ioc[.]one - OSINT Cyber Threat Intelligence Database

ATT&CK Changes

Tags

cmtmf-attack-pattern:	Application Layer Protocol Automated Exfiltration Command And Scripting Interpreter Compromise Accounts Compromise Infrastructure Data Manipulation Masquerading Network Denial Of Service Network Sniffing Phishing For Information Resource Hijacking Trusted Relationship
country:	Australia Belarus Canada China Guam Iran Israel Italy Laos Mali Mexico Panama Poland South Africa Russia Ukraine United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Indirect Search Victim-Owned Websites Abuse Elevation Control Mechanism - T1548 Acquire Infrastructure - T1583 Additional Cloud Credentials - T1098.001 Additional Cloud Roles - T1098.003 Adversary-In-The-Middle - T1638 Adversary-In-The-Middle - T1557 Software Discovery - T1418 Application Layer Protocol - T1437 Biometric Spoofing - T1460 Botnet - T1583.005 Botnet - T1584.005 Chat Messages - T1552.008 Cloud Account - T1087.004 Cloud Account - T1136.003 Cloud Accounts - T1078.004 Cloud Accounts - T1585.003 Cloud Accounts - T1586.003 Cloud Administration Command - T1651 Cloud Api - T1059.009 Cloud Instance Metadata Api - T1552.005 Cloud Instance Metadata Api - T1522 Cloud Services - T1021.007 Command And Scripting Interpreter - T1623 Compromise Accounts - T1586 Compromise Infrastructure - T1584 Conditional Access Policies - T1556.009 Confluence - T1213.001 Content Injection - T1659 Control Panel - T1218.002 Create Or Modify System Process - T1543 Credential Api Hooking - T1056.004 Credential Stuffing - T1110.004 Credentials - T1589.001 Cron - T1053.003 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Cloud Storage - T1530 Data Manipulation - T1641 Data Manipulation - T1565 Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Disable Or Modify Cloud Logs - T1562.008 Disable Or Modify System Firewall - T1562.004 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dns - T1071.004 Dns - T1590.002 Domain Accounts - T1078.002 Domains - T1583.001 Domains - T1584.001 Downgrade Attack - T1562.010 Drive-By Compromise - T1456 Drive-By Target - T1608.004 Establish Accounts - T1585 Event Triggered Execution - T1546 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over C2 Channel - T1646 Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 Exploitation For Privilege Escalation - T1404 Exploits - T1587.004 Exploits - T1588.005 File Deletion - T1070.004 File Deletion - T1630.002 Financial Theft - T1657 Firmware - T1592.003 Gather Victim Identity Information - T1589 Gather Victim Org Information - T1591 Hardware - T1592.001 Hooking - T1617 Impair Defenses - T1562 Impair Defenses - T1629 Impersonation - T1656 Indicator Blocking - T1562.006 Ingress Tool Transfer - T1544 Input Capture - T1417 Internal Spearphishing - T1534 Ip Addresses - T1590.005 Network Denial Of Service - T1464 Javascript - T1059.007 Keylogging - T1056.001 Keylogging - T1417.001 Lateral Tool Transfer - T1570 Launchctl - T1569.001 Lnk Icon Smuggling - T1027.012 Local Account - T1087.001 Local Account - T1136.001 Local Accounts - T1078.003 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Modify System Image - T1601 Multi-Factor Authentication - T1556.006 Multi-Factor Authentication Request Generation - T1621 Native Api - T1575 Network Denial Of Service - T1498 Network Device Cli - T1059.008 Network Devices - T1584.008 Obtain Capabilities - T1588 Password Managers - T1555.005 Phishing - T1660 Phishing - T1566 Phishing For Information - T1598 Powershell - T1059.001 Spearphishing For Information - T1397 Print Processors - T1547.012 Private Keys - T1552.004 Python - T1059.006 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Resource Hijacking - T1496 Search Open Websites/Domains - T1593 Search Victim-Owned Websites - T1594 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Service Stop - T1489 Smb/Windows Admin Shares - T1021.002 Sms Messages - T1636.004 Social Media - T1593.001 Software - T1592.002 Software Discovery - T1518 Spearphishing Voice - T1566.004 Spearphishing Voice - T1598.004 Ssh - T1021.004 Ssh Authorized Keys - T1098.004 Stage Capabilities - T1608 Steal Application Access Token - T1528 