ioc[.]one - OSINT Cyber Threat Intelligence Database

CISA Alert AA22-277A - Impacket and CovalentStealer Used to Steal Sensitive Data

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Masquerading System Network Connections Discovery
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Impersonation - T1656 Indicator Removal On Host - T1630 Ingress Tool Transfer - T1544 Internet Connection Discovery - T1016.001 Internet Connection Discovery - T1422.001 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Process Discovery - T1424 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Data Staging - T1074.002 Server - T1583.004 Server - T1584.004 Smb/Windows Admin Shares - T1021.002 System Checks - T1633.001 System Checks - T1497.001 Windows Command Shell - T1059.003 Virtualization/Sandbox Evasion - T1497 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Command-Line Interface - T1059 Connection Proxy - T1090 Data Staged - T1074 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Remote File Copy - T1105 Masquerading - T1036 Powershell - T1086 Process Discovery - T1057 Remote Services - T1021 Scheduled Transfer - T1029 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Indicator Removal On Host Masquerading Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	f14d9e41-a106-4a06-8959-cde39140e857
Fingerprint	d4b71d19a734df01
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 7, 2022, 8:11 a.m.
Added to db	June 1, 2023, 10:52 a.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	CISA Alert AA22-277A - Impacket and CovalentStealer Used to Steal Sensitive Data
Title	CISA Alert AA22-277A - Impacket and CovalentStealer Used to Steal Sensitive Data
Detected Hints/Tags/Attributes	121/3/36

Source URLs

	Redirection	Url
Details	Source	https://www.picussecurity.com/resource/blog/cisa-alert-aa22-277a-impacket-and-covalentstealer-used-to-steal-sensitive-data

URL Provider

Details	Provider	Source level domain
Details	picussecurity.com	www.picussecurity.com

Attributes

Details	Type	#Events	Value
Details	CVE	184	cve-2021-26855
Details	Domain	49	wmiexec.py
Details	Domain	369	microsoft.com
Details	Domain	21	smbexec.py
Details	Domain	469	www.cisa.gov
Details	File	45	wmiexec.py
Details	File	2	c:\windows\temp\temp.txt
Details	File	47	winrar.exe
Details	File	14	vmware.exe
Details	File	12	del.exe
Details	File	3	temp.html
Details	File	17	smbexec.py
Details	Mandiant Temporary Group Assumption	13	TEMP.TXT
Details	Mandiant Temporary Group Assumption	3	TEMP.HTML
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	97	T1497.001
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	42	T1016.001
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	139	T1021.002
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	20	T1074.002
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	152	T1090
Details	MITRE ATT&CK Techniques	22	T1029
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development)	51	DEV-0586
Details	Url	3	https://microsoft.com
Details	Url	1	https://www.cisa.gov/uscert/ncas/alerts/aa22-277a