BCWH<p>MITRE ATT&CK & CISA CVE Mapping<br>I have a connection established with CISA's CVE JSON and MITRE ATT&CK's TAXII API. But how do I map them together?<br> <br><a href="https://wadebach.blackcatwhitehatsecurity.com/blogView.cfm?blogID=3#cvemapping" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">wadebach.blackcatwhitehatsecur</span><span class="invisible">ity.com/blogView.cfm?blogID=3#cvemapping</span></a><br> <br><a href="https://mastodon.social/tags/Blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Blog</span></a> <a href="https://mastodon.social/tags/MITRE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MITRE</span></a> <a href="https://mastodon.social/tags/ATTACK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ATTACK</span></a> <a href="https://mastodon.social/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Mapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mapping</span></a> <a href="https://mastodon.social/tags/Applications" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Applications</span></a></p>
#MITRE
0 posts0 participants0 posts today
Continued thread
His advice? "Be curious, ask why, and embrace continuous learning"
Sometimes the most unexpected journeys lead to the greatest impact 
#CyberCareers #MITRE #CareerPivot #TechCareers #ContinuousLearning
https://player.captivate.fm/episode/27376600-8898-454a-b6ba-3d3c24fa4749/
https://youtu.be/TTY9TKwRCM8
MITRE Updates List of Most Common Hardware Weaknesses – Source: www.securityweek.com https://ciso2ciso.com/mitre-updates-list-of-most-common-hardware-weaknesses-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #vulnerabilities #securityweekcom #securityweek #hardware #MITRE #CWE
CISO2CISO.COM & CYBER SECURITY GROUP · MITRE Updates List of Most Common Hardware Weaknesses – Source: www.securityweek.comSource: www.securityweek.com - Author: Ionut Arghire The non-profit MITRE Corporation this week published a revised CWE Most Important Hardware Weaknesse
MITRE Updates List of Most Common Hardware Weaknesses https://www.securityweek.com/mitre-updates-list-of-most-common-hardware-weaknesses/ #Vulnerabilities #hardware #MITRE #CWE
MITRE Updates List of Most Common Hardware Weaknesses https://www.securityweek.com/mitre-updates-list-of-most-common-hardware-weaknesses/ #Vulnerabilities #hardware #MITRE #CWE
Continued thread
#IOCs:
SHA256:
560afd97f03f2ed11bf0087d551ae45f2046d6d52f0fa3d7c1df882981e8b346
8b079bae684fd287c605de8acae338401a76a412c6a802faf2cf6e9ec0cf6224
0ba3b2871e0ad3b4fba615ea76e2d5f7cefa80e87468c6dcfc9b44feb1e5ea7a
C2dd4543678f514b5323944993552c106a3d250b0c35cf16c2bb2171ab0a0199
C23f6a4286dc18bbf1ff06420357da1af1132dddf37ad6f51d9915fccca6c97e
File names & directories:
Shields.msi
%USERPROFILE%\AppData\Local\Programs\Advanced PDF Shaper Ultimate\LdVBoxSVC.exe
C:\WINDOWS\system32\openwith.exe
URLs:
hxxps[:]//84.200[.]80.8/gateway/6caqmphx.fan5l
hxxps[:]//zerontwoposh[.]live/gateway/n5eepk7n.2a6s4
TLS Certificates:
SN: 29769a39032fdff8 | Thumb: 6f13c27a9150db7d02e1e1ff849921cc2bb0754e
SN: 3ac75d9f42ced25b2c4534f40d08b41ffefe4ab | Thumb: b938263deb95997f9d47ce9ef9817b5def90eafa
SN: 3b5db13bb882d9c4 | Thumb: f2b2e768359891f0543cd830d728c923bfc3c307
C2 JARM fingerprint:
3fd3fd20d0000000003fd3fd3fd3fd9c542afc474937e300923d7c192419b1
#MITRE Techniques:
Phishing (T1566)
User Execution: Malicious Copy and Paste (T1204.004)
System Binary Proxy Execution: Msiexec (T1218.007)
Virtualization/Sandbox Evasion: System Checks (T1497.001)
Hijack Execution Flow (T1574)
Obfuscated Files or Information: Steganography (T1027.003)
How #Rhadamanthys Stealer Slips Past Defenses using ClickFix
Rhadamanthys is now delivered via ClickFix, combining technical methods and social engineering to bypass automated security solutions, making detection and response especially challenging.
While earlier ClickFix campaigns mainly deployed #NetSupport RAT or #AsyncRAT, this C++ infostealer ranks in the upper tier for advanced evasion techniques and extensive data theft capabilities.
#ANYRUN Sandbox lets SOC teams observe and execute complex chains, revealing evasive behavior and providing intelligence that can be directly applied to detection rules, playbooks, and proactive hunting.
Execution Chain:
ClickFix 
msiexec exe-file infected system file PNG-stego payload
In a recent campaign, the phishing domain initiates a ClickFix flow (#MITRE T1566), prompting the user to execute a malicious MSI payload hosted on a remote server.
The installer is silently executed in memory (#MITRE T1218.007), deploying a stealer component into a disguised software directory under the user profile.
The dropped binary performs anti-VM checks (T1497.001) to avoid analysis.
In later stages, a compromised system file is used to initiate a TLS connection directly to an IP address, bypassing DNS monitoring.
For encryption, attackers use self-signed TLS certificates with mismatched fields (e.g., Issuer or Subject), creating distinctive indicators for threat hunting and expanding an organization’s visibility into its threat landscape.
The C2 delivers an obfuscated PNG containing additional payloads via steganography (T1027.003), extending dwell time and complicating detection.
