hide TOC

BUSHWALK (44ed9567-2cb6-590e-b332-154557fb93f9)

BUSHWALK is a web shell written in Perl that was inserted into the legitimate querymanifest.cgi file on compromised Ivanti Connect Secure VPNs during Cutting Edge.^{[Mandiant Cutting Edge Part 2 January 2024][Mandiant Cutting Edge Part 3 February 2024]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
BUSHWALK (44ed9567-2cb6-590e-b332-154557fb93f9)	Tidal Software	UNC5221 (71e9b27e-8d68-4ed6-b3ab-14142558b9ff)	Tidal Groups	1
BUSHWALK (44ed9567-2cb6-590e-b332-154557fb93f9)	Tidal Software	UNC5325 (be7243cb-6031-4e2a-97d9-3522c002becd)	Tidal Groups	1