ioc[.]one - OSINT Cyber Threat Intelligence Database

Scattered Spider: Leveraging Social Engineering for Extortion - CISA Alert AA23-320A

Tags

cmtmf-attack-pattern:	Modify Authentication Process
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Cloud Service Dashboard - T1538 Code Repositories - T1213.003 Code Repositories - T1593.003 Create Cloud Instance - T1578.002 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 File And Directory Discovery - T1420 Impersonation - T1656 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Modify Authentication Process - T1556 Modify Cloud Compute Infrastructure - T1578 Multi-Factor Authentication - T1556.006 Multi-Factor Authentication Request Generation - T1621 Phishing - T1660 Phishing - T1566 Private Keys - T1552.004 Remote Access Software - T1663 Serverless Execution - T1648 Sharepoint - T1213.002 Steal Web Session Cookie - T1539 Trust Modification - T1484.002 Unsecured Credentials - T1552 Browser Bookmark Discovery - T1217 File And Directory Discovery - T1083 Private Keys - T1145 Remote Access Tools - T1219 Remote Services - T1021 Remote System Discovery - T1018 Valid Accounts - T1078 User Execution - T1204 Remote System Discovery Valid Accounts User Execution

Show in Graph

Common Information

Type	Value
UUID	73a1eecd-830b-4117-bbb6-62f68fdcabe7
Fingerprint	c43d6dd9accbcd87
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 17, 2023, 4:39 p.m.
Added to db	Nov. 20, 2023, 12:02 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Scattered Spider: Leveraging Social Engineering for Extortion - CISA Alert AA23-320A
Title	Scattered Spider: Leveraging Social Engineering for Extortion - CISA Alert AA23-320A
Detected Hints/Tags/Attributes	118/3/46

Source URLs

	Redirection	Url
Details	Source	https://www.picussecurity.com/resource/blog/scattered-spider-leveraging-social-engineering-for-extortion-cisa-alert-aa23-320

URL Provider

Details	Provider	Source level domain
Details	picussecurity.com	www.picussecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	352	✔	Resources-2	https://www.picussecurity.com/resource/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	8	fleetdeck.io
Details	Domain	12	level.io
Details	Domain	2	trojan-ransom.win32.generic.tc
Details	Domain	1	trojan.win32.blackcatalphv.tc
Details	Domain	1	ransomware.linux.blackcat.tc
Details	Domain	1	ransomware.win32.blackcat.tc
Details	Domain	1	ransomware.linux.domain.tc
Details	Domain	1	win32.quasar.tc
Details	Domain	1	trojan-spy.msil.stealer.gen.tc
Details	Domain	1	trojan.win32.raccoonstealer.tc
Details	Domain	1	backdoor.win32.tofsee.gen.tc
Details	Domain	1	trojan.win32.raccoonstealer.tc.sy
Details	Domain	1	trojan.win32.trojan-psw.win32.coins.acno.tc
Details	Domain	1	win32.vidar.tc
Details	Domain	1	vidar.tc
Details	Domain	35	w32.auto
Details	Domain	1	w32.66162e69ca-100.sbx.tg
Details	Domain	1	w32.d71f81edf8-95.sbx.tg
Details	Domain	1	w32.42c6950ca5-95.sbx.tg
Details	Domain	1	w32.dad5fceab0-95.sbx.tg
Details	Domain	1	w32.9ec586b079-95.sbx.tg
Details	Domain	1	kryptik.eat
Details	Domain	1	win32.pr
Details	Domain	1	win32.su
Details	Domain	469	www.cisa.gov
Details	File	4	trojan-spy.msi
Details	File	1	su.ep
Details	IPv6	18	c::1201
Details	Mandiant Uncategorized Groups	111	UNC3944
Details	MITRE ATT&CK Techniques	4	T1648
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	6	T1556.006
Details	MITRE ATT&CK Techniques	13	T1484.002
Details	MITRE ATT&CK Techniques	4	T1578.002
Details	MITRE ATT&CK Techniques	9	T1656
Details	MITRE ATT&CK Techniques	14	T1621
Details	MITRE ATT&CK Techniques	113	T1552
Details	MITRE ATT&CK Techniques	29	T1217
Details	MITRE ATT&CK Techniques	99	T1539
Details	MITRE ATT&CK Techniques	4	T1538
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	126	T1567
Details	MITRE ATT&CK Techniques	472	T1486
Details	Url	1	https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a.