Skip to content

Hide Navigation Hide TOC

BUSHWALK (44ed9567-2cb6-590e-b332-154557fb93f9)

BUSHWALK is a web shell written in Perl that was inserted into the legitimate querymanifest.cgi file on compromised Ivanti Connect Secure VPNs during Cutting Edge.[Mandiant Cutting Edge Part 2 January 2024][Mandiant Cutting Edge Part 3 February 2024]

Cluster A Galaxy A Cluster B Galaxy B Level
BUSHWALK (44ed9567-2cb6-590e-b332-154557fb93f9) Tidal Software UNC5221 (71e9b27e-8d68-4ed6-b3ab-14142558b9ff) Tidal Groups 1
BUSHWALK (44ed9567-2cb6-590e-b332-154557fb93f9) Tidal Software UNC5325 (be7243cb-6031-4e2a-97d9-3522c002becd) Tidal Groups 1