ioc[.]one - OSINT Cyber Threat Intelligence Database

Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Masquerading Obfuscated Files Or Information Process Injection System Network Connections Discovery
country:	Australia Bahrain Brazil Cambodia Canada China North Korea Germany France Indonesia Italy Japan South Korea Thailand Oman Qatar Russia Vietnam United Kingdom United States Of America U.S. Virgin Islands
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Appdomainmanager - T1574.014 Software Discovery - T1418 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Boot Or Logon Autostart Execution - T1547 Cloud Services - T1021.007 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Credentials From Password Stores - T1555 Credentials In Files - T1552.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dll Side-Loading - T1574.002 Domain Groups - T1069.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 File Deletion - T1070.004 File Deletion - T1630.002 Hardware - T1592.001 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal From Tools - T1027.005 Input Capture - T1417 Ip Addresses - T1590.005 Javascript - T1059.007 Keylogging - T1056.001 Keylogging - T1417.001 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Rundll32 - T1218.011 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Steal Web Session Cookie - T1539 System Location Discovery - T1614 Virtualization/Sandbox Evasion - T1497 Windows Service - T1543.003 Unsecured Credentials - T1552 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Command-Line Interface - T1059 Credential Dumping - T1003 Credentials In Files - T1081 Data Encoding - T1132 Data From Local System - T1005 Data Staged - T1074 Dll Side-Loading - T1073 Email Collection - T1114 Execution Through Module Load - T1129 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Indicator Removal From Tools - T1066 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 Network Share Discovery - T1135 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Permission Groups Discovery - T1069 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Remote Desktop Protocol - T1076 Remote System Discovery - T1018 Rundll32 - T1085 Security Software Discovery - T1063 Spearphishing Attachment - T1193 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 Windows Management Instrumentation - T1047 Taint Shared Content - T1080 User Execution - T1204 Masquerading Remote System Discovery Spearphishing Attachment User Execution

Show in Graph

Common Information

Type	Value
UUID	48401515-1815-4fdc-8e99-522db268d23a
Fingerprint	a57509d10c17ae90
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 11, 2024, 5:02 a.m.
Added to db	Oct. 11, 2024, 7:26 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Weekly Intelligence Report – 11 Oct 2024 \| #ransomware \| #cybercrime
Title	Weekly Intelligence Report - 11 Oct 2024 \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Detected Hints/Tags/Attributes	323/4/71

Source URLs

	Redirection	Url
Details	Source	https://nationalcybersecurity.com/weekly-intelligence-report-11-oct-2024-ransomware-cybercrime/?utm_source=rss&utm_medium=rss&utm_campaign=weekly-intelligence-report-11-oct-2024-ransomware-cybercrime

URL Provider

Details	Provider	Source level domain
Details	nationalcybersecurity.com	nationalcybersecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	6	✔	National Cyber Security Consulting	http://nationalcybersecurity.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	28	cve-2023-48788
Details	CVE	34	cve-2024-9379
Details	CVE	41	cve-2024-9380
Details	CVE	29	cve-2024-9381
Details	Domain	7	sr.no
Details	Domain	1	www.belldata.com
Details	Domain	2	www.naniwa-pump.co.jp
Details	Domain	56	forums.ivanti.com
Details	Domain	1	www.infina.vn
Details	File	367	readme.txt
Details	File	7	officeclicktorun.exe
Details	File	323	winword.exe
Details	File	199	excel.exe
Details	File	2125	cmd.exe
Details	File	1018	rundll32.exe
Details	File	6	domainmanager.dll
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	78	T1548
Details	MITRE ATT&CK Techniques	42	T1027.005
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	265	T1222
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	118	T1056.001
Details	MITRE ATT&CK Techniques	99	T1539
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	MITRE ATT&CK Techniques	75	T1010
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	179	T1087
Details	MITRE ATT&CK Techniques	176	T1135
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	50	T1614
Details	MITRE ATT&CK Techniques	33	T1080
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	67	T1074
Details	MITRE ATT&CK Techniques	89	T1114
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	96	T1587.001
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	93	T1059.007
Details	MITRE ATT&CK Techniques	106	T1204.001
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	1	T1574.014
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	172	T1555
Details	MITRE ATT&CK Techniques	74	T1069.002
Details	MITRE ATT&CK Techniques	157	T1560
Details	MITRE ATT&CK Techniques	96	T1132
Details	MITRE ATT&CK Techniques	422	T1041
Details	Threat Actor Identifier - APT	277	APT37
Details	Threat Actor Identifier - APT	115	APT43
Details	Url	1	https://forums.ivanti.com/s/article/security-advisory-ivanti-csa-