IOC Radar
TLP:WHITE1 IOC

FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems

RF
Recorded Future Blog
Published June 19, 2026Original Report

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTURE85.11.187.8CAPABILITYunknownVICTIMunknown
Adversary
Infrastructure(1)
Capability
Victim

Attack Flow7 steps · MITRE ATT&CK mapped

CollectionTA0009·T1005
1/7
Data from Local System
ActionObtain configuration files
Threat actors likely obtained FortiGate configuration files containing credentials.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise1

TypeIndicatorConfidenceScoreFirst Seen
IP85.11.187.8
abuseactive scanactive scanning
High
69
Mar 10, 26

IOC Relationship Graph

IOC Relationship Graph1 total IOCs
IP
IP1REPORTFortiBleed Campaign Exposi
scroll to zoom · drag to pan · click IOC to open