ioc[.]one - OSINT Cyber Threat Intelligence Database

MISSION2025 Recent Trends Report 31-05-2021 - CYFIRMA

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Event Triggered Execution Exploit Public-Facing Application Masquerading Obfuscated Files Or Information Obtain Capabilities Process Injection Resource Hijacking Scheduled Task/Job Supply Chain Compromise System Network Connections Discovery
country:	Brazil Cambodia Switzerland China Netherlands Germany France India Pakistan Italy Japan South Korea Kazakhstan Thailand Myanmar Singapore South Africa Taiwan United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Direct Accessibility Features - T1546.008 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Boot Or Logon Autostart Execution - T1547 Bootkit - T1542.003 Clear Command History - T1070.003 Clear Windows Event Logs - T1070.001 Code Signing - T1553.002 Command And Scripting Interpreter - T1623 Compiled Html File - T1218.001 Compiled Html File - T1223 Compromise Software Supply Chain - T1195.002 Compromise Software Supply Chain - T1474.003 Create Or Modify System Process - T1543 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Dead Drop Resolver - T1102.001 Dll Search Order Hijacking - T1574.001 Dll Side-Loading - T1574.002 Dns - T1071.004 Dns - T1590.002 Domain Generation Algorithms - T1637.001 Domain Generation Algorithms - T1568.002 Domain Generation Algorithms - T1520 Domain Generation Algorithms - T1483 Dynamic Linker Hijacking - T1574.006 Dynamic Resolution - T1637 Dynamic Resolution - T1568 Environmental Keying - T1480.001 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Execution Guardrails - T1480 Execution Guardrails - T1627 Exploit Public-Facing Application - T1377 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 File Transfer Protocols - T1071.002 Hardware - T1592.001 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Indicator Removal On Host - T1630 Ingress Tool Transfer - T1544 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Local Account - T1087.001 Local Account - T1136.001 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Masquerade Task Or Service - T1036.004 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 Network Service Scanning - T1423 Multi-Factor Authentication - T1556.006 Obtain Capabilities - T1588 Password Cracking - T1110.002 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Pre-Os Boot - T1542 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Resource Hijacking - T1496 Rundll32 - T1218.011 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Smb/Windows Admin Shares - T1021.002 Social Media - T1593.001 Software - T1592.002 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Subvert Trust Controls - T1632 Subvert Trust Controls - T1553 Supply Chain Compromise - T1474 System Services - T1569 Windows Command Shell - T1059.003 Unix Shell - T1059.004 Visual Basic - T1059.005 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Service - T1481 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Unix Shell - T1623.001 Accessibility Features - T1015 Standard Application Layer Protocol - T1071 Bits Jobs - T1197 Bootkit - T1067 Brute Force - T1110 Clear Command History - T1146 Code Signing - T1116 Command-Line Interface - T1059 Connection Proxy - T1090 Create Account - T1136 Credential Dumping - T1003 Data From Local System - T1005 Dll Search Order Hijacking - T1038 Dll Side-Loading - T1073 Exploit Public-Facing Application - T1190 Exploitation For Client Execution - T1203 External Remote Services - T1133 Fallback Channels - T1008 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Remote File Copy - T1105 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 Multi-Stage Channels - T1104 Network Service Scanning - T1046 Network Share Discovery - T1135 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Remote Desktop Protocol - T1076 Remote Services - T1021 Rootkit - T1014 Rundll32 - T1085 Scheduled Task - T1053 Service Execution - T1035 Signed Binary Proxy Execution - T1218 Spearphishing Attachment - T1193 Supply Chain Compromise - T1195 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Web Service - T1102 Exploit Public-Facing Application External Remote Services Indicator Removal On Host Masquerading Network Service Scanning Rootkit Spearphishing Attachment Supply Chain Compromise Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	64ae9a5f-17b7-4e67-86f1-bb98c4fd46e1
Fingerprint	96148d3185b19604
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 7, 2023, 6:25 a.m.
Added to db	Dec. 18, 2024, 10:21 p.m.
Last updated	Dec. 21, 2024, 5:01 a.m.
Headline	MISSION2025 Recent Trends Report 31-05-2021
Title	MISSION2025 Recent Trends Report 31-05-2021 - CYFIRMA
Detected Hints/Tags/Attributes	309/4/66

