ioc[.]one - OSINT Cyber Threat Intelligence Database

Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Application Layer Protocol Event Triggered Execution Exploit Public-Facing Application Location Tracking Modify Os Kernel Or Boot Partition Obfuscated Files Or Information Phishing For Information Scheduled Task/Job
country:	Egypt Australia United Arab Emirates India Iran Pakistan Spain Oman Poland
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Model Access Notifications - T1517 Acquire Infrastructure - T1583 Broadcast Receivers - T1402 Application Layer Protocol - T1437 Audio Capture - T1429 Boot Or Logon Initialization Scripts - T1398 Broadcast Receivers - T1624.001 Call Control - T1616 Call Log - T1636.002 Contact List - T1636.003 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Establish Accounts - T1585 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Exploit Public-Facing Application - T1377 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Gui Input Capture - T1056.002 Gui Input Capture - T1417.002 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Indicator Removal On Host - T1630 Ingress Tool Transfer - T1544 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 System Network Configuration Discovery - T1422 Location Tracking - T1430 Malicious Link - T1204.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Non-Standard Port - T1509 Phishing - T1660 Phishing - T1566 Phishing For Information - T1598 Protected User Data - T1636 Python - T1059.006 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Screen Capture - T1513 Sms Control - T1582 Sms Messages - T1636.004 Social Media Accounts - T1585.001 Social Media Accounts - T1586.001 Software - T1592.002 Steal Web Session Cookie - T1539 Web Protocols - T1071.001 Web Protocols - T1437.001 Video Capture - T1512 Trap - T1546.005 Tool - T1588.002 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Data From Local System - T1005 Dll Side-Loading - T1073 Exploit Public-Facing Application - T1190 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Remote File Copy - T1105 Input Capture - T1056 Obfuscated Files Or Information - T1027 Process Discovery - T1057 Scheduled Task - T1053 Screen Capture - T1113 System Information Discovery - T1082 System Network Configuration Discovery - T1016 Uncommonly Used Port - T1065 Trap - T1154 User Execution - T1204 Exploit Public-Facing Application Indicator Removal On Host Screen Capture User Execution

Show in Graph

Common Information

Type	Value
UUID	a288aa60-6519-4c08-89be-87a7c73ac442
Fingerprint	8d040003e597df27
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 14, 2023, midnight
Added to db	March 14, 2023, 7:21 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam
Title	Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam
Detected Hints/Tags/Attributes	171/4/36

Source URLs

	Redirection	Url
Details	Source	https://www.anomali.com/blog/anomali-cyber-watch-xenomorph-automates-the-whole-fraud-chain-on-android-icefire-ransomware-started-targeting-linux-mythic-leopard-delivers-spyware-using-romance-scam

URL Provider

Details	Provider	Source level domain
Details	anomali.com	www.anomali.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	270	✔	—	https://www.anomali.com/site/blog-rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	50	cve-2022-47986
Details	MITRE ATT&CK Techniques	12	T1417.001
Details	MITRE ATT&CK Techniques	9	T1417.002
Details	MITRE ATT&CK Techniques	82	T1583.001
Details	MITRE ATT&CK Techniques	9	T1585.001
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	100	T1598
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	99	T1539
Details	MITRE ATT&CK Techniques	10	T1398
Details	MITRE ATT&CK Techniques	14	T1624.001
Details	MITRE ATT&CK Techniques	16	T1420
Details	MITRE ATT&CK Techniques	3	T1424
Details	MITRE ATT&CK Techniques	13	T1422
Details	MITRE ATT&CK Techniques	25	T1426
Details	MITRE ATT&CK Techniques	19	T1533
Details	MITRE ATT&CK Techniques	12	T1517
Details	MITRE ATT&CK Techniques	10	T1512
Details	MITRE ATT&CK Techniques	21	T1430
Details	MITRE ATT&CK Techniques	22	T1429
Details	MITRE ATT&CK Techniques	16	T1513
Details	MITRE ATT&CK Techniques	12	T1636.002
Details	MITRE ATT&CK Techniques	17	T1636.003
Details	MITRE ATT&CK Techniques	17	T1636.004
Details	MITRE ATT&CK Techniques	10	T1616
Details	MITRE ATT&CK Techniques	8	T1509
Details	MITRE ATT&CK Techniques	15	T1582
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	Threat Actor Identifier - APT	121	APT42
Details	Threat Actor Identifier - APT	121	APT36