ioc[.]one - OSINT Cyber Threat Intelligence Database

Adversary at the Door - Initial Access and what's currently on the menu | JUMPSEC LABS

Tags

maec-delivery-vectors:

Watering Hole

attack-pattern:

Data Direct Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Html Smuggling - T1027.006 Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Sharepoint - T1213.002 Software - T1592.002 Vulnerabilities - T1588.006 Mshta - T1170 Powershell - T1086 Remote Desktop Protocol - T1076 Rootkit - T1014 Scripting - T1064 Rootkit Scripting

Show in Graph

Common Information

Type	Value
UUID	48d08c3c-1608-4624-8020-d9981f8d9e0f
Fingerprint	845109112f2e7dcf
Analysis status	DONE
Considered CTI value	0
Text language
Published	Aug. 20, 2024, 11:26 a.m.
Added to db	Aug. 31, 2024, 6:25 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Adversary at the Door – Initial Access and what’s currently on the menu
Title	Adversary at the Door - Initial Access and what's currently on the menu \| JUMPSEC LABS
Detected Hints/Tags/Attributes	92/2/17

Source URLs

	Redirection	Url
Details	Source	https://labs.jumpsec.com/adversary-at-the-door-initial-access-and-whats-currently-on-the-menu/

URL Provider

Details	Provider	Source level domain
Details	jumpsec.com	labs.jumpsec.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	149	✔	JUMPSEC LABS	https://labs.jumpsec.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	372		wscript.shell
Details	Domain	12		shell.run
Details	Domain	3		www.gironsec.com
Details	Domain	58		redcanary.com
Details	Domain	2		mgeeky.tech
Details	Domain	1		v3ded.github.io
Details	File	456		mshta.exe
Details	File	1208		powershell.exe
Details	IPv4	4		192.168.0.7
Details	Url	1		https://symantec-enterprise-blogs.security.com/threat-intelligence/carderbee-software-supply-chain-certificate-abuse
Details	Url	1		http://192.168.0.7:8088/a
Details	Url	1		https://www.gironsec.com/blog/2020/12/bypassing-windows-smartscreen
Details	Url	1		https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass
Details	Url	1		https://mgeeky.tech/warcon-2022-modern-initial-access-and-evasion-tactics
Details	Url	1		https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024
Details	Url	1		https://www.techradar.com/pro/security/microsoft-smartscreen-vulnerability-can-be-abused-to-deploy-malware-and-its-happening-in-the-wild
Details	Url	1		https://v3ded.github.io/redteam/abusing-lnk-features-for-initial-access-and-persistence