Steal Application Access Token - T1635 Steal Web Session Cookie - T1539 Systemd Service - T1543.002 Systemd Service - T1501 Systemd Timers - T1053.006 Vnc - T1021.005 Web Service - T1481 Transmitted Data Manipulation - T1493 Web Session Cookie - T1506 Unused/Unsupported Cloud Regions - T1535 Windows Service - T1543.003 Unix Shell Configuration Modification - T1546.004 Trap - T1546.005 Xdg Autostart Entries - T1547.013 Temporary Elevated Cloud Access - T1548.005 Use Alternate Authentication Material - T1550 Web Session Cookie - T1550.004 Unsecured Credentials - T1552 Transmitted Data Manipulation - T1565.002 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Transmitted Data Manipulation - T1641.001 Account Discovery - T1087 Account Manipulation - T1098 Standard Application Layer Protocol - T1071 Automated Exfiltration - T1020 Brute Force - T1110 Command-Line Interface - T1059 Connection Proxy - T1090 Create Account - T1136 Credential Dumping - T1003 Data From Information Repositories - T1213 Drive-By Compromise - T1189 Execution Through Api - T1106 Execution Through Module Load - T1129 Exfiltration Over Alternative Protocol - T1048 Exfiltration Over Command And Control Channel - T1041 Exploitation For Credential Access - T1212 Exploitation For Privilege Escalation - T1068 External Remote Services - T1133 File Deletion - T1107 Hooking - T1179 Indicator Blocking - T1054 Remote File Copy - T1105 Input Capture - T1056 Launchctl - T1152 Masquerading - T1036 Network Sniffing - T1040 New Service - T1050 Powershell - T1086 Private Keys - T1145 Redundant Access - T1108 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote Services - T1021 Remote System Discovery - T1018 Rootkit - T1014 Scheduled Task - T1053 Scripting - T1064 Security Software Discovery - T1063 Signed Binary Proxy Execution - T1218 Third-Party Software - T1072 Valid Accounts - T1078 Web Service - T1102 Trap - T1154 Trusted Relationship - T1199 User Execution - T1204 Data Destruction Data From Information Repositories Denial Of Service Drive-By Compromise External Remote Services Hooking Masquerading Network Sniffing Remote System Discovery Rootkit Scripting Service Stop Valid Accounts User Execution

Show in Graph

Common Information

Type	Value
UUID	e468236b-aa3d-41f1-abb6-a2198843c5fb
Fingerprint	b53b78518ca78bdd
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 20, 2023, midnight
Added to db	Nov. 6, 2023, 5:52 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	ATT&CK Changes Between v13.1 and v14.0
Title	ATT&CK Changes
Detected Hints/Tags/Attributes	792/4/481

Source URLs

	Redirection	Url
Details	Source	https://attack.mitre.org/docs/changelogs/v13.1-v14.0/changelog-detailed.html

URL Provider

Details	Provider	Source level domain
Details	mitre.org	attack.mitre.org

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	164	✔	—	https://media.cert.europa.eu/rss?type=category&id=SocialEngineering&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	7	cve-2017-8625
Details	Domain	360	attack.mitre.org
Details	Domain	50	webhook.site
Details	Domain	2	awscli.amazonaws.com
Details	Domain	4127	github.com
Details	Domain	88	main.py
Details	Domain	26	mitre.org
Details	Domain	182	www.mandiant.com
Details	Domain	167	www.ic3.gov
Details	Domain	26	posts.specterops.io
Details	Domain	24	sysdig.com
Details	Domain	30	adsecurity.org
Details	Domain	1	ack.mitre.org
Details	Domain	1	ttack.mitre.org
Details	Domain	224	unit42.paloaltonetworks.com
Details	Domain	5	web-assets.esetstatic.com
Details	Domain	1	www.secureworld.io
Details	Domain	280	thehackernews.com
Details	Domain	32	lolbas-project.github.io
Details	Domain	144	www.fortinet.com
Details	Domain	3	tack.mitre.org
Details	Domain	172	www.crowdstrike.com
Details	Domain	79	blog.checkpoint.com
Details	Domain	19	www.bugcrowd.com
Details	Domain	20	www.comparitech.com
Details	Domain	1373	twitter.com
Details	Domain	2	tre.org
Details	Domain	3	securitylabs.datadoghq.com
Details	Domain	23	wiki.zimbra.com
Details	Domain	74	thedfirreport.com
Details	Domain	2	ck.mitre.org
Details	Domain	26	www.technologyreview.com
Details	Domain	261	blog.talosintelligence.com
Details	Domain	1	itre.org
Details	Domain	71	kubernetes.io
