Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Tags
cmtmf-attack-pattern: Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Masquerading Obfuscated Files Or Information Process Injection Scheduled Task/Job
country: Australia Brazil Canada China France Hong Kong India Indonesia Pakistan Italy Japan Spain Philippines Russia United Kingdom United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Application Layer Protocol - T1437 Artificial Intelligence - T1588.007 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Exfiltration Over C2 Channel - T1646 Replication Through Removable Media - T1458 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 File Deletion - T1070.004 File Deletion - T1630.002 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal From Tools - T1027.005 Inhibit System Recovery - T1490 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Parent Pid Spoofing - T1134.004 Parent Pid Spoofing - T1502 Phishing - T1660 Phishing - T1566 Portable Executable Injection - T1055.002 Powershell - T1059.001 Process Injection - T1631 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Spearphishing Attachment - T1566.001 System Location Discovery - T1614 Web Protocols - T1071.001 Web Protocols - T1437.001 Virtualization/Sandbox Evasion - T1497 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Access Token Manipulation - T1134 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Credential Dumping - T1003 Data From Information Repositories - T1213 Data From Local System - T1005 Data Staged - T1074 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Execution Through Module Load - T1129 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Indicator Removal From Tools - T1066 Indirect Command Execution - T1202 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 Obfuscated Files Or Information - T1027 Peripheral Device Discovery - T1120 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Replication Through Removable Media - T1091 Scheduled Task - T1053 Software Packing - T1045 System Information Discovery - T1082 Windows Management Instrumentation - T1047 Data From Information Repositories Masquerading Replication Through Removable Media
Show in Graph
Common Information
Type Value
UUID d747de0c-29a6-4ac5-859d-f6b01fc8e41c
Fingerprint b43009d51f97bf99
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 1, 2024, 8:48 a.m.
Added to db Nov. 1, 2024, 10:20 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Weekly Intelligence Report – 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware
Title Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Detected Hints/Tags/Attributes 298/4/62
Source URLs
Redirection Url
Details Source https://nationalcybersecurity.com/weekly-intelligence-report-01-nov-2024-hacking-cybersecurity-infosec-comptia-pentest-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=weekly-intelligence-report-01-nov-2024-hacking-cybersecurity-infosec-comptia-pentest-ransomware
URL Provider
Details Provider Source level domain
Details nationalcybersecurity.com nationalcybersecurity.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 6 National Cyber Security Consulting http://nationalcybersecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 6 
cve-2024-20260
Details Domain 1 
www.suntrust.com.ph
Details Domain 2 
www.yorozu-corp.co.jp
Details Domain 1 
www.rudrakshahospitals.com
Details Domain 1 
www.petrolab.co.id
Details Domain 1 
forum.pt
Details Domain 1 
1stopbedrooms.com
Details Domain 1 
ww.elifelimo.com
Details File 2 
o365.vbs
Details File 2 
cache.bak
Details File 4 
sigverif.exe
Details File 3 
imebroker.exe
Details File 14 
how_to_back_files.html
Details File 1208 
powershell.exe
Details File 35 
pwsh.exe
Details File 240 
wmic.exe
Details File 345 
vssadmin.exe
Details File 23 
diskshadow.exe
Details File 4 
pwsh.dll
Details File 43 
wbadmin.exe
Details IPv4 2 
139.155.190.84
Details MITRE ATT&CK Techniques 310 
T1566.001
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 480 
T1053
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 348 
T1036
Details MITRE ATT&CK Techniques 40 
T1055.002
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 56 
T1213
Details MITRE ATT&CK Techniques 442 
T1071.001
Details MITRE ATT&CK Techniques 422 
T1041
Details MITRE ATT&CK Techniques 55 
T1091
Details MITRE ATT&CK Techniques 310 
T1047
Details MITRE ATT&CK Techniques 120 
T1129
Details MITRE ATT&CK Techniques 180 
T1543.003
Details MITRE ATT&CK Techniques 380 
T1547.001
Details MITRE ATT&CK Techniques 227 
T1574.002
Details MITRE ATT&CK Techniques 4 
T1134.004
Details MITRE ATT&CK Techniques 78 
T1548
Details MITRE ATT&CK Techniques 160 
T1027.002
Details MITRE ATT&CK Techniques 42 
T1027.005
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 550 
T1112
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 60 
T1202
Details MITRE ATT&CK Techniques 265 
T1222
Details MITRE ATT&CK Techniques 238 
T1497
Details MITRE ATT&CK Techniques 298 
T1562.001
Details MITRE ATT&CK Techniques 118 
T1056.001
Details MITRE ATT&CK Techniques 289 
T1003
Details MITRE ATT&CK Techniques 501 
T1012
Details MITRE ATT&CK Techniques 433 
T1057
Details MITRE ATT&CK Techniques 188 
T1120
Details MITRE ATT&CK Techniques 50 
T1614
Details MITRE ATT&CK Techniques 534 
T1005
Details MITRE ATT&CK Techniques 67 
T1074
Details MITRE ATT&CK Techniques 444 
T1071
Details MITRE ATT&CK Techniques 472 
T1486
Details MITRE ATT&CK Techniques 247 
T1070
Details MITRE ATT&CK Techniques 276 
T1490
Details Url 3 
https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asaftdvirtual-dos-muengnyr