ioc[.]one - OSINT Cyber Threat Intelligence Database

Talos IR trends Q3 2024: Identity-based operations loom large

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Models Adversary-In-The-Middle - T1638 Adversary-In-The-Middle - T1557 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domain Or Tenant Policy Modification - T1484 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 Gather Victim Host Information - T1592 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Network Devices - T1584.008 Password Spraying - T1110.003 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Command-Line Interface - T1059 Connection Proxy - T1090 Create Account - T1136 Credential Dumping - T1003 Data Staged - T1074 Exfiltration Over Alternative Protocol - T1048 Hypervisor - T1062 Remote File Copy - T1105 Network Service Scanning - T1046 Powershell - T1086 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote Services - T1021 Windows Admin Shares - T1077 Valid Accounts - T1078 Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	0cbfeef2-5eaf-49cf-a8e6-672d1bf0ca8c
Fingerprint	a51145d30b22de6d
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 24, 2024, 6 a.m.
Added to db	Oct. 24, 2024, 12:56 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Cisco Talos Blog
Title	Talos IR trends Q3 2024: Identity-based operations loom large
Detected Hints/Tags/Attributes	126/3/16

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/incident-response-trends-q3-2024/
Details	Source	https://malware.news/t/talos-ir-trends-q3-2024-identity-based-operations-loom-large/87802

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news
Details	talosintelligence.com	blog.talosintelligence.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	68	✔	Cisco Talos Blog	https://blog.talosintelligence.com/rss/	2024-08-30 22:08
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	26		cve-2024-37085
Details	File	1		saxcvz.exe
Details	File	1		close.exe
Details	MITRE ATT&CK Techniques	306		T1078
Details	MITRE ATT&CK Techniques	50		T1592
Details	MITRE ATT&CK Techniques	86		T1136
Details	MITRE ATT&CK Techniques	460		T1059.001
Details	MITRE ATT&CK Techniques	168		T1046
Details	MITRE ATT&CK Techniques	289		T1003
Details	MITRE ATT&CK Techniques	39		T1484
Details	MITRE ATT&CK Techniques	139		T1021.002
Details	MITRE ATT&CK Techniques	298		T1562.001
Details	MITRE ATT&CK Techniques	492		T1105
Details	MITRE ATT&CK Techniques	472		T1486
Details	MITRE ATT&CK Techniques	22		T1048.003
Details	MITRE ATT&CK Techniques	67		T1074