ioc[.]one - OSINT Cyber Threat Intelligence Database

Weekly Intelligence Report - 15 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Masquerading Obfuscated Files Or Information
country:	Australia United Arab Emirates Bahrain Brazil Malaysia Cambodia Canada China India Indonesia Iraq Israel Italy Japan Oman South Africa Taiwan United Kingdom United States Of America U.S. Virgin Islands
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Software Discovery - T1418 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Binary Padding - T1027.001 Boot Or Logon Autostart Execution - T1547 Bootkit - T1542.003 Command And Scripting Interpreter - T1623 Compile After Delivery - T1027.004 Compile After Delivery - T1500 Create Or Modify System Process - T1543 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 File Deletion - T1070.004 File Deletion - T1630.002 Hidden Files And Directories - T1564.001 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Indicator Removal From Tools - T1027.005 Ingress Tool Transfer - T1544 Inhibit System Recovery - T1490 Input Capture - T1417 Ip Addresses - T1590.005 System Network Configuration Discovery - T1422 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Msiexec - T1218.007 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Pre-Os Boot - T1542 Registry Run Keys / Startup Folder - T1547.001 Rundll32 - T1218.011 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Service Stop - T1489 Social Media - T1593.001 Software - T1592.002 Software Discovery - T1518 Software Packing - T1027.002 Software Packing - T1406.002 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 System Checks - T1633.001 System Checks - T1497.001 System Location Discovery - T1614 Timestomp - T1070.006 Virtualization/Sandbox Evasion - T1497 User Activity Based Checks - T1497.002 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Access Token Manipulation - T1134 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Binary Padding - T1009 Bootkit - T1067 Command-Line Interface - T1059 Connection Proxy - T1090 Credential Dumping - T1003 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Execution Through Module Load - T1129 File And Directory Discovery - T1083 File Deletion - T1107 Hidden Files And Directories - T1158 Hidden Window - T1143 Indicator Removal On Host - T1070 Indicator Removal From Tools - T1066 Indirect Command Execution - T1202 Remote File Copy - T1105 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Remote System Discovery - T1018 Rundll32 - T1085 Security Software Discovery - T1063 Signed Binary Proxy Execution - T1218 Software Packing - T1045 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Owner/User Discovery - T1033 Taint Shared Content - T1080 Timestomp - T1099 Masquerading Remote System Discovery Service Stop

Show in Graph

Common Information

Type	Value
UUID	dd4cd94f-c170-4ee8-a139-6eccf2343034
Fingerprint	b63411730e97bed8
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 14, 2024, 8:55 p.m.
Added to db	Nov. 14, 2024, 10:54 p.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Weekly Intelligence Report – 15 Nov 2024 \| #ransomware \| #cybercrime
Title	Weekly Intelligence Report - 15 Nov 2024 \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Detected Hints/Tags/Attributes	308/4/72

Source URLs

	Redirection	Url
Details	Source	https://nationalcybersecurity.com/weekly-intelligence-report-15-nov-2024-ransomware-cybercrime/?utm_source=rss&utm_medium=rss&utm_campaign=weekly-intelligence-report-15-nov-2024-ransomware-cybercrime

URL Provider

Details	Provider	Source level domain
Details	nationalcybersecurity.com	nationalcybersecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	6	✔	National Cyber Security Consulting	http://nationalcybersecurity.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	4	cve-2024-47072
Details	Domain	29	appspot.com
Details	Domain	1	www.naj.ae
Details	Domain	1	www.melangesystems.com
Details	Domain	4127	github.com
Details	Domain	1	www.sokkakreatif.com
Details	Domain	1	bhmedsoc.com
Details	Domain	1	zalo.vn
Details	File	65	info.txt
Details	File	1208	powershell.exe
Details	File	35	pwsh.exe
Details	File	240	wmic.exe
Details	File	345	vssadmin.exe
Details	File	23	diskshadow.exe
Details	File	4	pwsh.dll
Details	File	43	wbadmin.exe
Details	File	19	credwiz.exe
Details	File	172	dllhost.exe
Details	File	1018	rundll32.exe
Details	File	269	msiexec.exe
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	9	T1542.003
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	116	T1134
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	42	T1027.005
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	60	T1202
Details	MITRE ATT&CK Techniques	265	T1222
Details	MITRE ATT&CK Techniques	97	T1497.001
Details	MITRE ATT&CK Techniques	94	T1564.001
Details	MITRE ATT&CK Techniques	66	T1564.003
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	179	T1087
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	50	T1614
Details	MITRE ATT&CK Techniques	33	T1080
Details	MITRE ATT&CK Techniques	157	T1560
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	152	T1090
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	247	T1070
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	34	T1027.001
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	26	T1027.003
Details	MITRE ATT&CK Techniques	19	T1027.004
Details	MITRE ATT&CK Techniques	93	T1070.006
Details	MITRE ATT&CK Techniques	119	T1218.011
Details	MITRE ATT&CK Techniques	152	T1056
Details	MITRE ATT&CK Techniques	8	T1497.002
Details	MITRE ATT&CK Techniques	185	T1518
Details	Threat Actor Identifier - APT	278	APT10
Details	Threat Actor Identifier - APT	27	APT73
Details	Url	1	https://github.com/x-stream/xstream/security/advisories/ghsa-
Details	Url	1	http://bhmedsoc.com
Details	Url	1	http://zalo.vn