ioc[.]one - OSINT Cyber Threat Intelligence Database

PowerPoint Presentation

Show in Graph

Common Information

Type	Value
UUID	19e8212c-eea5-4565-83c9-0841821be183
Fingerprint	fea57f3c6ff056f378553d7fb190f3b811980296c0b810b36963dc07182a4240
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 9, 2020, 10:58 a.m.
Added to db	May 1, 2024, 5:29 p.m.
Last updated	Aug. 31, 2024, 7:33 a.m.
Headline	PowerPoint Presentation
Title	PowerPoint Presentation
Detected Hints/Tags/Attributes	224/4/155

Source URLs

	Redirection	Url
Details	Source	https://www.hhs.gov/sites/default/files/apt-and-cybercriminal-targeting-of-hcs.pdf

URL Provider

Details	Provider	Source level domain
Details	hhs.gov	www.hhs.gov

Attributes

Details	Type	#Events	Value
Details	CVE	48	cve-2015-1641
Details	CVE	57	cve-2017-8759
Details	CVE	47	cve-2017-0143
Details	CVE	375	cve-2017-11882
Details	CVE	269	cve-2017-0199
Details	CVE	122	cve-2017-5638
Details	CVE	92	cve-2018-4878
Details	CVE	176	cve-2012-0158
Details	CVE	58	cve-2019-0604
Details	CVE	56	cve-2018-7600
Details	CVE	128	cve-2019-11510
Details	CVE	161	cve-2019-19781
Details	CVE	59	cve-2015-5119
Details	Domain	360	attack.mitre.org
Details	Domain	184	www.fireeye.com
Details	Domain	25	content.fireeye.com
Details	Domain	145	www.us-cert.gov
Details	Domain	4	resources.malwarebytes.com
Details	Domain	14	healthitsecurity.com
Details	Domain	35	resources.infosecinstitute.com
Details	Domain	641	nvd.nist.gov
Details	Domain	2	www.phe.gov
Details	Domain	98	www.ncsc.gov.uk
Details	Domain	62	nvlpubs.nist.gov
Details	Domain	3	www.eac.gov
Details	Domain	41	www.cisecurity.org
Details	Domain	6	spanning.com
Details	Domain	59	www.cybereason.com
Details	Domain	66	www.malwarebytes.com
Details	Domain	26	threatconnect.com
Details	Domain	177	www.wired.com
Details	Domain	175	www.zdnet.com
Details	Domain	14	www.hipaajournal.com
Details	Domain	145	threatpost.com
Details	Domain	23	hhs.gov
Details	Email	18	hc3@hhs.gov
Details	File	3	apt10_menupass_grou.html
Details	File	13	mandiant-apt1-report.pdf
Details	File	1	191028-mwb-ctnt_2019_healthcare_final.pdf
Details	File	36	resources.inf
Details	File	3	fireeye-and-citrix-tool-scans-for-iocs-related-to-vulnerability.html
Details	File	1	hic-practices.aspx
Details	File	1	nistir7497.pdf
Details	File	1	incident-response_best-practices.pdf
Details	File	4	apt-groups.html
Details	File	5	demonstrating_hustle.html
Details	IPv4	10	2.5.10.1
Details	IPv4	9	28.0.0.161
Details	MITRE ATT&CK Techniques	183	T1189
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	8	T1200
Details	MITRE ATT&CK Techniques	55	T1091
Details	MITRE ATT&CK Techniques	49	T1193
Details	MITRE ATT&CK Techniques	23	T1192
Details	MITRE ATT&CK Techniques	4	T1194
Details	MITRE ATT&CK Techniques	52	T1195
Details	MITRE ATT&CK Techniques	52	T1199
Details	Threat Actor Identifier - APT	278	APT10
Details	Threat Actor Identifier - APT	1	APT181
Details	Threat Actor Identifier - APT	1	APT412
Details	Threat Actor Identifier - APT	1	APT223
Details	Threat Actor Identifier - APT	6	APT14
Details	Threat Actor Identifier - APT	1	APT295
Details	Threat Actor Identifier - APT	22	APT18
Details	Threat Actor Identifier - APT	522	APT41
Details	Threat Actor Identifier - APT	115	APT1
Details	Threat Actor Identifier - APT	665	APT29
Details	Threat Actor Identifier - APT	11	APT22
Details	Threat Actor Identifier by SecureWorks	8	TG-0416
Details	Threat Actor Identifier - FIN	6	FIN4
Details	Url	3	https://attack.mitre.org/groups/g0085
Details	Url	1	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia
Details	Url	3	https://attack.mitre.org/groups/g0071
Details	Url	3	https://attack.mitre.org/groups/g0009
Details	Url	1	https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html
Details	Url	3	https://attack.mitre.org/groups/g0026
Details	Url	4	https://content.fireeye.com/apt-41/rpt-apt41
Details	Url	1	https://www.zdnet.com/article/cancer-research-organizations-become-the-new-focus-of-chinese-hacking-groups
Details	Url	8	https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
Details	Url	11	https://attack.mitre.org/groups/g0016
Details	Url	1	https://www.us-cert.gov/ncas/alerts/ta18-086a
Details	Url	4	https://attack.mitre.org/techniques/t1189
Details	Url	4	https://attack.mitre.org/techniques/t1190
Details	Url	7	https://attack.mitre.org/techniques/t1133
Details	Url	1	https://attack.mitre.org/techniques/t1200
Details	Url	4	https://attack.mitre.org/techniques/t1091
Details	Url	1	https://attack.mitre.org/techniques/t1193
Details	Url	1	https://attack.mitre.org/techniques/t1192
Details	Url	1	https://attack.mitre.org/techniques/t1194
Details	Url	3	https://attack.mitre.org/techniques/t1195
Details	Url	2	https://attack.mitre.org/techniques/t1199
Details	Url	1	https://resources.malwarebytes.com/files/2019/11/191028-mwb-ctnt_2019_healthcare_final.pdf
