Weekly Intelligence Report - 08 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Tags
cmtmf-attack-pattern: Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Data Manipulation Masquerading Native Code Obfuscated Files Or Information Process Injection
country: Australia Brazil Canada China Germany India Indonesia Iran Israel Italy Singapore Vietnam Taiwan United Kingdom United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Accessibility Features - T1546.008 Software Discovery - T1418 Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Credentials In Files - T1552.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Data Manipulation - T1641 Data Manipulation - T1565 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Encrypted Channel - T1521 Encrypted Channel - T1573 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 File Deletion - T1070.004 File Deletion - T1630.002 Financial Theft - T1657 Hardware - T1592.001 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impersonation - T1656 Indicator Removal From Tools - T1027.005 Inhibit System Recovery - T1490 Input Capture - T1417 Ip Addresses - T1590.005 Keylogging - T1056.001 Keylogging - T1417.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Service Stop - T1489 Sms Messages - T1636.004 Software - T1592.002 Software Discovery - T1518 System Checks - T1633.001 System Checks - T1497.001 System Services - T1569 Virtualization/Sandbox Evasion - T1497 User Activity Based Checks - T1497.002 Windows Service - T1543.003 Unsecured Credentials - T1552 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Access Token Manipulation - T1134 Accessibility Features - T1015 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Command-Line Interface - T1059 Credential Dumping - T1003 Credentials In Files - T1081 Data From Local System - T1005 Data Staged - T1074 Dll Side-Loading - T1073 Email Collection - T1114 Execution Through Module Load - T1129 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Indicator Removal From Tools - T1066 Indirect Command Execution - T1202 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 New Service - T1050 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Remote Desktop Protocol - T1076 Remote System Discovery - T1018 Security Software Discovery - T1063 Service Execution - T1035 Third-Party Software - T1072 System Information Discovery - T1082 System Owner/User Discovery - T1033 Masquerading Remote System Discovery Service Stop
Common Information
Type Value
UUID a4ee2245-0af2-4911-b4ed-8a33ab15126e
Fingerprint b43409118ab3bfc8
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 7, 2024, 11:19 p.m.
Added to db Nov. 8, 2024, 12:41 a.m.
Last updated Dec. 10, 2024, 9:24 p.m.
Headline Weekly Intelligence Report – 08 Nov 2024 | #ransomware | #cybercrime
Title Weekly Intelligence Report - 08 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Detected Hints/Tags/Attributes 319/4/63
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 6 National Cyber Security Consulting http://nationalcybersecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 3
cve-2024-9933
Details Domain 193
com.android
Details Domain 4
com.skt.prod
Details Domain 60
com.google.android
Details Domain 1
www.tgi.co.id
Details Domain 2
www.sym-global.com
Details Domain 21
www.wordfence.com
Details Domain 1
www.ambicasteels.com
Details Domain 1
about.stamps.id
Details Domain 1
origin-intl.com.tw
Details File 14
instructions.txt
Details File 3
vsstrace.dll
Details File 99
c:\windows\explorer.exe
Details File 49
c:\windows\immersivecontrolpanel\systemsettings.exe
Details File 176
androidmanifest.xml
Details File 32
android.sys
Details File 5
settings.sys
Details MITRE ATT&CK Techniques 714
T1059
Details MITRE ATT&CK Techniques 127
T1129
Details MITRE ATT&CK Techniques 180
T1569.002
Details MITRE ATT&CK Techniques 183
T1543.003
Details MITRE ATT&CK Techniques 397
T1547.001
Details MITRE ATT&CK Techniques 234
T1574.002
Details MITRE ATT&CK Techniques 122
T1134
Details MITRE ATT&CK Techniques 46
T1027.005
Details MITRE ATT&CK Techniques 357
T1036
Details MITRE ATT&CK Techniques 307
T1070.004
Details MITRE ATT&CK Techniques 558
T1112
Details MITRE ATT&CK Techniques 61
T1202
Details MITRE ATT&CK Techniques 265
T1222
Details MITRE ATT&CK Techniques 244
T1497
Details MITRE ATT&CK Techniques 302
T1003
Details MITRE ATT&CK Techniques 90
T1552.001
Details MITRE ATT&CK Techniques 77
T1010
Details MITRE ATT&CK Techniques 232
T1033
Details MITRE ATT&CK Techniques 443
T1057
Details MITRE ATT&CK Techniques 1022
T1082
Details MITRE ATT&CK Techniques 598
T1083
Details MITRE ATT&CK Techniques 145
T1518.001
Details MITRE ATT&CK Techniques 542
T1005
Details MITRE ATT&CK Techniques 69
T1074
Details MITRE ATT&CK Techniques 90
T1114
Details MITRE ATT&CK Techniques 466
T1071
Details MITRE ATT&CK Techniques 491
T1486
Details MITRE ATT&CK Techniques 202
T1489
Details MITRE ATT&CK Techniques 284
T1490
Details MITRE ATT&CK Techniques 211
T1547
Details MITRE ATT&CK Techniques 165
T1574
Details MITRE ATT&CK Techniques 456
T1055
Details MITRE ATT&CK Techniques 643
T1027
Details MITRE ATT&CK Techniques 101
T1497.001
Details MITRE ATT&CK Techniques 8
T1497.002
Details MITRE ATT&CK Techniques 157
T1056
Details MITRE ATT&CK Techniques 125
T1056.001
Details MITRE ATT&CK Techniques 506
T1012
Details MITRE ATT&CK Techniques 246
T1018
Details MITRE ATT&CK Techniques 188
T1518
Details MITRE ATT&CK Techniques 160
T1095
Details MITRE ATT&CK Techniques 165
T1573
Details Threat Actor Identifier - APT 686
APT29
Details Url 1
https://www.wordfence.com/threat-
Details Url 1
https://about.stamps.id
Details Url 1
http://origin-intl.com.tw