ioc[.]one - OSINT Cyber Threat Intelligence Database

CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Application Layer Protocol Event Triggered Execution Obtain Capabilities System Network Connections Discovery
country:	United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Direct Model Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Account Access Removal - T1640 Account Access Removal - T1531 Acquire Infrastructure - T1583 Adversary-In-The-Middle - T1638 Adversary-In-The-Middle - T1557 Appdomainmanager - T1574.014 Application Layer Protocol - T1437 Bash History - T1552.003 Cdns - T1596.004 Cloud Infrastructure Discovery - T1580 Cloud Services - T1021.007 Create Or Modify System Process - T1543 Credentials - T1589.001 Credentials From Password Stores - T1555 Credentials In Files - T1552.001 Dcsync - T1003.006 Determine Physical Locations - T1591.001 Determine Physical Locations - T1282 Dll Search Order Hijacking - T1574.001 Dns - T1071.004 Dns - T1590.002 Domain Account - T1087.002 Domain Account - T1136.002 Domain Accounts - T1078.002 Domain Fronting - T1090.004 Domain Groups - T1069.002 Domain Trust Discovery - T1482 Domains - T1583.001 Domains - T1584.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Email Addresses - T1589.002 Employee Names - T1589.003 Encrypted Channel - T1521 Encrypted Channel - T1573 Establish Accounts - T1585 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Exfiltration Over Alternative Protocol - T1639 External Proxy - T1090.002 File Transfer Protocols - T1071.002 Gather Victim Identity Information - T1589 Gather Victim Network Information - T1590 Gather Victim Org Information - T1591 Golden Ticket - T1558.001 Group Policy Discovery - T1615 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Ingress Tool Transfer - T1544 Ip Addresses - T1590.005 Kerberoasting - T1558.003 Llmnr/Nbt-Ns Poisoning And Smb Relay - T1557.001 Local Account - T1087.001 Local Account - T1136.001 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Lsass Memory - T1003.001 Malicious File - T1204.002 Native Api - T1575 Network Security Appliances - T1590.006 Obtain Capabilities - T1588 Pass The Hash - T1550.002 Pass The Ticket - T1550.003 Password Cracking - T1110.002 Password Managers - T1555.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Scan Databases - T1596.005 Search Open Technical Databases - T1596 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Silver Ticket - T1558.002 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Ssh - T1021.004 Steal Or Forge Kerberos Tickets - T1558 Web Protocols - T1071.001 Web Protocols - T1437.001 Windows Service - T1543.003 Windows Management Instrumentation Event Subscription - T1546.003 Use Alternate Authentication Material - T1550 Unsecured Credentials - T1552 Tool - T1588.002 Account Discovery - T1087 Account Manipulation - T1098 Standard Application Layer Protocol - T1071 Bash History - T1139 Brute Force - T1110 Connection Proxy - T1090 Create Account - T1136 Credential Dumping - T1003 Credentials In Files - T1081 Dll Search Order Hijacking - T1038 Domain Fronting - T1172 Execution Through Api - T1106 Exfiltration Over Alternative Protocol - T1048 Remote File Copy - T1105 Kerberoasting - T1208 Network Service Scanning - T1046 Pass The Hash - T1075 Pass The Ticket - T1097 Permission Groups Discovery - T1069 Powershell - T1086 Remote Services - T1021 Remote System Discovery - T1018 Spearphishing Link - T1192 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Windows Management Instrumentation Event Subscription - T1084 User Execution - T1204 Remote System Discovery Valid Accounts User Execution

Show in Graph

Common Information

Type	Value
UUID	d62e3c88-069f-41f1-91c2-9ba132b6dacb
Fingerprint	b5f9511b0da275c5
Analysis status	DONE
Considered CTI value	-2
Text language
Published	Feb. 28, 2023, noon
Added to db	June 5, 2023, 11:42 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks
Title	CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks \| CISA
Detected Hints/Tags/Attributes	254/4/44

Source URLs

	Redirection	Url
Details	Source	https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a

URL Provider

Details	Provider	Source level domain
Details	cisa.gov	www.cisa.gov

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	257	✔	—	https://us-cert.cisa.gov/ncas/alerts.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	dfscoerce.py
Details	Domain	31	nytimes.com
Details	File	478	lsass.exe
Details	File	1	dfscoerce.py
Details	MITRE ATT&CK Techniques	22	T1589.002
Details	MITRE ATT&CK Techniques	6	T1589.003
Details	MITRE ATT&CK Techniques	15	T1585.002
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	99	T1087.002
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	74	T1069.002
Details	MITRE ATT&CK Techniques	16	T1615
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	38	T1550.002
Details	MITRE ATT&CK Techniques	9	T1557.001
Details	MITRE ATT&CK Techniques	27	T1003.006
Details	MITRE ATT&CK Techniques	4	T1558.001
Details	MITRE ATT&CK Techniques	12	T1550.003
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	139	T1021.002
Details	MITRE ATT&CK Techniques	8	T1555.005
Details	MITRE ATT&CK Techniques	70	T1574.001
Details	MITRE ATT&CK Techniques	22	T1546.003
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	1	T1590.006
Details	MITRE ATT&CK Techniques	113	T1552
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	11	T1580
Details	MITRE ATT&CK Techniques	14	T1591
Details	MITRE ATT&CK Techniques	6	T1596.005
Details	MITRE ATT&CK Techniques	5	T1552.003
Details	MITRE ATT&CK Techniques	9	T1110.002
Details	MITRE ATT&CK Techniques	66	T1583
Details	MITRE ATT&CK Techniques	36	T1090.002
Details	MITRE ATT&CK Techniques	31	T1071.002
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	14	T1090.004
Details	MITRE ATT&CK Techniques	168	T1046
Details	MITRE ATT&CK Techniques	92	T1048
Details	MITRE ATT&CK Techniques	26	T1531
Details	MITRE ATT&CK Techniques	492	T1105