ioc[.]one - OSINT Cyber Threat Intelligence Database

Weekly Intelligence Report - 29 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting

Tags

cmtmf-attack-pattern:	Application Layer Protocol Masquerading Obfuscated Files Or Information Process Injection System Network Connections Discovery
country:	Australia Brazil Canada China Colombia Indonesia Italy Kazakhstan Thailand Kyrgyzstan Singapore South Africa Uzbekistan Russia Vietnam Taiwan United Kingdom United States Of America U.S. Virgin Islands
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Software Discovery - T1418 Application Layer Protocol - T1437 Cloud Services - T1021.007 Credentials - T1589.001 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Encrypted Channel - T1521 Encrypted Channel - T1573 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 Financial Theft - T1657 Hidden Files And Directories - T1564.001 Hide Artifacts - T1628 Hide Artifacts - T1564 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal From Tools - T1027.005 Inhibit System Recovery - T1490 Input Capture - T1417 Ip Addresses - T1590.005 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Python - T1059.006 Rundll32 - T1218.011 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Software Packing - T1027.002 Software Packing - T1406.002 System Location Discovery - T1614 System Shutdown/Reboot - T1529 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Access Token Manipulation - T1134 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Connection Proxy - T1090 Credential Dumping - T1003 Data From Local System - T1005 Dll Side-Loading - T1073 Execution Through Module Load - T1129 File And Directory Discovery - T1083 Hidden Files And Directories - T1158 Indicator Removal On Host - T1070 Indicator Removal From Tools - T1066 Input Capture - T1056 Masquerading - T1036 Network Share Discovery - T1135 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Rootkit - T1014 Rundll32 - T1085 Security Software Discovery - T1063 Signed Binary Proxy Execution - T1218 Third-Party Software - T1072 Software Packing - T1045 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 Windows Management Instrumentation - T1047 Data Destruction Masquerading Rootkit

Show in Graph

Common Information

Type	Value
UUID	5ce36fa1-3a87-45be-b87e-a76e083c97e4
Fingerprint	b61409d30697bf91
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 28, 2024, 9:03 p.m.
Added to db	Nov. 28, 2024, 10:25 p.m.
Last updated	Dec. 18, 2024, 3:14 p.m.
Headline	Weekly Intelligence Report – 29 Nov 2024 \| #ransomware \| #cybercrime
Title	Weekly Intelligence Report - 29 Nov 2024 \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Detected Hints/Tags/Attributes	269/4/63

Source URLs

	Redirection	Url
Details	Source	https://nationalcybersecurity.com/weekly-intelligence-report-29-nov-2024-ransomware-cybercrime/?utm_source=rss&utm_medium=rss&utm_campaign=weekly-intelligence-report-29-nov-2024-ransomware-cybercrime

URL Provider

Details	Provider	Source level domain
Details	nationalcybersecurity.com	nationalcybersecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	6	✔	National Cyber Security Consulting	http://nationalcybersecurity.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	49	cve-2023-46805
Details	CVE	64	cve-2024-21887
Details	CVE	35	cve-2023-48788
Details	CVE	37	cve-2022-3236
Details	CVE	194	cve-2021-26855
Details	CVE	95	cve-2021-26857
Details	CVE	132	cve-2021-27065
Details	CVE	2	cve-2024-52533
Details	Domain	6	adsmanager.facebook.com
Details	Domain	1	maxeon.com
Details	Domain	1	www.mulyo.com
Details	Domain	34	www.suse.com
Details	Domain	1	www.sercomm.com
Details	Domain	1	www.pegadaian.co.id
Details	Domain	1	intbizth.com
Details	Domain	1	dubaipulse.gov.ae
Details	File	1	howtorecover.txt
Details	File	1282	powershell.exe
Details	File	37	pwsh.exe
Details	File	245	wmic.exe
Details	File	358	vssadmin.exe
Details	File	24	diskshadow.exe
Details	File	5	pwsh.dll
Details	File	44	wbadmin.exe
Details	File	61	data.txt
Details	File	1053	rundll32.exe
Details	MITRE ATT&CK Techniques	316	T1047
Details	MITRE ATT&CK Techniques	128	T1129
Details	MITRE ATT&CK Techniques	236	T1574.002
Details	MITRE ATT&CK Techniques	458	T1055
Details	MITRE ATT&CK Techniques	124	T1134
Details	MITRE ATT&CK Techniques	165	T1027.002
Details	MITRE ATT&CK Techniques	47	T1027.005
Details	MITRE ATT&CK Techniques	359	T1036
Details	MITRE ATT&CK Techniques	245	T1497
Details	MITRE ATT&CK Techniques	310	T1562.001
Details	MITRE ATT&CK Techniques	98	T1564.001
Details	MITRE ATT&CK Techniques	303	T1003
Details	MITRE ATT&CK Techniques	77	T1010
Details	MITRE ATT&CK Techniques	508	T1012
Details	MITRE ATT&CK Techniques	250	T1016
Details	MITRE ATT&CK Techniques	123	T1049
Details	MITRE ATT&CK Techniques	445	T1057
Details	MITRE ATT&CK Techniques	1029	T1082
Details	MITRE ATT&CK Techniques	600	T1083
Details	MITRE ATT&CK Techniques	186	T1135
Details	MITRE ATT&CK Techniques	146	T1518.001
Details	MITRE ATT&CK Techniques	53	T1614
Details	MITRE ATT&CK Techniques	543	T1005
Details	MITRE ATT&CK Techniques	468	T1071
Details	MITRE ATT&CK Techniques	166	T1573
Details	MITRE ATT&CK Techniques	97	T1485
Details	MITRE ATT&CK Techniques	493	T1486
Details	MITRE ATT&CK Techniques	284	T1490
Details	MITRE ATT&CK Techniques	50	T1529
Details	MITRE ATT&CK Techniques	247	T1070
Details	MITRE ATT&CK Techniques	123	T1218.011
Details	MITRE ATT&CK Techniques	158	T1056
Details	Threat Actor Identifier by Recorded Future	16	TAG-110
Details	Url	1	https://maxeon.com
Details	Url	1	https://www.suse.com/support/update/announcement/2024/suse-su-
Details	Url	1	http://intbizth.com
Details	Url	1	http://dubaipulse.gov.ae