RUT956 by teltonika networks
https://teltonika-networks.com
Wednesday 27 September 2023
Friday 22 September 2023
Thursday 21 September 2023
cdn.devolutions.net and 152.199.21.175
Saw some strange traffic going to 152.199.21.175
After getting a capture saw it was looking up cdn.devolutions.net
Both IP and URL had good rep but was trying to tie it to a corp app
Used sysmon on the server to log DNS requests
Found it was coming from a manageengine process
C:\Program Files (x86)\ManageEngine\UEMS_DistributionServer\bin\dcreplication.exe
Wednesday 13 September 2023
info to collect during vuln
Make/model
SW version
output of one or more commands
conclusion
customer and contact email
Subscribe to:
Posts (Atom)