Details	Url	3	https://www.us-cert.gov/ncas/alerts/ta18-201a
Details	Url	1	https://protect2.fireeye.com/url?k=cd32461b-91674f08-cd327724-0cc47adb5650-72e3e3124a28231d&u=http://www.cisecurity.org/white-papers/security-primer-trickbot
Details	Url	1	https://protect2.fireeye.com/url?k=7258e3ba-2e0deaa9-7258d285-0cc47adb5650-3b1332e806fb2fa7&u=https://spanning.com/blog/ryuk-ransomware-malware-of-the-month
Details	Url	1	https://healthitsecurity.com/news/fbi-alerts-to-rise-in-maze-ransomware-extortion-attempts
Details	Url	1	https://resources.infosecinstitute.com/gh0st-rat-complete-malware-analysis-part-1
Details	Url	2	https://nvd.nist.gov/vuln/detail/cve-2015-1641
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133m
Details	Url	2	https://nvd.nist.gov/vuln/detail/cve-2017-8759
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133f
Details	Url	1	https://www.us-cert.gov/ncas/alerts/aa20-133a
Details	Url	2	https://nvd.nist.gov/vuln/detail/cve-2017-0143
Details	Url	4	https://nvd.nist.gov/vuln/detail/cve-2017-11882
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133e
Details	Url	5	https://nvd.nist.gov/vuln/detail/cve-2017-0199
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133g
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133h
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133p
Details	Url	1	https://www.us-cert.gov/ncas/analysis-
Details	Url	1	https://nvd.nist.gov/vuln/detail/cve-2017-5638
Details	Url	2	https://nvd.nist.gov/vuln/detail/cve-
Details	Url	2	https://www.us-cert.gov/ncas/alerts/aa19-339a
Details	Url	1	https://nvd.nist.gov/vuln/detail/cve-2012-0158
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133i
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133j
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133k
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133l
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133n
Details	Url	2	https://www.us-cert.gov/ncas/analysis-reports/ar20-133o
Details	Url	2	https://nvd.nist.gov/vuln/detail/cve-2019-0604
Details	Url	2	https://nvd.nist.gov/vuln/detail/cve-2018-7600
Details	Url	1	https://www.us-cert.gov/ncas/alerts/aa20-107a
Details	Url	1	https://nvd.nist.gov/vuln/detail/cve-2019-11510
Details	Url	1	https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-
Details	Url	2	https://www.us-cert.gov/ncas/alerts/aa20-020a
Details	Url	4	https://www.us-cert.gov/ncas/alerts/aa20-031a
Details	Url	2	https://www.fireeye.com/blog/products-and-services/2020/01/fireeye-and-citrix-tool-scans-for-iocs-related-to-vulnerability.html
Details	Url	2	https://nvd.nist.gov/vuln/detail/cve-2019-19781
Details	Url	1	https://www.phe.gov/preparedness/planning/405d/pages/hic-practices.aspx
Details	Url	1	https://www.us-cert.gov/ncas/alerts/aa20126a.
Details	Url	1	https://www.ncsc.gov.uk/blog-post/spray-you-spray-me-defending-against-password-spraying-attacks.
Details	Url	1	https://www.us-cert.gov/ncas/alerts/ta18-086a.
Details	Url	1	https://www.us-cert.gov/ncas/alerts/aa20126a
Details	Url	1	https://nvlpubs.nist.gov/nistpubs/legacy/ir/nistir7497.pdf
Details	Url	1	https://www.eac.gov/sites/default/files/eac_assets/1/6/incident-response_best-practices.pdf
Details	Url	1	https://spanning.com/blog/ryuk-ransomware-malware-of-the-month
Details	Url	1	https://www.cybereason.com/blog/one-two-punch-emotet-trickbot-and-ryuk-steal-then-ransom-data
Details	Url	3	https://www.malwarebytes.com/emotet
Details	Url	13	https://attack.mitre.org/groups
Details	Url	2	https://www.fireeye.com/current-threats/apt-groups.html
Details	Url	1	https://threatconnect.com/blog/the-anthem-hack-all-roads-lead-to-china
Details	Url	1	https://threatconnect.com/blog/protecting-medical-healthcare-organizations
Details	Url	1	https://www.wired.com/story/doj-indictment-chinese-hackers-apt10
Details	Url	1	https://www.zdnet.com/article/russias-elite-hacking-unit-has-been-silent-but-busy
Details	Url	1	https://www.hipaajournal.com/community-health-systems-cyber-attack-puts-4-5m-patients-risk
Details	Url	3	https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html
Details	Url	1	https://content.fireeye.com/cyber-security-for-healthcare/rpt-beyond-compliance-cyber-threats-and-healthcare
Details	Url	1	https://www.hipaajournal.com/83-of-medical-devices-run-on-outdated-operating-systems
Details	Url	1	https://threatpost.com/apt-group-exploiting-hacking-team-flash-zero-day/113715
Details	Url	1	https://www.ncsc.gov.uk/blog-post/spray-you-spray-me-defending-against-password-spraying-attacks
Details	Url	1	https://www.us-cert.gov/ncas/current-activity/2019/03/14/ms-isac-releases-security-primer-trickbot-malware
Details	Url	5	https://attack.mitre.org/matrices/enterprise
Details	Url	3	https://attack.mitre.org/techniques/enterprise