indicators of compromise

  1. AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

    Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint...
    • News
    • Thread
    • active directory apt attack techniques cisa critical infrastructure cve-2021-44077 cybersecurity exploitation fbi indicators of compromise it consulting mitigation rce remote code servicedesk threat actor update vulnerability webshells zoho
    • Replies: 0
    • Forum: Security Alerts

  2. VIDEO AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

    Original release date: March 18, 2021 Summary This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following...
    • News
    • Thread
    • apt chirp cisa communication companion tool compromise forensic analysis forensics guidance incident response indicators of compromise malware network defense security siem solarwinds threat activity threat detection windows yara
    • Replies: 0
    • Forum: Security Alerts

  3. AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities

    Original release date: March 3, 2021 Summary Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute...
    • News
    • Thread
    • active directory cve-2021-26855 cybersecurity exchange server forensic analysis incident response indicators of compromise malicious activity microsoft mitigations monitoring network security patches remote code execution security tactics threat intelligence user-agents vulnerabilities webshells
    • Replies: 0
    • Forum: Security Alerts

  4. AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity

    Original release date: September 1, 2020 Summary This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[Link Removed] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[Link Removed] It...
    • News
    • Thread
    • access control cybersecurity data exfiltration data protection firewall security incident management incident response indicators of compromise log management malicious activity mitigation techniques monitoring tools network security network segmentation remote access system administration threat analysis user education user training vulnerability assessment
    • Replies: 0
    • Forum: Security Alerts

  5. AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations...
    • News
    • Thread
    • active directory cisa credential dumping cve-2019-11510 cybersecurity detection exploitation incident response indicators of compromise iocs lateral movement mitigation network security pulse secure ransomware remote access remote services threat actor vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  6. AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor

    Original release date: July 1, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the...
    • News
    • Thread
    • anonymity apt cisa command and control cybersecurity data exfiltration data manipulation denial of service exploitation fbi incident response indicators of compromise malicious activity network monitoring network security reconnaissance risk mitigation security tools threat actors tor
    • Replies: 0
    • Forum: Security Alerts

  7. AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update...
    • News
    • Thread
    • active directory credential theft cve-2019-11510 cyber threat cybersecurity data exfiltration detection exploitation incident response indicators of compromise lateral movement malware mitigation network security patching pulse secure remote access threat actor vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  8. AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

    Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...
    • News
    • Thread
    • apt groups cisa covid-19 credential theft cyber attacks cybersecurity exploitation indicators of compromise malicious software malware mitigation ncsc phishing ransomware remote access scams social engineering teleconferencing teleworking vpn
    • Replies: 0
    • Forum: Security Alerts

  9. AA19-339A: Dridex Malware

    Original release date: December 5, 2019 Summary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share...
    • News
    • Thread
    • bots cisa cybersecurity data breach dridex exploits financial fincen indicators of compromise intrusion detection intrusion prevention malspam malware mitigation phishing privacy ransomware security best practices trojan vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  10. TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

    Original release date: April 16, 2018 Systems Affected Generic Routing Encapsulation (GRE) Enabled Devices Cisco Smart Install (SMI) Enabled Devices Simple Network Management Protocol (SNMP) Enabled Network Devices Overview This joint Technical Alert (TA) is the result of analytic efforts...
    • News
    • Thread
    • command and control critical infrastructure cybersecurity dhs espionage exploitation fbi hacking indicators of compromise infrastructure international security legacy protocols malware mitigation network devices russian actors smart install snmp telnet tftp
    • Replies: 0
    • Forum: Security Alerts

  11. TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

    Original release date: March 15, 2018 Systems Affected Domain Controllers File Servers Email Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...
    • News
    • Thread
    • critical infrastructure cyber kill chain cybersecurity dhs email security energy sector fbi incident response indicators of compromise industrial control systems intrusion detection malicious activity malware network security remote access russian government spear phishing technical alert threat actors watering hole attack
    • Replies: 0
    • Forum: Security Alerts

  12. TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer

    Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS...
    • News
    • Thread
    • backdoor trojan botnet cybersecurity dhs fbi hidden cobra incident response indicators of compromise ip addresses malicious activity malware malware analysis mitigation network defense network security north korea spear phishing trojan user-agent volgmer
    • Replies: 0
    • Forum: Security Alerts

  13. TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL

    Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS...
    • News
    • Thread
    • command and control cybersecurity dhs fallchill fbi hidden cobra incident response indicators of compromise ip addresses malware malware analysis malware detection mitigation techniques network defense network security north korea remote administration tool system information threat report tls communications
    • Replies: 0
    • Forum: Security Alerts

  14. TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical...

    Original release date: October 20, 2017 Systems Affected Domain Controllers File Servers Email Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...
    • News
    • Thread
    • apt control systems credential harvesting cyber espionage cybersecurity dhs energy sector fbi ics incident response indicators of compromise malicious activity malware network security scada spear phishing staging targets technical alert threat detection watering hole attack
    • Replies: 0
    • Forum: Security Alerts

  15. TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

    Original release date: June 13, 2017 | Last revised: July 07, 2017 Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...
    • News
    • Thread
    • application vulnerabilities botnet cyber attacks cybersecurity ddos deltacharlie dhs fbi hidden cobra incident response indicators of compromise ip addresses lazarus group malware mitigation network security north korea security advisory software patch threat intelligence
    • Replies: 0
    • Forum: Security Alerts

  16. TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors

    Original release date: April 27, 2017 Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial...
    • News
    • Thread
    • attack vectors credential theft cybersecurity data breach defense strategies indicators of compromise intrusion it security it service providers malware nccic network security network traffic plugx rat redleaves risk evaluation threat actors vulnerability windows
    • Replies: 0
    • Forum: Security Alerts

  17. TA14-212A: Backoff Point-of-Sale Malware

    Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and...
    • News
    • Thread
    • anti-virus backoff brute force command and control consumer data cybersecurity data breach exfiltration financial sector indicators of compromise keylogging malware mitigation network security payment systems persistence techniques point-of-sale remote desktop security solutions threat detection
    • Replies: 0
    • Forum: Security Alerts