Weekly Intelligence Report - 29 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Tags
cmtmf-attack-pattern: Application Layer Protocol Masquerading Obfuscated Files Or Information Process Injection System Network Connections Discovery
country: Australia Brazil Canada China Colombia Indonesia Italy Kazakhstan Thailand Kyrgyzstan Singapore South Africa Uzbekistan Russia Vietnam Taiwan United Kingdom United States Of America U.S. Virgin Islands
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Software Discovery - T1418 Application Layer Protocol - T1437 Cloud Services - T1021.007 Credentials - T1589.001 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Encrypted Channel - T1521 Encrypted Channel - T1573 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 Financial Theft - T1657 Hidden Files And Directories - T1564.001 Hide Artifacts - T1628 Hide Artifacts - T1564 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal From Tools - T1027.005 Inhibit System Recovery - T1490 Input Capture - T1417 Ip Addresses - T1590.005 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Python - T1059.006 Rundll32 - T1218.011 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Software Packing - T1027.002 Software Packing - T1406.002 System Location Discovery - T1614 System Shutdown/Reboot - T1529 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Access Token Manipulation - T1134 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Connection Proxy - T1090 Credential Dumping - T1003 Data From Local System - T1005 Dll Side-Loading - T1073 Execution Through Module Load - T1129 File And Directory Discovery - T1083 Hidden Files And Directories - T1158 Indicator Removal On Host - T1070 Indicator Removal From Tools - T1066 Input Capture - T1056 Masquerading - T1036 Network Share Discovery - T1135 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Rootkit - T1014 Rundll32 - T1085 Security Software Discovery - T1063 Signed Binary Proxy Execution - T1218 Third-Party Software - T1072 Software Packing - T1045 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 Windows Management Instrumentation - T1047 Data Destruction Masquerading Rootkit
Common Information
Type Value
UUID 5ce36fa1-3a87-45be-b87e-a76e083c97e4
Fingerprint b61409d30697bf91
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 28, 2024, 9:03 p.m.
Added to db Nov. 28, 2024, 10:25 p.m.
Last updated Dec. 4, 2024, 9:50 p.m.
Headline Weekly Intelligence Report – 29 Nov 2024 | #ransomware | #cybercrime
Title Weekly Intelligence Report - 29 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Detected Hints/Tags/Attributes 269/4/63
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 6 National Cyber Security Consulting http://nationalcybersecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 47
cve-2023-46805
Details CVE 62
cve-2024-21887
Details CVE 33
cve-2023-48788
Details CVE 35
cve-2022-3236
Details CVE 192
cve-2021-26855
Details CVE 95
cve-2021-26857
Details CVE 131
cve-2021-27065
Details CVE 2
cve-2024-52533
Details Domain 6
adsmanager.facebook.com
Details Domain 1
maxeon.com
Details Domain 1
www.mulyo.com
Details Domain 32
www.suse.com
Details Domain 1
www.sercomm.com
Details Domain 1
www.pegadaian.co.id
Details Domain 1
intbizth.com
Details Domain 1
dubaipulse.gov.ae
Details File 1
howtorecover.txt
Details File 1243
powershell.exe
Details File 37
pwsh.exe
Details File 245
wmic.exe
Details File 353
vssadmin.exe
Details File 24
diskshadow.exe
Details File 5
pwsh.dll
Details File 44
wbadmin.exe
Details File 60
data.txt
Details File 1041
rundll32.exe
Details MITRE ATT&CK Techniques 315
T1047
Details MITRE ATT&CK Techniques 126
T1129
Details MITRE ATT&CK Techniques 232
T1574.002
Details MITRE ATT&CK Techniques 453
T1055
Details MITRE ATT&CK Techniques 122
T1134
Details MITRE ATT&CK Techniques 164
T1027.002
Details MITRE ATT&CK Techniques 46
T1027.005
Details MITRE ATT&CK Techniques 357
T1036
Details MITRE ATT&CK Techniques 244
T1497
Details MITRE ATT&CK Techniques 306
T1562.001
Details MITRE ATT&CK Techniques 98
T1564.001
Details MITRE ATT&CK Techniques 300
T1003
Details MITRE ATT&CK Techniques 77
T1010
Details MITRE ATT&CK Techniques 506
T1012
Details MITRE ATT&CK Techniques 248
T1016
Details MITRE ATT&CK Techniques 121
T1049
Details MITRE ATT&CK Techniques 441
T1057
Details MITRE ATT&CK Techniques 1017
T1082
Details MITRE ATT&CK Techniques 594
T1083
Details MITRE ATT&CK Techniques 182
T1135
Details MITRE ATT&CK Techniques 145
T1518.001
Details MITRE ATT&CK Techniques 53
T1614
Details MITRE ATT&CK Techniques 540
T1005
Details MITRE ATT&CK Techniques 462
T1071
Details MITRE ATT&CK Techniques 165
T1573
Details MITRE ATT&CK Techniques 96
T1485
Details MITRE ATT&CK Techniques 486
T1486
Details MITRE ATT&CK Techniques 282
T1490
Details MITRE ATT&CK Techniques 50
T1529
Details MITRE ATT&CK Techniques 247
T1070
Details MITRE ATT&CK Techniques 122
T1218.011
Details MITRE ATT&CK Techniques 156
T1056
Details Threat Actor Identifier by Recorded Future 16
TAG-110
Details Url 1
https://maxeon.com
Details Url 1
https://www.suse.com/support/update/announcement/2024/suse-su-
Details Url 1
http://intbizth.com
Details Url 1
http://dubaipulse.gov.ae