ioc[.]one - OSINT Cyber Threat Intelligence Database

U.S. Targets RedLine and META Infostealers in Operation Magnus

Tags

country:	Belgium Netherlands United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Local Accounts - T1078.003 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Brute Force - T1110

Show in Graph

Common Information

Type	Value
UUID	34337c35-df8a-4b12-8110-5ae3786385a1
Fingerprint	bc1905938f10f2c7
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 1, 2024, 6:48 a.m.
Added to db	Nov. 1, 2024, 8:26 a.m.
Last updated	Nov. 17, 2024, 6:53 p.m.
Headline	U.S. Targets RedLine and META Infostealers in Operation Magnus
Title	U.S. Targets RedLine and META Infostealers in Operation Magnus
Detected Hints/Tags/Attributes	83/3/35

Source URLs

	Redirection	Url
Details	Source	https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

URL Provider

Details	Provider	Source level domain
Details	picussecurity.com	www.picussecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	352	✔	Resources-2	https://www.picussecurity.com/resource/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	87	cve-2024-47575
Details	CVE	23	cve-2024-43532
Details	CVE	22	cve-2024-9537
Details	CVE	46	cve-2024-28987
Details	CVE	23	cve-2024-28986
Details	CVE	217	cve-2020-1472
Details	CVE	95	cve-2024-40711
Details	CVE	59	cve-2024-43572
Details	Domain	23	fortiguard.com
Details	Domain	452	msrc.microsoft.com
Details	Domain	280	thehackernews.com
Details	Domain	189	asec.ahnlab.com
Details	Domain	224	unit42.paloaltonetworks.com
Details	Domain	9	www.broadcom.com
Details	File	1	cisa-adds-sciencelogic-sl1.html
Details	File	2	cisa-warns-of-active-exploitation-in.html
Details	File	1	hardcoded-credential-vulnerability.html
Details	File	1	critical-veeam-vulnerability-exploited.html
Details	md5	1	4dafca5a87f41610568b206f8bbb35a6
Details	Mandiant Uncategorized Groups	23	UNC5820
Details	Url	1	https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/373486/fgfm-fortigate-to-fortimanager-protocol.
Details	Url	2	https://fortiguard.com/psirt/fg-ir-24-423.
Details	Url	1	https://www.picussecurity.com/resource/blog/cve-2024-47575-fortimanager-missing-authentication-zero-day-vulnerability-explained.
Details	Url	1	https://msrc.microsoft.com/update-guide/en-us/advisory/cve-2024-43572.
Details	Url	1	https://thehackernews.com/2024/10/cisa-adds-sciencelogic-sl1.html
Details	Url	1	https://asec.ahnlab.com/en/84007/.
Details	Url	1	https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6
Details	Url	2	https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-in.html
Details	Url	1	https://thehackernews.com/2024/08/hardcoded-credential-vulnerability.html
Details	Url	1	https://databreaches.net/2024/10/29/u-s-joins-international-action-against-redline-and-meta-infostealers-unseals-charges-against-maxim-rudometov/.
Details	Url	1	https://www.picussecurity.com/resource/blog/cisa-alert-aa24-290a-iranian-cyber-actors-brute-force-and-credential-access-attacks.
Details	Url	1	https://thehackernews.com/2024/10/critical-veeam-vulnerability-exploited.html
Details	Url	1	https://unit42.paloaltonetworks.com/inc-ransomware-rebrand-to-lynx/.
Details	Url	1	https://www.broadcom.com/support/security-center/protection-bulletin/trinity-ransomware.
Details	Url	1	https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/.