ioc[.]one - OSINT Cyber Threat Intelligence Database

Iranian Cyber Actors’ Brute Force and Credential Access Attacks: CISA Alert AA24-290A

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Modify Authentication Process
country:	Iran
attack-pattern:	Data Application Layer Protocol - T1437 Cloud Accounts - T1078.004 Cloud Accounts - T1585.003 Cloud Accounts - T1586.003 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials From Password Stores - T1555 Data From Local System - T1533 Device Registration - T1098.005 Domain Groups - T1069.002 Domains - T1583.001 Domains - T1584.001 Gather Victim Identity Information - T1589 Ip Addresses - T1590.005 Kerberoasting - T1558.003 Modify Authentication Process - T1556 Multi-Factor Authentication - T1556.006 Multi-Factor Authentication Request Generation - T1621 Password Spraying - T1110.003 Powershell - T1059.001 Protocol Tunneling - T1572 Remote Desktop Protocol - T1021.001 Web Protocols - T1071.001 Web Protocols - T1437.001 Trust Modification - T1484.002 Tool - T1588.002 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Brute Force - T1110 Command-Line Interface - T1059 Data From Local System - T1005 Exploitation For Privilege Escalation - T1068 External Remote Services - T1133 Remote File Copy - T1105 Kerberoasting - T1208 Permission Groups Discovery - T1069 Powershell - T1086 Remote Desktop Protocol - T1076 Remote Services - T1021 Remote System Discovery - T1018 Valid Accounts - T1078 External Remote Services Remote System Discovery Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	f1872163-f817-4f45-a877-253fbde7266e
Fingerprint	25a125910b05e649
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 18, 2024, 10:23 a.m.
Added to db	Oct. 18, 2024, 12:27 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Iranian Cyber Actors’ Brute Force and Credential Access Attacks: CISA Alert AA24-290A
Title	Iranian Cyber Actors’ Brute Force and Credential Access Attacks: CISA Alert AA24-290A
Detected Hints/Tags/Attributes	109/3/27

Source URLs

	Redirection	Url
Details	Source	https://www.picussecurity.com/resource/blog/cisa-alert-aa24-290a-iranian-cyber-actors-brute-force-and-credential-access-attacks

URL Provider

Details	Provider	Source level domain
Details	picussecurity.com	www.picussecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	352	✔	Resources-2	https://www.picussecurity.com/resource/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	217	cve-2020-1472
Details	Domain	469	www.cisa.gov
Details	File	6	domainpasswordspray.ps1
Details	File	74	mstsc.exe
Details	File	128	msedge.exe
Details	MITRE ATT&CK Techniques	34	T1589
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	34	T1078.004
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	6	T1556.006
Details	MITRE ATT&CK Techniques	11	T1098.005
Details	MITRE ATT&CK Techniques	33	T1556
Details	MITRE ATT&CK Techniques	13	T1484.002
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	49	T1110.003
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	36	T1558.003
Details	MITRE ATT&CK Techniques	172	T1555
Details	MITRE ATT&CK Techniques	14	T1621
Details	MITRE ATT&CK Techniques	160	T1021.001
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	74	T1069.002
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	95	T1572
Details	MITRE ATT&CK Techniques	534	T1005
Details	Url	1	https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a