Details	Domain	1	pages.endgame.com
Details	Domain	101	www.elastic.co
Details	Domain	4	redops.at
Details	Domain	3	www.expressvpn.com
Details	Domain	27	www.uptycs.com
Details	Domain	8	www.cyberciti.biz
Details	Domain	207	learn.microsoft.com
Details	Domain	622	en.wikipedia.org
Details	Domain	38	blog.netlab.360.com
Details	Domain	2	tldp.org
Details	Domain	707	google.com
Details	Domain	370	www.proofpoint.com
Details	Domain	1	www.ouah.org
Details	Domain	58	redcanary.com
Details	Domain	6	msitpros.com
Details	Domain	12	oddvar.moe
Details	Domain	17	com.google.android.gm
Details	Domain	10	www.fcc.gov
Details	Domain	8	www.nerc.com
Details	Domain	469	www.cisa.gov
Details	Domain	14	www.cyber.gov.au
Details	Domain	105	web.archive.org
Details	Domain	66	www.malwarebytes.com
Details	Domain	72	symantec-enterprise-blogs.security.com
Details	Domain	98	www.secureworks.com
Details	Domain	88	securityintelligence.com
Details	Domain	6	adversary.crowdstrike.com
Details	File	2	changelog.json
Details	File	95	wevtutil.exe
Details	File	5	collectguestlogs.exe
Details	File	12	wlanapi.dll
Details	File	1	update-trail.html
Details	File	76	main.py
Details	File	1	220818.pdf
Details	File	1	eset_fontonlake.pdf
Details	File	1	into-breach-breaking-down-3-saas-app.html
Details	File	25	esentutl.exe
Details	File	4	securitylabs.dat
Details	File	3	kimsuky-abuses-blogs-delivers-malware.html
Details	File	1	ball_pages_r2.pdf
Details	File	2125	cmd.exe
Details	File	256	net.exe
Details	File	18	c:\windows\system32\net.exe
Details	File	1	prebuilt-rule-7-16-4-modification-of-environment-variable-via-launchctl.html
Details	File	131	spoolsv.exe
Details	File	533	ntdll.dll
Details	File	28	program.exe
Details	File	1	overviewofdynamiclibraries.html
Details	File	1	shared-libraries.html
Details	File	1	pfpt-us-tr-human-factor-report.pdf
Details	File	1	backdoors.html
Details	File	1	glossary_of_terms.pdf
Details	File	1	aa23-129a_snake_malware_2.pdf
Details	File	1	lazyscripter.pdf
Details	File	3	tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html
Details	File	1	bitdefender-pr-whitepaper-fin8-creat5619-en-en.pdf
Details	File	2	fin12-group-profile.pdf
Details	File	4	rpt-operation-saffron-rose.pdf
Details	Github username	8	rhinosecuritylabs
Details	Github username	27	sigmahq
Details	sha256	1	28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7
Details	IBM X-Force - Threat Group Enumeration	28	ITG23
Details	Mandiant Uncategorized Groups	20	UNC3524
Details	MITRE ATT&CK Techniques	86	T1136
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	112	T1098
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	113	T1552
Details	MITRE ATT&CK Techniques	46	T1608
Details	MITRE ATT&CK Techniques	183	T1189
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	21	T1557
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	5	T1651
Details	MITRE ATT&CK Techniques	102	T1020
Details	MITRE ATT&CK Techniques	36	T1586
Details	MITRE ATT&CK Techniques	9	T1656
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	93	T1485
Details	MITRE ATT&CK Techniques	43	T1546
Details	MITRE ATT&CK Techniques	100	T1598
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	83	T1534
Details	MITRE ATT&CK Techniques	16	T1657
Details	MITRE ATT&CK Techniques	34	T1589
Details	MITRE ATT&CK Techniques	14	T1591
Details	MITRE ATT&CK Techniques	66	T1583
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	121	T1218
Details	MITRE ATT&CK Techniques	179	T1087
Details	MITRE ATT&CK Techniques	185	T1518
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	107	T1496
Details	MITRE ATT&CK Techniques	3	T1535
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	14	T1621
Details	MITRE ATT&CK Techniques	17	T1593
Details	MITRE ATT&CK Techniques	14	T1594
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	152	T1090
Details	MITRE ATT&CK Techniques	42	T1040
Details	MITRE ATT&CK Techniques	33	T1565
Details	MITRE ATT&CK Techniques	44	T1212
Details	MITRE ATT&CK Techniques	235	T1562
Details	MITRE ATT&CK Techniques	58	T1498
Details	MITRE ATT&CK Techniques	159	T1021
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	125	T1110
Details	MITRE ATT&CK Techniques	52	T1199
Details	MITRE ATT&CK Techniques	78	T1548
