ioc[.]one - OSINT Cyber Threat Intelligence Database

CISA Alert AA24-249A: Russian GRU Unit 29155 Targeting U.S. and Global Critical Infrastructure

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Active Scanning Application Layer Protocol Command And Scripting Interpreter Obtain Capabilities
country:	Laos Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Reputational Harm Acquire Infrastructure - T1583 Active Scanning - T1595 Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Confluence - T1213.001 Credentials - T1589.001 Credentials In Files - T1552.001 Data Destruction - T1662 Data Destruction - T1485 Default Accounts - T1078.001 Dns - T1071.004 Dns - T1590.002 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 Exploits - T1587.004 Exploits - T1588.005 Gather Victim Network Information - T1590 Ingress Tool Transfer - T1544 Ip Addresses - T1590.005 Log Enumeration - T1654 Lsass Memory - T1003.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Multi-Hop Proxy - T1090.003 Network Devices - T1584.008 Obtain Capabilities - T1588 Pass The Hash - T1550.002 Password Cracking - T1110.002 Password Spraying - T1110.003 Powershell - T1059.001 Protocol Tunneling - T1572 Scan Databases - T1596.005 Scanning Ip Blocks - T1595.001 Search Open Technical Databases - T1596 Security Account Manager - T1003.002 Server - T1583.004 Server - T1584.004 Server Software Component - T1505 Ssh - T1021.004 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Shell - T1505.003 Use Alternate Authentication Material - T1550 Unsecured Credentials - T1552 Virtual Private Server - T1583.003 Virtual Private Server - T1584.003 Tool - T1588.002 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Standard Application Layer Protocol - T1071 Brute Force - T1110 Command-Line Interface - T1059 Connection Proxy - T1090 Credential Dumping - T1003 Credentials In Files - T1081 Exploit Public-Facing Application - T1190 Remote File Copy - T1105 Multi-Hop Proxy - T1188 Network Service Scanning - T1046 Standard Non-Application Layer Protocol - T1095 Pass The Hash - T1075 Powershell - T1086 Scripting - T1064 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Web Shell - T1100 Data Destruction Scripting Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	9ac1dc03-c2b3-4478-a69d-3dc8ff495bf5
Fingerprint	b5b93593890287c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 6, 2024, 3:07 p.m.
Added to db	Sept. 6, 2024, 5:23 p.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	CISA Alert AA24-249A: Russian GRU Unit 29155 Targeting U.S. and Global Critical Infrastructure
Title	CISA Alert AA24-249A: Russian GRU Unit 29155 Targeting U.S. and Global Critical Infrastructure
Detected Hints/Tags/Attributes	188/4/58

Source URLs

	Redirection	Url
Details	Source	https://www.picussecurity.com/resource/blog/cisa-alert-aa24-249a-russian-military-cyber-actors-target-us-and-global-critical-infrastructure

URL Provider

Details	Provider	Source level domain
Details	picussecurity.com	www.picussecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	352	✔	Resources-2	https://www.picussecurity.com/resource/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	217	cve-2020-1472
Details	CVE	80	cve-2021-26084
Details	CVE	21	cve-2021-3156
Details	CVE	60	cve-2021-4034
Details	CVE	5	cve-2022-27666
Details	CVE	9	cve-2021-33044
Details	CVE	9	cve-2021-33045
Details	CVE	122	cve-2022-26134
Details	CVE	20	cve-2022-26138
Details	CVE	27	cve-2022-3236
Details	Domain	3	hitccruvbrumn76c1b.bxss.me
Details	Domain	6	bxss.me
Details	Domain	134	shodan.io
Details	Domain	88	secretsdump.py
Details	Domain	77	mega.nz
Details	Domain	1	wiper.win32.whispergate.tc
Details	Domain	4	trojan.win32.generic.tc
Details	Domain	1	exe.autoruns.lt
Details	Domain	469	www.cisa.gov
Details	Domain	4127	github.com
Details	File	3	log.htm
Details	File	3	1.pst
Details	File	478	lsass.exe
Details	File	85	secretsdump.py
Details	File	10	login.htm
Details	File	14	i.php
Details	File	8	tunnel.jsp
Details	Github username	1	jbaines-r7
Details	IPv4	4	179.43.175.38
Details	MITRE ATT&CK Techniques	14	T1595.001
Details	MITRE ATT&CK Techniques	56	T1595.002
Details	MITRE ATT&CK Techniques	8	T1590.002
Details	MITRE ATT&CK Techniques	6	T1596.005
Details	MITRE ATT&CK Techniques	42	T1588.001
Details	MITRE ATT&CK Techniques	62	T1583.003
Details	MITRE ATT&CK Techniques	60	T1588.005
Details	MITRE ATT&CK Techniques	41	T1078.001
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	104	T1505.003
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	43	T1003.002
Details	MITRE ATT&CK Techniques	49	T1110.003
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	MITRE ATT&CK Techniques	168	T1046
Details	MITRE ATT&CK Techniques	4	T1654
Details	MITRE ATT&CK Techniques	38	T1550.002
Details	MITRE ATT&CK Techniques	48	T1090.003
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	52	T1071.004
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	95	T1572
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	MITRE ATT&CK Techniques	93	T1485
Details	Threat Actor Identifier - APT	143	APT40
Details	Url	4	https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a
Details	Url	1	https://github.com/jbaines-r7/through_the_wire.