See execution on a live system and download actionable report: https://app.any.run/tasks/a101654d-70f9-40a5-af56-1a8361b4ceb0/?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_term=120825&utm_content=linktoservice
Use these #ANYRUN TI Lookup search queries to track similar campaigns and enrich #IOCs with live attack data from threat investigations across 15K SOCs:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522threatName:%255C%2522clickfix%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522threatName:%255C%2522rhadamanthys%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522(threatName:%255C%2522clickfix%255C%2522%2520OR%2520threatName:%255C%2522susp-clipboard%255C%2522)%2520AND%2520threatName:%255C%2522netsupport%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522(threatName:%255C%2522clickfix%255C%2522%2520OR%2520threatName:%255C%2522susp-clipboard%255C%2522)%2520AND%2520threatName:%255C%2522asyncrat%255C%2522%2522,%2522dateRange%2522:180%7D
IOCs:
84.200[.]80.8
179.43[.]141.35
194.87[.]29.253
flaxergaurds[.]com
temopix[.]com
zerontwoposh[.]live
loanauto[.]cloud
wetotal[.]net
Find more indicators in the comments 
Protect critical assets with faster, deeper visibility into complex threats using #ANYRUN
MITRE: Russian APT28’s LameHug, a Pilot for Future AI Cyber-Attacks – Source: www.infosecurity-magazine.com https://ciso2ciso.com/mitre-russian-apt28s-lamehug-a-pilot-for-future-ai-cyber-attacks-source-www-infosecurity-magazine-com/ #rssfeedpostgeneratorecho #InfoSecurityMagazine #InfosecurityMagazine #CyberSecurityNews #MITRE
CISO2CISO.COM & CYBER SECURITY GROUP · MITRE: Russian APT28’s LameHug, a Pilot for Future AI Cyber-Attacks – Source: www.infosecurity-magazine.comSource: www.infosecurity-magazine.com - Author: Written by
From yesterday:
MITRE Launches New Framework to Tackle Crypto Risks https://www.infosecurity-magazine.com/news/mitre-launches-new-framework/
Infosecurity Magazine · MITRE Launches New Framework to Tackle Crypto Risks
MITRE Launches New Framework to Tackle Crypto Risks – Source: www.infosecurity-magazine.com https://ciso2ciso.com/mitre-launches-new-framework-to-tackle-crypto-risks-source-www-infosecurity-magazine-com/ #rssfeedpostgeneratorecho #InfoSecurityMagazine #InfosecurityMagazine #CyberSecurityNews #MITRE
CISO2CISO.COM & CYBER SECURITY GROUP · MITRE Launches New Framework to Tackle Crypto Risks – Source: www.infosecurity-magazine.comSource: www.infosecurity-magazine.com - Author: MITRE has launched a new cybersecurity framework aimed at addressing vulnerabilities in digital financial sy
MITRE Launches AADAPT Framework for Financial Systems – Source: www.darkreading.com https://ciso2ciso.com/mitre-launches-aadapt-framework-for-financial-systems-source-www-darkreading-com/ #rssfeedpostgeneratorecho #DarkReadingSecurity #CyberSecurityNews #DARKReading #MITRE
CISO2CISO.COM & CYBER SECURITY GROUP · MITRE Launches AADAPT Framework for Financial Systems – Source: www.darkreading.comSource: www.darkreading.com - Author: Kristina Beek Please enable cookies. Sorry, you have been blocked You are unable to ac
MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats https://www.securityweek.com/mitre-unveils-aadapt-framework-to-tackle-cryptocurrency-threats/ #RiskManagement #cryptocurrency #framework #AADAPT #MITRE
MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats https://www.securityweek.com/mitre-unveils-aadapt-framework-to-tackle-cryptocurrency-threats/ #RiskManagement #cryptocurrency #framework #AADAPT #MITRE
New MITRE framework takes aim at crypto threats https://www.helpnetsecurity.com/2025/07/14/mitre-aadapt-adversarial-actions-in-digital-asset-payment-technologies/ #Industrynews #MITRE
Help Net Security · New MITRE framework takes aim at crypto threats - Help Net SecurityMITRE has introduced AADAPT (Adversarial Actions in Digital Asset Payment Technologies), a new cybersecurity framework.
Kanvas: Open-source incident response case management tool https://www.helpnetsecurity.com/2025/07/09/kanvas-open-source-incident-response-case-management-tool/ #incidentresponse #cybersecurity #opensource #WithSecure #Don'tmiss #Hotstuff #software #GitHub #MITRE #News
Help Net Security · Kanvas: Open-source incident response case management tool - Help Net SecurityKanvas is an open-source incident response case management tool with a simple desktop interface, built in Python.
Защитные меры информационной безопасности как правило НЕ являются проактивными.
ML Defense Matrix — это комплексная коллекция 40+ техник защиты, специально разработанных для противодействия каждому вектору атак, задокументированному в фреймворке [MITRE ATLAS](https://atlas.mitre.org/).
Это очень верхнеуровневый документ, его определённо надо дорабатывать с коллегами, выстраивающими защиту.
atlas.mitre.orgMITRE ATLAS™
Call for support issued by @thecvefoundation to secure funding to ensure the sustainability and independence of the CVE Program.
https://www.admin-magazine.com/News/CVE-Foundation-Issues-Call-for-Support?utm_source=mam
#CVE #vulnerabilities #exposure #CNA #Roots #CISA #MITRE #foundation
Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques https://www.helpnetsecurity.com/2025/06/09/siem-detection-coverage/ #threatdetection #cybersecurity #CardinalOps #MITREATT&CK #framework #report #survey #MITRE #News #SIEM #SOC
Help Net Security · Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques - Help Net SecurityUsing the MITRE ATT&CK framework as a baseline, organizations are generally improving year-over-year in understanding SIEM detection coverage.