Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter Exploit Public-Facing Application
attack-pattern: Data Direct Command And Scripting Interpreter - T1623 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domain Accounts - T1078.002 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 Exploit Public-Facing Application - T1377 Impair Defenses - T1562 Impair Defenses - T1629 Local Account - T1087.001 Local Account - T1136.001 Local Accounts - T1078.003 Powershell - T1059.001 Protocol Tunneling - T1572 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Server Software Component - T1505 Software - T1592.002 Ssh - T1021.004 Windows Command Shell - T1059.003 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Account Discovery - T1087 Command-Line Interface - T1059 Credential Dumping - T1003 Exfiltration Over Alternative Protocol - T1048 Exploit Public-Facing Application - T1190 Powershell - T1086 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote System Discovery - T1018 Rootkit - T1014 Scheduled Task - T1053 Valid Accounts - T1078 Web Shell - T1100 Exploit Public-Facing Application Remote System Discovery Rootkit Valid Accounts
Show in Graph
Common Information
Type Value
UUID 9bfb9e80-7f7e-4016-9e58-b4309da76987
Fingerprint b82c04d52fa49423
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 20, 2023, 9 a.m.
Added to db Nov. 20, 2023, 10:25 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group
Title Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group
Detected Hints/Tags/Attributes 97/2/44
Source URLs
Redirection Url
Details Source https://research.nccgroup.com/2023/11/20/is-this-the-real-life-is-this-just-fantasy-caught-in-a-landslide-noescape-from-ncc-group/
URL Provider
Details Provider Source level domain
Details nccgroup.com research.nccgroup.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 206 https://research.nccgroup.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 168 
cve-2021-34473
Details CVE 142 
cve-2021-34523
Details CVE 143 
cve-2021-31207
Details File 2125 
cmd.exe
Details File 5 
gmer.exe
Details File 8 
aswarpot.sys
Details File 14 
mhyprot2.sys
Details File 1 
csdump.exe
Details File 2 
fgdump.exe
Details File 1 
memorydumper.exe
Details File 5 
p64.exe
Details File 6 
megasync.exe
Details sha1 1 
142d950e7dd975056bd3487672c14c26450d55c1
Details sha1 1 
2f366382d2db32aaca15f9cadc14c693b33c361f
Details sha1 3 
4709827c7a95012ab970bf651ed5183083366c79
Details sha1 1 
75db5a0b47783b4e4c812cf521c3a443facb6bbb
Details sha1 1 
bb3593007fe44993e102830edc3255836a97fb01
Details sha1 1 
fb0a150601470195c47b4e8d87fcb3f50292beb2
Details sha256 1 
214551a8c07633d8c70f7be4689efe3bb74abfd6e64264cf440100413ea6be6b
Details sha256 1 
53b5a02259c69ab213ba1458d7f70b01614cc32e040b849ad67fefb07a725945
Details sha256 2 
828e81aa16b2851561fff6d3127663ea2d1d68571f06cbd732fdf5672086924d
Details sha256 1 
078212dea0c7fd9cdfa40dbb320b29900f4e8ba0e64d2199f6cae0bc23d1c625
Details sha256 2 
2020cae5115b6980d6423d59492b99e6aaa945a2230b7379c2f8ae3f54e1efd5
Details sha256 1 
ad6b98c01ee849874e4b4502c3d7853196f6044240d3271e4ab3fc6e3c08e9a4
Details IPv4 1 
172.93.181.238
Details IPv4 619 
0.0.0.0
Details IPv4 1441 
127.0.0.1
Details IPv4 1 
66.203.125.14
Details MITRE ATT&CK Techniques 542 
T1190
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 333 
T1059.003
Details MITRE ATT&CK Techniques 275 
T1053.005
Details MITRE ATT&CK Techniques 104 
T1505.003
Details MITRE ATT&CK Techniques 71 
T1078.002
Details MITRE ATT&CK Techniques 43 
T1078.003
Details MITRE ATT&CK Techniques 298 
T1562.001
Details MITRE ATT&CK Techniques 289 
T1003
Details MITRE ATT&CK Techniques 72 
T1087.001
Details MITRE ATT&CK Techniques 243 
T1018
Details MITRE ATT&CK Techniques 160 
T1021.001
Details MITRE ATT&CK Techniques 95 
T1572
Details MITRE ATT&CK Techniques 141 
T1219
Details MITRE ATT&CK Techniques 19 
T1048.002
Details MITRE ATT&CK Techniques 472 
T1486