HTran network tunneling potentially associated with APT10 (MENUPASS) was detected

LetsDefend Monitoring Alert

Oct, 08, 2024, 08:26 AM

Event ID: 308

Event Time: Oct, 08, 2024, 08:26 AM

Rule Name: SOC330 - HTran network tunneling potentially associated with APT10 (MENUPASS) was detected

Alert Type: APT Group

MITRE Technique:

T1053.003 - Persistence - Scheduled Task/Job: Cron,

T1078 - Initial Access - Valid Accounts,

T1110 - Credential Access - Brute Force,

T1133 - Initial Access - External Remote Services,

T1087 - Discovery - Account Discovery,

T1083 - Discovery - File and Directory Discovery,

T1572 - Command and Control - Protocol Tunneling,

T1090 - Command and Control - Proxy,

T1016 - Discovery - System Network Configuration Discovery,

T1059.004 - Execution - Command and Scripting Interpreter: Unix Shell,

T1071.001 - Command and Control - Application Layer Protocol: Web Protocols,

T1049 - Discovery - System Network Connections Discovery,

T1070.003 - Defense Evasion - Indicator Removal: Clear Command History,

Severity: High

Incident Responder

45305 Catalina ct. Suite 150, Sterling VA 20166