![pulse secure vulnerability pulse secure vulnerability](https://devco.re/assets/img/blog/20190902/1.png)
Starting from October 2020, a second group tracked by FireEye as UNC2717 started exploiting the same zero-day flaw to install the following malware on the networks of government agencies in Europe and the US: Clear relevant log files utilizing a utility tracked as THINBLOOD based on an actor defined regular expression.
![pulse secure vulnerability pulse secure vulnerability](https://www.hivepro.com/wp-content/uploads/2021/04/Screenshot-2021-04-21-at-4.53.36-PM.png)
Unpatch modified files and delete utilities and scripts after use to evade detection.Maintain persistence across VPN appliance general upgrades that are performed by the administrator.
![pulse secure vulnerability pulse secure vulnerability](https://redmondmag.com/-/media/ECG/VirtualizationReview/Images/introimages2014/GEN1GrayRippedSteelHoleGrate.jpg)
Toggle the filesystem between Read-Only and Read-Write modes to allow for file modification on a typically Read-Only filesystem.Inject webshells we currently track as RADIALPULSE and PULSECHECK into legitimate Internet-accessible Pulse Secure VPN appliance administrative web pages for the devices.We track these trojanized assemblies as SLOWPULSE and its variants.