Details	MITRE ATT&CK Techniques	145	T1588
Details	MITRE ATT&CK Techniques	56	T1213
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	40	T1528
Details	MITRE ATT&CK Techniques	33	T1550
Details	MITRE ATT&CK Techniques	99	T1539
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	149	T1102
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	152	T1056
Details	MITRE ATT&CK Techniques	3	T1601
Details	MITRE ATT&CK Techniques	122	T1543
Details	MITRE ATT&CK Techniques	13	T1585
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	7	T1456
Details	MITRE ATT&CK Techniques	17	T1660
Details	MITRE ATT&CK Techniques	1	T1655
Details	MITRE ATT&CK Techniques	4	T1639
Details	MITRE ATT&CK Techniques	16	T1646
Details	MITRE ATT&CK Techniques	197	T1489
Details	Microsoft Threat Actor Naming Taxonomy (Groups in development)	115	Storm-0558
Details	Microsoft Threat Actor Naming Taxonomy (Groups in development)	9	storm-0558
Details	Threat Actor Identifier - APT	194	APT35
Details	Threat Actor Identifier - APT	665	APT29
Details	Threat Actor Identifier - APT	115	APT1
Details	Threat Actor Identifier - APT	121	APT42
Details	Threat Actor Identifier - APT	132	APT32
Details	Threat Actor Identifier - FIN	68	FIN8
Details	Threat Actor Identifier - FIN	10	FIN13
Details	Threat Actor Identifier - FIN	377	FIN7
Details	Threat Actor Identifier - FIN	42	FIN12
Details	Url	2	https://attack.mitre.org/techniques/t1136
Details	Url	7	https://attack.mitre.org/techniques/t1078
Details	Url	1	https://attack.mitre.org/techniques/t1098/003
Details	Url	5	https://attack.mitre.org/techniques/t1106
Details	Url	1	https://attack.mitre.org/techniques/t1078/004
Details	Url	1	https://attack.mitre.org/techniques/t1552/005
Details	Url	1	https://attack.mitre.org/techniques/t1608/004
Details	Url	4	https://attack.mitre.org/techniques/t1189
Details	Url	10	https://attack.mitre.org/techniques/t1105
Details	Url	1	https://attack.mitre.org/techniques/t1557
Details	Url	1	https://attack.mitre.org/techniques/t1059/009
Details	Url	1	https://attack.mitre.org/techniques/t1651
Details	Url	3	https://attack.mitre.org/techniques/t1020
Details	Url	1	https://attack.mitre.org/techniques/t1586
Details	Url	1	https://attack.mitre.org/techniques/t1656
Details	Url	9	https://attack.mitre.org/techniques/t1486
Details	Url	3	https://attack.mitre.org/tactics/ta0010
Details	Url	1	https://attack.mitre.org/techniques/t1485
Details	Url	7	https://attack.mitre.org/techniques/t1059/001
Details	Url	1	https://attack.mitre.org/techniques/t1546/005
Details	Url	6	https://attack.mitre.org/tactics/ta0003
Details	Url	2	https://attack.mitre.org/techniques/t1598
Details	Url	3	https://attack.mitre.org/techniques/t1566
Details	Url	1	https://attack.mitre.org/techniques/t1534
Details	Url	1	https://attack.mitre.org/techniques/t1657
Details	Url	1	https://attack.mitre.org/techniques/t1589
Details	Url	1	https://attack.mitre.org/techniques/t1591
Details	Url	2	https://attack.mitre.org/techniques/t1583/001
Details	Url	2	https://attack.mitre.org/techniques/t1204/002
Details	Url	9	https://attack.mitre.org/techniques/t1059
Details	Url	2	https://attack.mitre.org/techniques/t1218
Details	Url	3	https://attack.mitre.org/techniques/t1087
Details	Url	1	https://attack.mitre.org/techniques/t1518
Details	Url	3	https://attack.mitre.org/techniques/t1018
Details	Url	1	https://attack.mitre.org/techniques/t1496
Details	Url	1	https://attack.mitre.org/techniques/t1535
Details	Url	2	https://attack.mitre.org/techniques/t1204
Details	Url	1	https://attack.mitre.org/techniques/t1219
Details	Url	1	https://attack.mitre.org/techniques/t1621
Details	Url	1	https://attack.mitre.org/techniques/t1593
Details	Url	1	https://attack.mitre.org/techniques/t1594
Details	Url	7	https://attack.mitre.org/tactics/ta0006
Details	Url	1	https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudtrail/update-trail.html
Details	Url	1	https://github.com/rhinosecuritylabs/pacu/blob/master/pacu/modules/detection__disruption/main.py
Details	Url	1	https://attack.mitre.or
Details	Url	3	https://attack.mitre
Details	Url	3	https://attack.mitre.org/techniques/t1036
Details	Url	1	https://attack.mitre.org/tec
Details	Url	2	https://attack.mitre.org/techniques/t1090
