ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Intelligence Report October 29 - November 4 2024 | Red Piranha

Tags

cmtmf-attack-pattern:	Exploit Public-Facing Application Obfuscated Files Or Information Process Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Archive Collected Data - T1560 Archive Collected Data - T1532 Boot Or Logon Autostart Execution - T1547 Cloud Services - T1021.007 Create Or Modify System Process - T1543 Credentials - T1589.001 Credentials From Password Stores - T1555 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Defacement - T1491 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domain Or Tenant Policy Modification - T1484 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over C2 Channel - T1646 Exfiltration Over Web Service - T1567 Exploitation For Privilege Escalation - T1404 Exploit Public-Facing Application - T1377 Replication Through Removable Media - T1458 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 Impair Defenses - T1562 Inhibit System Recovery - T1490 Ip Addresses - T1590.005 Lateral Tool Transfer - T1570 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Native Api - T1575 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Protocol Tunneling - T1572 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Server Software Component - T1505 Service Stop - T1489 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Steal Or Forge Kerberos Tickets - T1558 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Shell - T1505.003 Unsecured Credentials - T1552 Tool - T1588.002 Vulnerabilities - T1588.006 Access Token Manipulation - T1134 Account Discovery - T1087 Command-Line Interface - T1059 Connection Proxy - T1090 Create Account - T1136 Credential Dumping - T1003 Data From Information Repositories - T1213 Data From Local System - T1005 Data From Network Shared Drive - T1039 Execution Through Api - T1106 Exfiltration Over Alternative Protocol - T1048 Exfiltration Over Command And Control Channel - T1041 Exploit Public-Facing Application - T1190 Exploitation For Privilege Escalation - T1068 External Remote Services - T1133 File And Directory Discovery - T1083 Indicator Removal On Host - T1070 Modify Registry - T1112 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Injection - T1055 Remote Desktop Protocol - T1076 Remote Services - T1021 Remote System Discovery - T1018 Replication Through Removable Media - T1091 Scheduled Transfer - T1029 System Information Discovery - T1082 Valid Accounts - T1078 Web Shell - T1100 User Execution - T1204 Data Destruction Data From Information Repositories Exploit Public-Facing Application External Remote Services Remote System Discovery Replication Through Removable Media Service Stop Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	df50849b-9f72-4524-bb5f-7d78f69c6f70
Fingerprint	95f40555e752aedb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 4, 2024, midnight
Added to db	Nov. 4, 2024, 11:13 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Threat Intelligence Report October 29 - November 4 2024
Title	Threat Intelligence Report October 29 - November 4 2024 \| Red Piranha
Detected Hints/Tags/Attributes	224/3/57

Source URLs

	Redirection	Url
Details	Source	https://redpiranha.net/news/threat-intelligence-report-october-29-november-4-2024

URL Provider

Details	Provider	Source level domain
Details	redpiranha.net	redpiranha.net

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	482	✔	Red Piranha	https://redpiranha.net/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	85	cve-2024-8190
Details	CVE	70	cve-2024-8963
Details	CVE	41	cve-2024-9380
Details	CVE	20	cve-2024-51567
Details	CVE	127	cve-2022-41082
Details	CVE	105	cve-2022-41040
Details	Domain	12	forum.redpiranha.net
Details	IPv4	1	68.235.184.54
Details	Mandiant Uncategorized Groups	21	UNC4899
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	67	T1505
Details	MITRE ATT&CK Techniques	122	T1543
Details	MITRE ATT&CK Techniques	207	T1547
Details	MITRE ATT&CK Techniques	86	T1136
Details	MITRE ATT&CK Techniques	78	T1548
Details	MITRE ATT&CK Techniques	116	T1134
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	39	T1484
Details	MITRE ATT&CK Techniques	235	T1562
Details	MITRE ATT&CK Techniques	247	T1070
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	113	T1552
Details	MITRE ATT&CK Techniques	172	T1555
Details	MITRE ATT&CK Techniques	27	T1558
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	179	T1087
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	159	T1021
Details	MITRE ATT&CK Techniques	55	T1091
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	157	T1560
Details	MITRE ATT&CK Techniques	56	T1213
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	67	T1039
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	152	T1090
Details	MITRE ATT&CK Techniques	95	T1572
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	126	T1567
Details	MITRE ATT&CK Techniques	92	T1048
Details	MITRE ATT&CK Techniques	22	T1029
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	93	T1485
Details	Threat Actor Identifier - APT	27	APT73
Details	Url	1	https://forum.redpiranha.net/t/known-exploited-vulnerabilities-catalog-5th-week-of-october-2024/519