Source URLs

	Redirection	Url
Details	Redirection	https://www.cyfirma.com/outofband/mission2025-recent-trends-report-31-05-2021/
Details	Source	https://www.cyfirma.com/research/mission2025-recent-trends-report-31-05-2021/

URL Provider

Details	Provider	Source level domain
Details	cyfirma.com	www.cyfirma.com

Attributes

Details	Type	#Events	Value
Details	Domain	67	www.cybereason.com
Details	Mandiant Uncategorized Groups	2	UNC038
Details	Mandiant Uncategorized Groups	1	UNC041
Details	Mandiant Uncategorized Groups	1	UNC036
Details	Mandiant Uncategorized Groups	1	UNC026
Details	Mandiant Uncategorized Groups	1	UNC033
Details	Mandiant Uncategorized Groups	1	UNC044
Details	Mandiant Uncategorized Groups	1	UNC032
Details	MITRE ATT&CK Techniques	560	T1005
Details	MITRE ATT&CK Techniques	133	T1056.001
Details	MITRE ATT&CK Techniques	33	T1071.002
Details	MITRE ATT&CK Techniques	57	T1071.004
Details	MITRE ATT&CK Techniques	28	T1568.002
Details	MITRE ATT&CK Techniques	46	T1008
Details	MITRE ATT&CK Techniques	523	T1105
Details	MITRE ATT&CK Techniques	27	T1104
Details	MITRE ATT&CK Techniques	160	T1090
Details	MITRE ATT&CK Techniques	19	T1102.001
Details	MITRE ATT&CK Techniques	108	T1496
Details	MITRE ATT&CK Techniques	62	T1588.002
Details	MITRE ATT&CK Techniques	590	T1190
Details	MITRE ATT&CK Techniques	208	T1133
Details	MITRE ATT&CK Techniques	340	T1566.001
Details	MITRE ATT&CK Techniques	43	T1195.002
Details	MITRE ATT&CK Techniques	341	T1078
Details	MITRE ATT&CK Techniques	509	T1059.001
Details	MITRE ATT&CK Techniques	368	T1059.003
Details	MITRE ATT&CK Techniques	93	T1059.004
Details	MITRE ATT&CK Techniques	259	T1203
Details	MITRE ATT&CK Techniques	300	T1053.005
Details	MITRE ATT&CK Techniques	186	T1569.002
Details	MITRE ATT&CK Techniques	331	T1047
Details	MITRE ATT&CK Techniques	41	T1197
Details	MITRE ATT&CK Techniques	425	T1547.001
Details	MITRE ATT&CK Techniques	55	T1136.001
Details	MITRE ATT&CK Techniques	193	T1543.003
Details	MITRE ATT&CK Techniques	15	T1546.008
Details	MITRE ATT&CK Techniques	74	T1574.001
Details	MITRE ATT&CK Techniques	246	T1574.002
Details	MITRE ATT&CK Techniques	19	T1574.006
Details	MITRE ATT&CK Techniques	13	T1542.003
Details	MITRE ATT&CK Techniques	485	T1055
Details	MITRE ATT&CK Techniques	20	T1480.001
Details	MITRE ATT&CK Techniques	97	T1070.001
Details	MITRE ATT&CK Techniques	23	T1070.003
Details	MITRE ATT&CK Techniques	323	T1070.004
Details	MITRE ATT&CK Techniques	62	T1036.004
Details	MITRE ATT&CK Techniques	192	T1036.005
Details	MITRE ATT&CK Techniques	581	T1112
Details	MITRE ATT&CK Techniques	679	T1027
Details	MITRE ATT&CK Techniques	50	T1014
Details	MITRE ATT&CK Techniques	17	T1218.001
Details	MITRE ATT&CK Techniques	131	T1218.011
Details	MITRE ATT&CK Techniques	63	T1553.002
Details	MITRE ATT&CK Techniques	11	T1110.002
Details	MITRE ATT&CK Techniques	192	T1003.001
Details	MITRE ATT&CK Techniques	629	T1083
Details	MITRE ATT&CK Techniques	177	T1046
Details	MITRE ATT&CK Techniques	191	T1135
Details	MITRE ATT&CK Techniques	259	T1016
Details	MITRE ATT&CK Techniques	126	T1049
Details	MITRE ATT&CK Techniques	245	T1033
Details	MITRE ATT&CK Techniques	176	T1021.001
Details	MITRE ATT&CK Techniques	154	T1021.002
Details	Threat Actor Identifier - APT	601	APT41
Details	Url	1	https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive#iocs