Details	Url	2	https://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft
Details	Url	1	https://www.ic3.gov/media/news/2022/220818.pdf
Details	Url	2	https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5
Details	Url	1	https://sysdig.com/blog/scarleteel-2-0
Details	Url	1	https://attack.mitre.org/techniq
Details	Url	1	https://attack.mitre.org/techniques/t1098/001
Details	Url	1	https://adsecurity.org/?p=4277
Details	Url	1	https://attack.mitre.org/techniques/t1040
Details	Url	1	https://attack.mitre.org/tech
Details	Url	1	https://attack.mitre.org/techni
Details	Url	1	https://attack.mitre.org/techniques/t1212
Details	Url	1	https://attack.mitre.org/techniques/t1562/010
Details	Url	1	https://attack.mitre.o
Details	Url	2	https://attack.mitre.org/techniques/t1562
Details	Url	1	https://attack.mitre.org/technique
Details	Url	1	https://attack.mitre.org/techniques/t1565/002
Details	Url	2	https://attack.mitre.org/techniques/t1498
Details	Url	1	https://attack.mitre.org/techniques/t1021
Details	Url	5	https://attack.mitre.org/techniques
Details	Url	1	https://attack.mitre.org/techniques/t1562/00
Details	Url	1	https://attack.mitre.org/t
Details	Url	7	https://attack.mitre.org/techniques/t1133
Details	Url	1	https://attack.mitre.org/techniques/t1562/004
Details	Url	2	https://attack.mitre.org/techniques/t1110
Details	Url	2	https://attack.mitre.org/techniques/t1078/002
Details	Url	4	https://attack.mitre.org/techniques/t1098
Details	Url	2	https://attack.mitre.org/techniques/t1199
Details	Url	1	https://attack.mitre.org/techniques/t1548/005
Details	Url	1	https://unit42.paloaltonetworks.com/banking-trojan-techniques/#post
Details	Url	1	https://web-assets.esetstatic.com/wls/2021/10/eset_fontonlake.pdf
Details	Url	1	https://attack.mitre.org/techniques/t1588/004
Details	Url	2	https://sysdig.com/blog/proxyjacking-attackers-log4j-exploited
Details	Url	1	https://attack.mitre.org/techniques/t1213
Details	Url	1	https://www.secureworld.io/industry-news/how-secure-is-your-slack-channel#:
Details	Url	1	https://www.techradar.com/news/ea-hack-reportedly-used-stolen-cookies-and-slack-to-hack-gaming-giant
Details	Url	1	https://thehackernews.com/2022/04/into-breach-breaking-down-3-saas-app.html
Details	Url	1	https://www.usenix.org/conference/usenix-security-11/dark-clouds-horizon-using-cloud-storage-attack-vector-and-online-slack
Details	Url	1	https://attack.mitre.org/sof
Details	Url	1	https://attack.mitre.org/software/s0404
Details	Url	1	https://lolbas-project.github.io/lolbas/binaries/esentutl
Details	Url	2	https://attack.mitre.org/techniques/t1068
Details	Url	1	https://attack.mitre.org/techniques/t1562/006
Details	Url	2	https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis
Details	Url	3	https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem
Details	Url	57	https://attack.mitre.org
Details	Url	1	https://attack.mitr
Details	Url	1	https://www.crowdstrike.com/cybersecurity-101/attack-types/downgrade-attacks
Details	Url	1	https://blog.checkpoint.com/research/targeted-ssl-stripping-attacks-are-real/amp
Details	Url	1	https://www.bugcrowd.com/glossary/replay-attack
Details	Url	1	https://www.comparitech.com/blog/information-security/what-is-a-replay-attack
Details	Url	4	https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access
Details	Url	1	https://twitter.com/msftsecintel/status/1671579359994343425
Details	Url	2	https://attack.mi
Details	Url	1	https://attack.mitre.org/techniques/t1518/001
Details	Url	2	https://www.bleepingcomputer.com/news/security/hackers-exploited-salesforce-zero-day-in-facebook-phishing-attack
Details	Url	1	https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other
Details	Url	1	https://www.bleepingcomputer.com/news/security/ghosttoken-gcp-flaw-let-attackers-backdoor-google-accounts
Details	Url	1	https://attack.mitre.org/techniques/t1
Details	Url	1	https://attack.mitre.org/techniqu
Details	Url	1	https://attack.mitre.org/techn
Details	Url	1	https://attack.mitre.org/techniques/t1539
Details	Url	1	https://attack.mitre.org/techniques/t1528
Details	Url	1	https://attack.mitre.org/techniques/t1552/004
Details	Url	1	https://attack.mitre.org/techniques/t1550
Details	Url	1	https://wiki.zimbra.com/wiki/preauth
