Active exploitation of CVE-2020-10189 (Zoho ManageEngine Desktop Central )
released on 2020-03-09 @ 05:25:18 PM
We have previously seen the same server attempt to exploit CVE-2019-19781 (a vulnerability for Citrix), and potentially CVE-2019-1653 (Cisco Routers). The installed Motnug malware performs a HTTPs connection to 74.82.201[.]8 that impersonates a CDN request. ManageEngine have provided mitigation advice at the reference below.