Malware: GLASSTOKEN

Description

[GLASSTOKEN](https://attack.mitre.org/software/S1117) is a custom web shell used by threat actors during [Cutting Edge](https://attack.mitre.org/campaigns/C0029) to execute commands on compromised Ivanti Secure Connect VPNs.(Citation: Volexity Ivanti Zero-Day Exploitation January 2024)

External References

• mitre-attack
• Volexity Ivanti Zero-Day Exploitation January 2024

Techniques Used by This Malware

• T1059.001 — PowerShell
• T1132.001 — Standard Encoding
• T1140 — Deobfuscate/Decode Files or Information
• T1505.003 — Web Shell