Conhost2llayay

Adversary Software: New Content & Research Features: Multiple batches of new content—and new ways of interacting with it—are now available!

>Living-off-the-Land Utilites: We added 200 new Software Objects (such as Conhost) based on the popular LOLBAS open source community project

>New Analytics Source: The Analystics library was updated with a set of rules—mainly based on timely threats—from The DFIR Report

>Tags: Tidal-curated tags are now applied to thousands of knowledge base objects,  enabling research & pivoting around types of threats, reporting sources, & relevant detections

Ivanti VPN Zero-Day Vulnerabilities: CVE-2024-21887 and CVE-2023-46805

New Community User Content (Technique Set): This new Technique set from Community Edition user Nounou Mbeiri aggregates ATT&CK techniques associated with Avanti VPN 0-day vulnerabilities recently observed under active exploitation in the wild. Thanks Nounou for sharing research back with the community! 

Have your own great matrix or technique set to share? Let us know to be featured here.

2

APT29 TeamCity Exploits

Campaign: U.S. and international cybersecurity authorities just released an advisory highlighting recent, global threat activity associated with Russian intelligence services. Officials warned of the potential for supply chain impacts following exploits affecting a popular software development program. This new Campaign object documents observed initial access and post-exploit TTPs.