Details	Url	1	https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/#:
Details	Url	2	https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware
Details	Url	1	https://attack.mitre.org/te
Details	Url	1	https://attack.mitre.org/software/s0160
Details	Url	1	https://attack.mitre.org/techniques/t105
Details	Url	1	https://attack.mitre.org/software/s0095
Details	Url	5	https://attack.mitre.org/techniques/t1570
Details	Url	2	https://attack.mitre.org/techniques/t1102
Details	Url	1	https://www.technologyreview.com/2013/08/21/83143/dropbox-and-similar-services-can-sync-malware
Details	Url	3	https://attack.mitre.org/techniques/t1003
Details	Url	1	https://attack.mitre.org/techniques/t1056/004
Details	Url	1	https://attack.mitre.org/techniques/t1601
Details	Url	3	https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html
Details	Url	1	https://attack.m
Details	Url	4	https://attack.mitre.org/software
Details	Url	1	https://attack.mitre.org/softwar
Details	Url	4	https://attack.mitre.org/techniques/t1021/002
Details	Url	4	https://attack.mitre.org/techniques/t1021/001
Details	Url	1	https://attack.mitre.org/techniques/t1059/008
Details	Url	1	https://kubernetes.io/docs/concepts/security/service-accounts
Details	Url	1	http://pages.endgame.com/rs/627-ybu-612/images/endgamejournal_the
Details	Url	1	https://www.elastic.co/blog/how-hunt-masquerade-ball
Details	Url	1	https://attack.mitre.org/techniques/t156
Details	Url	2	https://attack.mitre.org/techniques/t1562/001
Details	Url	1	https://redops.at/en/blog/direct-syscalls-vs-indirect-syscalls
Details	Url	1	https://attack.mitre.org/techniques/t1546/004
Details	Url	1	https://www.elastic.co/guide/en/security/7.17/prebuilt-rule-7-16-4-modification-of-environment-variable-via-launchctl.html
Details	Url	1	https://www.expressvpn.com/blog/cybersecurity-lessons-a-path-vulnerability-in-windows
Details	Url	1	https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware
Details	Url	1	https://www.cyberciti.biz/faq/appleosx-bash-unix-change-set-path-environment-variable
Details	Url	1	https://learn.microsoft.com/windows-hardware/drivers/print/introduction-to-print-processors
Details	Url	2	https://attack.mitre.org/techniques/t1543/003
Details	Url	1	https://github.com/sigmahq/sigma/blob/master/rules/windows/registry/registry_delete/registry_delete_removal_sd_value_scheduled_task_hide.yml
Details	Url	1	https://github.com/sigmahq/sigma/blob/master/rules/windows/registry/registry_delete/registry_delete_schtasks_hide_task_via_sd_value_removal.yml
Details	Url	1	https://en.wikipedia.org/wiki/microsoft_windows_library_files
Details	Url	2	https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en
Details	Url	1	https://developer.apple.com/library/archive/documentation/developertools/conceptual/dynamiclibraries/100-articles/overviewofdynamiclibraries.html
Details	Url	1	https://unit42.paloaltonetworks.com/unit42-new-improved-macos-backdoor-oceanlotus
Details	Url	1	https://learn.microsoft.com/troubleshoot/windows-client/deployment/dynamic-link-library
Details	Url	1	https://tldp.org/howto/program-library-howto/shared-libraries.html
Details	Url	25	http://google.com
Details	Url	1	https://www.mandiant.com/resources/blog/url-obfuscation-schema-abuse
Details	Url	1	https://attack.mitre.org/techniques/t159
Details	Url	1	https://attack.mitre.org/techniques/t1585
Details	Url	1	https://attack.mitre.org/techniques/t1550/004
Details	Url	1	https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-human-factor-report.pdf
Details	Url	1	http://www.ouah.org/backdoors.html
Details	Url	1	https://attack.mitre.org/techniques/t1053/003
Details	Url	3	https://attack.mitre.org/techniques/t1021/004
Details	Url	1	https://attack.mitre.org/techniques/t1543/002
Details	Url	1	https://www.hybrid-analysis.com/sample/28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7?environmentid=300
Details	Url	1	https://attack.mitre.org/techniques/t10
Details	Url	1	https://redcanary.com/blog/netwire-remote-access-trojan-on-linux
Details	Url	1	https://attack.mitre.org/techniques/t1562/008
Details	Url	2	https://msitpros.com/?p=3909
Details	Url	1	https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625
Details	Url	1	https://attack.mitre.org/techniques/t1456
