Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Tags
cmtmf-attack-pattern: Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Masquerading Obfuscated Files Or Information Process Injection Scheduled Task/Job
country: Australia Brazil Canada China France Hong Kong India Indonesia Pakistan Italy Japan Spain Philippines Russia United Kingdom United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Application Layer Protocol - T1437 Artificial Intelligence - T1588.007 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Exfiltration Over C2 Channel - T1646 Replication Through Removable Media - T1458 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 File Deletion - T1070.004 File Deletion - T1630.002 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal From Tools - T1027.005 Inhibit System Recovery - T1490 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Parent Pid Spoofing - T1134.004 Parent Pid Spoofing - T1502 Phishing - T1660 Phishing - T1566 Portable Executable Injection - T1055.002 Powershell - T1059.001 Process Injection - T1631 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Spearphishing Attachment - T1566.001 System Location Discovery - T1614 Web Protocols - T1071.001 Web Protocols - T1437.001 Virtualization/Sandbox Evasion - T1497 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Access Token Manipulation - T1134 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Credential Dumping - T1003 Data From Information Repositories - T1213 Data From Local System - T1005 Data Staged - T1074 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Execution Through Module Load - T1129 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Indicator Removal From Tools - T1066 Indirect Command Execution - T1202 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 Obfuscated Files Or Information - T1027 Peripheral Device Discovery - T1120 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Replication Through Removable Media - T1091 Scheduled Task - T1053 Software Packing - T1045 System Information Discovery - T1082 Windows Management Instrumentation - T1047 Data From Information Repositories Masquerading Replication Through Removable Media
Common Information
Type Value
UUID d747de0c-29a6-4ac5-859d-f6b01fc8e41c
Fingerprint b43009d51f97bf99
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 1, 2024, 8:48 a.m.
Added to db Nov. 1, 2024, 10:20 a.m.
Last updated Dec. 10, 2024, 9:24 p.m.
Headline Weekly Intelligence Report – 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware
Title Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Detected Hints/Tags/Attributes 298/4/62
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 6 National Cyber Security Consulting http://nationalcybersecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 6
cve-2024-20260
Details Domain 1
www.suntrust.com.ph
Details Domain 2
www.yorozu-corp.co.jp
Details Domain 1
www.rudrakshahospitals.com
Details Domain 1
www.petrolab.co.id
Details Domain 1
forum.pt
Details Domain 1
1stopbedrooms.com
Details Domain 1
ww.elifelimo.com
Details File 2
o365.vbs
Details File 2
cache.bak
Details File 4
sigverif.exe
Details File 3
imebroker.exe
Details File 14
how_to_back_files.html
Details File 1259
powershell.exe
Details File 37
pwsh.exe
Details File 245
wmic.exe
Details File 357
vssadmin.exe
Details File 24
diskshadow.exe
Details File 5
pwsh.dll
Details File 44
wbadmin.exe
Details IPv4 2
139.155.190.84
Details MITRE ATT&CK Techniques 324
T1566.001
Details MITRE ATT&CK Techniques 714
T1059
Details MITRE ATT&CK Techniques 485
T1053
Details MITRE ATT&CK Techniques 643
T1027
Details MITRE ATT&CK Techniques 357
T1036
Details MITRE ATT&CK Techniques 44
T1055.002
Details MITRE ATT&CK Techniques 1022
T1082
Details MITRE ATT&CK Techniques 598
T1083
Details MITRE ATT&CK Techniques 59
T1213
Details MITRE ATT&CK Techniques 461
T1071.001
Details MITRE ATT&CK Techniques 433
T1041
Details MITRE ATT&CK Techniques 56
T1091
Details MITRE ATT&CK Techniques 316
T1047
Details MITRE ATT&CK Techniques 127
T1129
Details MITRE ATT&CK Techniques 183
T1543.003
Details MITRE ATT&CK Techniques 397
T1547.001
Details MITRE ATT&CK Techniques 234
T1574.002
Details MITRE ATT&CK Techniques 4
T1134.004
Details MITRE ATT&CK Techniques 82
T1548
Details MITRE ATT&CK Techniques 164
T1027.002
Details MITRE ATT&CK Techniques 46
T1027.005
Details MITRE ATT&CK Techniques 307
T1070.004
Details MITRE ATT&CK Techniques 558
T1112
Details MITRE ATT&CK Techniques 510
T1140
Details MITRE ATT&CK Techniques 61
T1202
Details MITRE ATT&CK Techniques 265
T1222
Details MITRE ATT&CK Techniques 244
T1497
Details MITRE ATT&CK Techniques 309
T1562.001
Details MITRE ATT&CK Techniques 125
T1056.001
Details MITRE ATT&CK Techniques 302
T1003
Details MITRE ATT&CK Techniques 506
T1012
Details MITRE ATT&CK Techniques 443
T1057
Details MITRE ATT&CK Techniques 188
T1120
Details MITRE ATT&CK Techniques 53
T1614
Details MITRE ATT&CK Techniques 542
T1005
Details MITRE ATT&CK Techniques 69
T1074
Details MITRE ATT&CK Techniques 466
T1071
Details MITRE ATT&CK Techniques 491
T1486
Details MITRE ATT&CK Techniques 247
T1070
Details MITRE ATT&CK Techniques 284
T1490
Details Url 3
https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asaftdvirtual-dos-muengnyr