Threat Advisory
Common Information
| Type | Value |
|---|---|
| UUID | 511028e6-90df-4e89-8350-6e83ea1bad99 |
| Fingerprint | 91f582059375b9b03b39f25d5b88414c037046014966af1a80b4115288559c99 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 8, 2023, 5:55 p.m. |
| Added to db | Feb. 7, 2024, 7:37 p.m. |
| Last updated | Aug. 31, 2024, 2:03 a.m. |
| Headline | Threat Advisory |
| Title | Threat Advisory |
| Detected Hints/Tags/Attributes | 201/4/82 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT Ukraine | 19 | UAC-0028 |
|
| Details | CVE | 172 | cve-2022-30190 |
|
| Details | CVE | 168 | cve-2021-34473 |
|
| Details | CVE | 102 | cve-2021-40444 |
|
| Details | CVE | 14 | cve-2021-42321 |
|
| Details | CVE | 10 | cve-2020-17144 |
|
| Details | CVE | 71 | cve-2020-0688 |
|
| Details | CVE | 176 | cve-2023-23397 |
|
| Details | CVE | 2 | cve-2023-233397 |
|
| Details | CVE | 10 | cve-2021-42292 |
|
| Details | Domain | 3 | rar.zip |
|
| Details | Domain | 1 | bulletin.rar.zip |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 80 | portal.msrc.microsoft.com |
|
| Details | Domain | 452 | msrc.microsoft.com |
|
| Details | Domain | 2 | war.zip |
|
| Details | Domain | 2 | downloadfile.infinityfreeapp.com |
|
| Details | Domain | 2 | opendoc.infinityfreeapp.com |
|
| Details | Domain | 2 | downloadingf.infinityfreeapp.com |
|
| Details | Domain | 2 | downloaddoc.infinityfreeapp.com |
|
| Details | Domain | 2 | opendocument.infinityfreeapp.com |
|
| Details | Domain | 435 | www.hivepro.com |
|
| Details | File | 1 | brics_summit.rar |
|
| Details | File | 1 | ced_policy_backgrounder_brics_summit_final.pdf |
|
| Details | File | 1 | bulletin.rar |
|
| Details | File | 3 | 35-2023_en.pdf |
|
| Details | File | 1 | sede-pv-2023-10-09-1_en.docx |
|
| Details | File | 196 | desktop.ini |
|
| Details | File | 2 | sede-pv-2023-10-09-1_en.zip |
|
| Details | File | 23 | windowscodecs.dll |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 2 | war.zip |
|
| Details | File | 1 | war.docx |
|
| Details | File | 1 | downloadfile.inf |
|
| Details | File | 1 | opendoc.inf |
|
| Details | File | 1 | downloadingf.inf |
|
| Details | File | 1 | downloaddoc.inf |
|
| Details | File | 1 | opendocument.inf |
|
| Details | IBM X-Force - Threat Group Enumeration | 12 | ITG05 |
|
| Details | IPv4 | 3 | 89.96.196.150 |
|
| Details | MITRE ATT&CK Techniques | 116 | T1134 |
|
| Details | MITRE ATT&CK Techniques | 112 | T1098 |
|
| Details | MITRE ATT&CK Techniques | 66 | T1583 |
|
| Details | MITRE ATT&CK Techniques | 110 | T1588.006 |
|
| Details | MITRE ATT&CK Techniques | 60 | T1588.005 |
|
| Details | MITRE ATT&CK Techniques | 157 | T1560 |
|
| Details | MITRE ATT&CK Techniques | 125 | T1110 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 19 | T1586.002 |
|
| Details | MITRE ATT&CK Techniques | 534 | T1005 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 89 | T1114 |
|
| Details | MITRE ATT&CK Techniques | 245 | T1203 |
|
| Details | MITRE ATT&CK Techniques | 208 | T1068 |
|
| Details | MITRE ATT&CK Techniques | 58 | T1498 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1566.001 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1566.002 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 40 | T1221 |
|
| Details | MITRE ATT&CK Techniques | 106 | T1204.001 |
|
| Details | MITRE ATT&CK Techniques | 306 | T1078 |
|
| Details | MITRE ATT&CK Techniques | 145 | T1588 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier by NSA | 9 | SIG40 |
|
| Details | Threat Actor Identifier by Recorded Future | 6 | TAG-0700 |
|
| Details | Threat Actor Identifier by SecureWorks | 15 | TG-4127 |
|
| Details | Threat Actor Identifier by Tencent | 6 | T-APT-12 |
|
| Details | Threat Actor Identifier by Thales | 6 | ATK 5 |
|
| Details | Url | 3 | http://89.96.196.150:8080 |
|
| Details | Url | 2 | https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop- |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397 |
|
| Details | Url | 10 | https://attack.mitre.org/groups/g0007 |
|
| Details | Url | 1 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-30190 |
|
| Details | Url | 5 | https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-23397 |
|
| Details | Url | 1 | https://msrc.microsoft.com/update-guide/en-us/advisory/cve-2021-40444 |
|
| Details | Url | 1 | https://msrc.microsoft.com/update-guide/en-us/advisory/cve-2021-42292 |
|
| Details | Url | 1 | https://msrc.microsoft.com/update-guide/en-us/advisory/cve-2021-42321 |
|
| Details | Url | 1 | https://msrc.microsoft.com/update-guide/en-us/advisory/cve-2021-34473 |
|
| Details | Url | 1 | https://msrc.microsoft.com/update-guide/en-us/advisory/cve-2020-17144 |
|
| Details | Url | 1 | https://msrc.microsoft.com/update-guide/en-us/advisory/cve-2020-0688 |