Details	Url	1	https://attack.mitre.org/techniques/t1660
Details	Url	1	https://attack.mitre.org/techniques/t1655
Details	Url	1	https://attack.mitre.org/techniques/t1639
Details	Url	1	https://attack.mitre.org/techniques/t1646
Details	Url	1	https://attack.mitre.org/techniques/t1639/001
Details	Url	1	https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf
Details	Url	1	https://web.archive.org/web/20200330012714/https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf
Details	Url	4	https://attack.mitre.org/techniques/t1489
Details	Url	1	https://www.nerc.com/files/glossary_of_terms.pdf
Details	Url	1	https://www.nerc.com/pa/stand/glossary
Details	Url	1	https://attack.mitre.org/software/s1074
Details	Url	1	https://attack.mitre.org/campaigns/c0026
Details	Url	3	https://attack.mitre.org/software/s1087
Details	Url	1	https://attack.mitre.org/software/s1081
Details	Url	4	https://attack.mitre.org/groups/g0061
Details	Url	1	https://attack.mitre.org/software/s1088
Details	Url	1	https://attack.mitre.org/groups/g1019
Details	Url	1	https://attack.mitre.org/software/s1075
Details	Url	1	https://attack.mitre.org/software/s1090
Details	Url	1	https://attack.mitre.org/software/s1076
Details	Url	1	https://attack.mitre.org/software/s1084
Details	Url	11	https://attack.mitre.org/groups/g0016
Details	Url	1	https://attack.mitre.org/software/s1078
Details	Url	5	https://attack.mitre.org/groups/g0050
Details	Url	1	https://attack.mitre.org/software/s1085
Details	Url	1	https://attack.mitre.org/software/s1089
Details	Url	1	https://attack.mitre.org/software/s1086
Details	Url	1	https://attack.mitre.org/software/s0379
Details	Url	1	https://attack.mitre.org/software/s0331
Details	Url	1	https://attack.mitre.org/software/s0198
Details	Url	2	https://attack.mitre.org/software/s0508
Details	Url	1	https://attack.mitre.org/software/s0352
Details	Url	1	https://attack.mitre.org/software/s0022
Details	Url	6	https://attack.mitre.org/groups/g0010
Details	Url	13	https://attack.mitre.org/groups
Details	Url	1	https://attack.mitre.org/software/s002
Details	Url	1	https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_2.pdf
Details	Url	1	https://www.cyber.gov.au/acsc/view-all-content/advisories/2022-004-acsc-ransomware-profile-alphv-aka-blackcat
Details	Url	1	https://www.cyber.gov.au/about-us/advisories/2022-004-acsc-ransomware-profile-alphv-aka-blackcat
Details	Url	1	https://www.symantec.com/security-center/writeup/2018-073014-2512-99?om_rssid=sr
Details	Url	1	https://web.archive.org/web/20190111082249/https://www.symantec.com/security-center/writeup/2018-073014-2512-99?om_rssid=sr
Details	Url	1	https://attack.mitre.org/software/s0600
Details	Url	1	https://attack.mitre.org/software/s9000
Details	Url	1	https://www.zdnet.com/article/sly-malware-author-hides-cryptomining-botnet-behind-ever-shifting-proxy-service
Details	Url	1	https://cyware.com/news/cyber-attackers-leverage-tunneling-service-to-drop-lokibot-onto-victims-systems-6f610e44
Details	Url	1	https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf
Details	Url	3	https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html
Details	Url	1	https://attack.mitre.org/software/s1079
Details	Url	1	https://attack.mitre.org/software/s1083
Details	Url	1	https://attack.mitre.org/software/s1092
Details	Url	1	https://attack.mitre.org/software/s1080
Details	Url	1	https://attack.mitre.org/software/s1093
Details	Url	1	https://attack.mitre.org/software/s1077
Details	Url	1	https://attack.mitre.org/groups/g0142
Details	Url	1	https://attack.mitre.org/software/s1082
Details	Url	7	https://attack.mitre.org/groups/g0058
Details	Url	5	https://attack.mitre.org/groups/g0059
Details	Url	1	https://attack.mitre.org/groups/g1016
Details	Url	1	https://attack.mitre.org/groups/g1015
Details	Url	1	https://attack.mitre.org/groups/g1018
Details	Url	1	https://attack.mitre.org/groups/g1017
Details	Url	2	https://www.mandiant.com/resources/blog/unc3524-eye-spy-email
Details	Url	7	https://attack.mitre.org/groups/g0046
Details	Url	1	https://attack.mitre.org/gro
Details	Url	3	https://attack.mitre.org/groups/g0008
Details	Url	1	https://attack.mitre.org/software/s0496
Details	Url	1	https://attack.mitre.org/software/s0030
