ioc[.]one - OSINT Cyber Threat Intelligence Database

Weekly Intelligence Report - 08 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Data Manipulation Masquerading Native Code Obfuscated Files Or Information Process Injection
country:	Australia Brazil Canada China Germany India Indonesia Iran Israel Italy Singapore Vietnam Taiwan United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Accessibility Features - T1546.008 Software Discovery - T1418 Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Credentials In Files - T1552.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Data Manipulation - T1641 Data Manipulation - T1565 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Encrypted Channel - T1521 Encrypted Channel - T1573 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 File Deletion - T1070.004 File Deletion - T1630.002 Financial Theft - T1657 Hardware - T1592.001 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impersonation - T1656 Indicator Removal From Tools - T1027.005 Inhibit System Recovery - T1490 Input Capture - T1417 Ip Addresses - T1590.005 Keylogging - T1056.001 Keylogging - T1417.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Service Stop - T1489 Sms Messages - T1636.004 Software - T1592.002 Software Discovery - T1518 System Checks - T1633.001 System Checks - T1497.001 System Services - T1569 Virtualization/Sandbox Evasion - T1497 User Activity Based Checks - T1497.002 Windows Service - T1543.003 Unsecured Credentials - T1552 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Access Token Manipulation - T1134 Accessibility Features - T1015 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Command-Line Interface - T1059 Credential Dumping - T1003 Credentials In Files - T1081 Data From Local System - T1005 Data Staged - T1074 Dll Side-Loading - T1073 Email Collection - T1114 Execution Through Module Load - T1129 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Indicator Removal From Tools - T1066 Indirect Command Execution - T1202 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 New Service - T1050 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Remote Desktop Protocol - T1076 Remote System Discovery - T1018 Security Software Discovery - T1063 Service Execution - T1035 Third-Party Software - T1072 System Information Discovery - T1082 System Owner/User Discovery - T1033 Masquerading Remote System Discovery Service Stop

Show in Graph

Common Information

Type	Value
UUID	a4ee2245-0af2-4911-b4ed-8a33ab15126e
Fingerprint	b43409118ab3bfc8
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 7, 2024, 11:19 p.m.
Added to db	Nov. 8, 2024, 12:41 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Weekly Intelligence Report – 08 Nov 2024 \| #ransomware \| #cybercrime
Title	Weekly Intelligence Report - 08 Nov 2024 \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Detected Hints/Tags/Attributes	319/4/63

Source URLs

	Redirection	Url
Details	Source	https://nationalcybersecurity.com/weekly-intelligence-report-08-nov-2024-ransomware-cybercrime/?utm_source=rss&utm_medium=rss&utm_campaign=weekly-intelligence-report-08-nov-2024-ransomware-cybercrime

URL Provider

Details	Provider	Source level domain
Details	nationalcybersecurity.com	nationalcybersecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	6	✔	National Cyber Security Consulting	http://nationalcybersecurity.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	3	cve-2024-9933
Details	Domain	188	com.android
Details	Domain	4	com.skt.prod
Details	Domain	57	com.google.android
Details	Domain	1	www.tgi.co.id
Details	Domain	2	www.sym-global.com
Details	Domain	20	www.wordfence.com
Details	Domain	1	www.ambicasteels.com
Details	Domain	1	about.stamps.id
Details	Domain	1	origin-intl.com.tw
Details	File	14	instructions.txt
Details	File	3	vsstrace.dll
Details	File	99	c:\windows\explorer.exe
Details	File	49	c:\windows\immersivecontrolpanel\systemsettings.exe
Details	File	172	androidmanifest.xml
Details	File	30	android.sys
Details	File	5	settings.sys
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	174	T1569.002
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	116	T1134
Details	MITRE ATT&CK Techniques	42	T1027.005
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	60	T1202
Details	MITRE ATT&CK Techniques	265	T1222
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	MITRE ATT&CK Techniques	75	T1010
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	67	T1074
Details	MITRE ATT&CK Techniques	89	T1114
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	207	T1547
Details	MITRE ATT&CK Techniques	164	T1574
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	97	T1497.001
Details	MITRE ATT&CK Techniques	8	T1497.002
Details	MITRE ATT&CK Techniques	152	T1056
Details	MITRE ATT&CK Techniques	118	T1056.001
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	185	T1518
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	163	T1573
Details	Threat Actor Identifier - APT	665	APT29
Details	Url	1	https://www.wordfence.com/threat-
Details	Url	1	https://about.stamps.id
Details	Url	1	http://origin-intl.com.tw