Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Sept. 30, 2024, 10:48 a.m.
Description
Date
Published | Created | Modified |
---|---|---|
Sept. 30, 2024, 10:37 a.m. | Sept. 30, 2024, 10:37 a.m. | Sept. 30, 2024, 10:48 a.m. |
Indicators
efb2f6452d7b0a63f6f2f4d8db49433259249df598391dd79f64df1ee3880a8d
ee80f3e3ad43a283cbc83992e235e4c1b03ff3437c880be02ab1d15d92a8348a
de09ec092b11a1396613846f6b082e1e1ee16ea270c895ec6e4f553a13716304
d37dc37fdcebbe0d265b8afad24198998ae8c3b2c6603a9258200ea8a1bd7b4a
d065623a7d943c6e5a20ca9667aa3c41e639e153600e26ca0af5d7c643384670
caa21a8f13a0b77ff5808ad7725ff3af9b74ce5b67426c84538b8fa43820a031
a9aeb861817f3e4e74134622cbe298909e28d0fcc1e72f179a32adc637293a40
827f7178802b2e92988d7cff349648f334bc86317b0b628f4bb9264285fccf5f
53e2dec3e16a0ff000a8c8c279eeeca8b4437edb8ec8462bfbd9f64ded8072d9
c08dd490860b54ae20fa9090274da9ffa1ba163f00d1e462e913cf8c68c11ac1
https://aadinternals.com/post/aadbackdoor/
https://aadinternals.com/post/aad-deepdive/
Attack Patterns
AADInternals
Embargo
Rclone
Impacket
Cobalt Strike - S0154
Storm-0501
T1490
T1550
T1110
T1087
T1021
T1486
T1070
T1518
T1082
T1083
T1543
T1055
T1098
T1566
T1190
T1133
T1078
T1068
T1003
T1059
CVE-2023-4966
CVE-2023-38203
CVE-2023-29300
CVE-2022-47966
Additional Informations
Transportation
Government
Manufacturing
United States of America