Threat Spotlight Report Scattered Spider Attack Analysis
Common Information
| Type | Value |
|---|---|
| UUID | 88bca77a-5a7f-480b-a9fc-1ea6823d7f3e |
| Fingerprint | 0ec0f203ba716a82b3e6347b0c4ef4df5fa6f5734e264e448aa7fde88800b9cd |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 21, 2023, 8:25 p.m. |
| Added to db | March 10, 2024, 6:28 a.m. |
| Last updated | Aug. 30, 2024, 10:32 p.m. |
| Headline | Threat Spotlight Report Scattered Spider Attack Analysis |
| Title | Threat Spotlight Report Scattered Spider Attack Analysis |
| Detected Hints/Tags/Attributes | 89/3/38 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 71 | transfer.sh |
|
| Details | Domain | 6 | sec.okta.com |
|
| Details | Domain | 1 | customer.sharepoint.com |
|
| Details | Domain | 1 | genericcitrixappserver.customer.com |
|
| Details | Domain | 1 | generticpafirewall.customer.com |
|
| Details | Domain | 1 | customer.s3.us |
|
| Details | Domain | 77 | amazonaws.com |
|
| Details | Domain | 11 | lastpass.com |
|
| Details | Domain | 1 | system.org |
|
| Details | Domain | 1 | customer.kerberos.okta.com |
|
| Details | Domain | 1 | customer-admin.okta.com |
|
| Details | Domain | 1 | oinmanager.okta.com |
|
| Details | Domain | 1 | xx-xx.zip |
|
| Details | Domain | 45 | paste.ee |
|
| Details | Domain | 1 | fleet.io |
|
| Details | File | 1 | vdis.docx |
|
| Details | File | 5 | adexplorer.exe |
|
| Details | File | 1 | lastpass_export%20cleaned.xlsx |
|
| Details | File | 1 | cleaned.xlsx |
|
| Details | File | 1 | protected.php |
|
| Details | File | 1 | oneagentdumpproc.exe |
|
| Details | File | 81 | werfault.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 55 | control.exe |
|
| Details | File | 74 | mstsc.exe |
|
| Details | File | 17 | 2.zip |
|
| Details | File | 1 | windowsdefenderatpoffboardingpackage_valid_until_2023-xx-xx.zip |
|
| Details | File | 1 | sysadminanywhere.exe |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 1 | forensia.exe |
|
| Details | File | 1 | bleachbit.exe |
|
| Details | File | 1 | cyberark_architecture_diagrams_v2_0.pdf |
|
| Details | File | 1 | vsphere.core |
|
| Details | IPv4 | 13 | 144.76.136.153 |
|
| Details | IPv4 | 1 | 99.25.84.9 |
|
| Details | IPv4 | 619 | 0.0.0.0 |
|
| Details | Url | 2 | https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection |
|
| Details | Url | 1 | https://customer.sharepoint.com/sites/genericitdocuments/shared |