Permiso | Blog | Cloud Cred Harvesting Campaign - Grinch Edition
Tags
| attack-pattern: | Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Impersonation - T1656 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | ab272243-4b5f-49ac-82ac-01722c9b3f3e |
| Fingerprint | f589de5fb78fcecf |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Dec. 29, 2022, midnight |
| Added to db | June 5, 2023, 11:30 a.m. |
| Last updated | Nov. 17, 2024, 6:31 p.m. |
| Headline | Summary |
| Title | Permiso | Blog | Cloud Cred Harvesting Campaign - Grinch Edition |
| Detected Hints/Tags/Attributes | 38/1/29 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://permiso.io/blog/s/christmas-cloud-cred-harvesting-campaign |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 193 | ✔ | Cloud Chronicles | https://permiso.io/blog/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 16 | aws.sh |
|
| Details | Domain | 23 | permiso.io |
|
| Details | 1 | ian@permiso.io |
||
| Details | File | 115 | auth.log |
|
| Details | File | 19 | in.php |
|
| Details | File | 9 | access_tokens.db |
|
| Details | File | 10 | credentials.db |
|
| Details | File | 5 | censys.cfg |
|
| Details | File | 10 | filezilla.xml |
|
| Details | File | 34 | recentservers.xml |
|
| Details | File | 5 | queue.sql |
|
| Details | File | 25 | accounts.xml |
|
| Details | md5 | 3 | 3e2cddf76334529a14076c3659a68d92 |
|
| Details | sha1 | 1 | 01a149c8933be37bed975403d26cfa08dbcc3a2b |
|
| Details | IPv4 | 7 | 45.9.148.221 |
|
| Details | IPv4 | 295 | 8.8.8.8 |
|
| Details | IPv4 | 63 | 8.8.4.4 |
|
| Details | IPv4 | 88 | 169.254.169.254 |
|
| Details | IPv4 | 7 | 169.254.170.2 |
|
| Details | IPv4 | 1 | 123.123.234.234 |
|
| Details | Url | 1 | http://45.9.148.221/sh/get/aws.sh |
|
| Details | Url | 1 | http://45.9.148.221 |
|
| Details | Url | 4 | http://169.254.169.254/latest/meta-data/iam/info |
|
| Details | Url | 4 | http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance |
|
| Details | Url | 20 | http://169.254.169.254/latest/meta-data/iam/security-credentials |
|
| Details | Url | 1 | http://169.254.170.2 |
|
| Details | Url | 3 | http://45.9.148.221/in/in.php?base64= |
|
| Details | Url | 1 | http://45.9.148.221/<redacted>/in.php |
|
| Details | Url | 19 | http://169.254.169.254/latest/meta-data |