Hunting for signs of persistence in the cloud: an IR guide following the CircleCI incident | Wiz Blog
Tags
attack-pattern: Data Cloud Account - T1087.004 Cloud Account - T1136.003 Credentials - T1589.001 Powershell - T1059.001 Private Keys - T1552.004 Serverless - T1583.007 Serverless - T1584.007 Ssh - T1021.004 New Service - T1050 Powershell - T1086 Private Keys - T1145
Show in Graph
Common Information
Type Value
UUID f93280b9-723a-46bd-b1f1-b48692f77f14
Fingerprint a92bda8245ecc24d
Analysis status DONE
Considered CTI value 1
Text language
Published Jan. 12, 2023, 12:04 p.m.
Added to db Nov. 19, 2023, 6:12 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Hunting for signs of persistence in the cloud: an IR guide following the CircleCI incident
Title Hunting for signs of persistence in the cloud: an IR guide following the CircleCI incident | Wiz Blog
Detected Hints/Tags/Attributes 56/1/12
Source URLs
Redirection Url
Details Source https://www.wiz.io/blog/hunting-for-signs-of-persistence-in-the-cloud-an-ir-guide
URL Provider
Details Provider Source level domain
Details wiz.io www.wiz.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 398 Wiz Blog | RSS feed https://www.wiz.io/blog/rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
initiatedby.app
Details Domain 5 
google.cloud
Details IPv4 3 
178.249.214.10
Details IPv4 3 
89.36.78.75
Details IPv4 3 
89.36.78.109
Details IPv4 3 
89.36.78.135
Details IPv4 3 
178.249.214.25
Details IPv4 3 
72.18.132.58
Details IPv4 3 
188.68.229.52
Details IPv4 3 
111.90.149.55
Details Threat Actor Identifier - APT 665 
APT29
Details Threat Actor Identifier - APT 278 
APT10