Details	Url	1	https://www.mandiant.com/resources/evolution-of-fin7
Details	Url	1	https://attack.mitre.org/groups/g006
Details	Url	1	https://www.bitdefender.com/files/news/casestudies/study/401/bitdefender-pr-whitepaper-fin8-creat5619-en-en.pdf
Details	Url	3	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/syssphinx-fin8-backdoor
Details	Url	2	https://attack.mitre.org/groups/g0119
Details	Url	1	https://attack.mitre.org/grou
Details	Url	2	https://attack.mitre.org/software/s0384
Details	Url	1	https://attack.mitre.org/software/s0570
Details	Url	1	https://attack.mitre.org/software/s0612
Details	Url	3	https://attack.mitre.org/groups/g0102
Details	Url	1	https://attack.mitre.org/software/s0266
Details	Url	1	https://www.secureworks.com/research/threat-profiles/gold-blackburn
Details	Url	2	https://www.mandiant.com/sites/default/files/2021-10/fin12-group-profile.pdf
Details	Url	2	https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection
Details	Url	1	https://adversary.crowdstrike.com/en-us/adversary/ricochet-chollima
Details	Url	1	https://www.crowdstrike.com/adversaries/ricochet-chollima
Details	Url	2	https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf
Details	Url	1	https://www.mandiant.com/sites/default/files/2021-09/rpt-operation-saffron-rose.pdf
Details	Url	4	https://attack.mitre.org/groups/g0040
Details	Url	1	https://attack.mitre.org/campaigns/c0028
Details	Url	10	https://attack.mitre.org/groups/g0034
Details	Url	1	https://attack.mitre.org/software/s0089
Details	Url	1	https://attack.mitre.org/software/s0607
Details	Url	1	https://attack.mitre.org/campaigns/c0027
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Wi
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Software\M
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Softw
Details	Windows Registry Key	1	HKLM\SOFTWARE\Mic
Details	Windows Registry Key	5	HKEY_LOCAL_MACHINE\Software\Microsoft
Details	Windows Registry Key	1	HKLM\SOFTWARE\Microsoft\W
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Softw
Details	Windows Registry Key	5	HKEY_CURRENT_USER\Software\Microsoft\Win
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFT
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windo
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Window
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Soft
Details	Windows Registry Key	36	HKEY_CURRENT_USER\Software\Microsoft\Windows
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Software\Microsof
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\System\CurrentContro
Details	Windows Registry Key	26	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\System\CurrentCon
Details	Windows Registry Key	582	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	480	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Details	Windows Registry Key	493	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	470	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Details	Windows Registry Key	3	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
Details	Windows Registry Key	3	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend
Details	Windows Registry Key	10	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Details	Windows Registry Key	11	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Details	Windows Registry Key	5	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell
Details	Windows Registry Key	5	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
Details	Windows Registry Key	4	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
Details	Windows Registry Key	2	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Details	Windows Registry Key	4	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
Details	Windows Registry Key	2	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Details	Windows Registry Key	2	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Te
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Softwa
Details	Windows Registry Key	19	HKEY_CURRENT_USER\Software\Microsoft\Terminal
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Microsoft-Windows-Sysmon-Operational
Details	Windows Registry Key	1	HKLM\SY
Details	Windows Registry Key	37	HKLM\SYSTEM