Tag: CVE-2020-1472

6 Attack Reports | 0 Vulnerabilities

Attack reports

Navigating Through The Fog

An open directory linked to a Fog ransomware affiliate was discovered, containing tools for reconnaissance, exploitation, lateral movement, and persistence. Initial access was gained through compromised SonicWall VPN credentials, while other tools facilitated credential theft and exploitation of Ac…
ransomware
anydesk
persistence
credential theft
CVE-2020-1472
CVE-2021-42278
CVE-2021-42287
sliver
lateral movement
vpn
fog ransomware
sonicwall
2025-04-28
active directory
Published: April 28, 2025
Linked vulnerabilities : CVE-2021-42287, CVE-2021-42278, CVE-2020-1472
Downloadable IOCs: 1

Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis

This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
anydesk
persistence
CVE-2020-1472
lateral movement
privilege escalation
web shell
defense evasion
2024-10-24
iis
mxdr
vpn compromise
Published: October 24, 2024
Linked vulnerabilities : CVE-2020-1472
Downloadable IOCs: 1

Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
CVE-2020-1472
malicious
credential
lateral
infrastructure
2024-10-17
access
Published: October 17, 2024
Linked vulnerabilities : CVE-2020-1472
Downloadable IOCs: 1

StopRansomware: RansomHub Ransomware

RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
privilege-escalation
cobalt strike
encryption
CVE-2020-1472
ransomware-as-a-service
ransomhub
mimikatz
CVE-2023-3519
2024-08-30
metasploit
CVE-2023-22515
CVE-2023-46604
CVE-2017-0144
CVE-2023-48788
double-extortion
CVE-2023-27997
data-exfiltration
CVE-2023-46747
critical-infrastructure
CVE-2020-0787
lateral-movement
Published: August 30, 2024
Linked vulnerabilities : CVE-2020-1472, CVE-2023-46604, CVE-2023-22515, CVE-2020-0787, CVE-2017-0144, CVE-2023-3519, CVE-2023-27997, CVE-2023-48788, CVE-2023-46747
Downloadable IOCs: 14

RansomHub: New Ransomware with Origins in Older Knight

A rapidly emerging operation called RansomHub has rapidly grown into one of the largest ransomware threats currently active. Analysis reveals RansomHub is likely an updated and rebranded version of the older Knight ransomware, suggesting the developers bought Knight's source code after its develope…
CVE-2020-1472
2024-06-06
zerologon
ransomware-as-a-service
knight
cyclops blink
snatch
rebranded
affiliates
ransomhub
Published: June 6, 2024
Linked vulnerabilities : CVE-2020-1472
Downloadable IOCs: 14

StopRansomware: Black Basta

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…
phishing
ransomware
exfiltration
encryption
2024-05-08
qakbot
qbot
CVE-2020-1472
quackbot
pinkslipbot
CVE-2024-1709
healthcare
CVE-2021-34527
CVE-2021-42278
CVE-2021-42287
2024-05-09
2024-05-10
2024-05-13
Published: May 13, 2024
Linked vulnerabilities : CVE-2021-42287, CVE-2021-42278, CVE-2024-1709, CVE-2021-34527, CVE-2020-1472
Downloadable IOCs: 174
Click here to see more Attack Reports