Lucene search

K
hiveproHive ProHIVEPRO:9ED793E90599B498499D6CB773C9F42F
HistoryMay 19, 2022 - 3:20 a.m.

Weekly Threat Digest: 9-15 May 2022

2022-05-1903:20:31
Hive Pro
www.hivepro.com
21

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 650 3 1 14 10 13 The second week of May 2022 witnessed the discovery of 650 vulnerabilities out of which 3 gained the attention of Threat Actors and security researchers worldwide. All 3 of them are zero days. Hive Pro Threat Research Team has curated a list of 3 CVEs that require immediate action. Further, we also observed Threat Actor groups being highly active in the last week. Oilrig, an Iranian threat actor group popular for Information theft and espionage, was observed targeting Jordan with phishing emails. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section. Detailed Report: Interesting Vulnerabilities: Vendor CVEs Patch Link CVE-2022-26925* CVE-2022-22713* CVE-2022-29972* https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26925 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22713 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29972 *zero-day vulnerability Active Actors: Icon Name Origin Motive OilRig (APT 34, Helix Kitten, Twisted Kitten, Crambus , Chrysene, Cobalt Gypsy, TA452, IRN2, ATK 40, ITG13) Iran Information theft and espionage Targeted Location: Targeted Sectors: Common TTPs: TA0042: Resource Development TA0001: Initial Access TA0002: Execution TA0005: Defense Evasion TA0007: Discovery TA0011: Command and Control TA0010: Exfiltration TA0006: Credential Access T1588: Obtain Capabilities T1190: Exploit Public-Facing Application T1059: Command and Scripting Interpreter T1480: Execution Guardrails T1087: Account Discovery T1071: Application Layer Protocol T1041: Exfiltration Over C2 Channel T1557: Adversary-in-the-Middle T1588.006: Vulnerabilities T1059.001: PowerShell T1087.001: Local Account T1071.004: DNS T1059.003: Windows Command Shell T1083: File and Directory Discovery T1132: Data Encoding T1053: Scheduled Task/Job T1049: System Network Connections Discovery T1132.002: Non-Standard Encoding T1053.005: Scheduled Task T1568: Dynamic Resolution T1204: User Execution T1568.002: Domain Generation Algorithms T1204.002: Malicious File T1047: Windows Management Instrumentation Threat Advisories: Three zero-days addressed in Microsoft’s May 2022 Patch Tuesday OilRig is back with another Phishing Email attack, delivering the Saitama Backdoor

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Related for HIVEPRO:9ED793E90599B498499D6CB773C9F42F