ioc[.]one - OSINT Cyber Threat Intelligence Database

New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Command-Line Interface Endpoint Denial Of Service Exploit Public-Facing Application
country:	British Indian Ocean Territory Germany Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Command-Line Interface - T1605 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Endpoint Denial Of Service - T1642 Endpoint Denial Of Service - T1499 Establish Accounts - T1585 Exploit Public-Facing Application - T1377 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Network Service Scanning - T1423 System Information Discovery - T1426 Python - T1059.006 Search Engines - T1593.002 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Create Account - T1136 Exploit Public-Facing Application - T1190 Remote File Copy - T1105 Network Service Scanning - T1046 Remote Access Tools - T1219 Scripting - T1064 System Information Discovery - T1082 Web Shell - T1100 Command-Line Interface Exploit Public-Facing Application Network Service Scanning Remote File Copy Scripting Standard Application Layer Protocol

Show in Graph

Common Information

Type	Value
UUID	93f41c2f-6c86-461e-ad17-14f140707082
Fingerprint	b53b9c102db7678d
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 4, 2023, 2 p.m.
Added to db	Nov. 19, 2023, 3:36 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services
Title	New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services
Detected Hints/Tags/Attributes	151/4/41

Source URLs

	Redirection	Url
Details	Source	https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services

URL Provider

Details	Provider	Source level domain
Details	securityjoes.com	www.securityjoes.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	371	✔	Security Joes	https://www.securityjoes.com/blog-feed.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	3	cve-2023-28434
Details	CVE	13	cve-2023-28432
Details	Domain	12	securityjoes.com
Details	Domain	5	scan.py
Details	Domain	1	networks.py
Details	Domain	1	api.timeinfo.org
Details	Domain	1	codeclou.io
Details	Domain	4127	github.com
Details	Email	12	response@securityjoes.com
Details	File	1	winhttpjs.bat
Details	File	5	scan.py
Details	File	1	networks.py
Details	File	1	adduser.bat
Details	File	71	shell.php
Details	File	1	node.bat
Details	Github username	4	minio
Details	sha256	1	1ef7419804e401fbb3860862c2b2fbc1ec3c4650fe24fb44f787f81acf6ad65b
Details	sha256	1	b14a23d0d77a45f4df4889b0c2d239fb118f9d16f944571a8b4d08603d16fb41
Details	sha256	1	9698d561de233038cf922b0de4a0bbb8e5723c800b4bc04c7ac82d92cb715dfd
Details	sha256	1	42aaacf6871108a45e1ae8ede15bc7cdcb9cf9ede067059524ba8d3b8928e91c
Details	sha256	1	fc7909c24b2bb7f42648c605deacb3ae4f9574b95a562dd165e5e9aca2cc7d74
Details	sha256	1	0e084eb83954a090d83730b157f20549cf90b9d0206f5fd0bbcff009788eeafd
Details	sha256	1	eadde565b44e35608447b056761ba172b608b796418ab1244607dc17d21f05e3
Details	sha256	1	d56c63cc53ed72a879f224ab85019db5fc2c30e8f193c1147975d46e3f5d913a
Details	sha256	1	9e1a2a068af2524d2abc48c1edf46de8cfa3329d3688164db5969bc1914377fc
Details	sha256	1	d4cf68e351992fc32021c75820f7d2a858796dd9dc245b7fbbf2cef8656081b2
Details	sha256	1	6b46cf38c45ad81dfcbbd77a1b196c5dea147088f6dab1b1920a508d61bb03ed
Details	sha256	1	fffa85e27836fd556a06660ac0ad76a35ef02687652a81194821c538e847d58f
Details	IPv4	1	5.183.95.88
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	86	T1136
Details	MITRE ATT&CK Techniques	7	T1100
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	168	T1046
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	31	T1499
Details	Url	1	http://vulnerable.minio.server/?alive=[cmd_to_execute]
Details	Url	1	http://vulnerable.minio.server/anything?alive=[cmd_to_execute]
Details	Windows Registry Key	26	HKLM\SYSTEM\CurrentControlSet\Control\Terminal