Threat Trend Report on APT Groups
Common Information
| Type | Value |
|---|---|
| UUID | 59c3497a-9c81-4b54-bfec-00f398e55d2c |
| Fingerprint | 7434e26de9636ac82b30f7a9e14cb3f4dc80475dcf1b79372d2fa81ab7189135 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 23, 2023, 8:38 a.m. |
| Added to db | May 24, 2024, 5:20 p.m. |
| Last updated | Aug. 31, 2024, 8:31 a.m. |
| Headline | Threat Trend Report on APT Groups |
| Title | Threat Trend Report on APT Groups |
| Detected Hints/Tags/Attributes | 186/4/71 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 172 | cve-2022-30190 |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 15 | blog.eclecticiq.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 12 | www.verfassungsschutz.de |
|
| Details | Domain | 58 | ti.qianxin.com |
|
| Details | Domain | 124 | www.sentinelone.com |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 72 | symantec-enterprise-blogs.security.com |
|
| Details | Domain | 34 | file.io |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 21 | nao-sec.org |
|
| Details | Domain | 13 | hitcon.org |
|
| Details | Domain | 98 | www.ncsc.gov.uk |
|
| Details | Domain | 3 | www.yna.co.kr |
|
| Details | Domain | 5 | www.hauri.co.kr |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 44 | atip.ahnlab.com |
|
| Details | Domain | 9 | conference.hitb.org |
|
| Details | Domain | 45 | www.reversinglabs.com |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 434 | medium.com |
|
| Details | Domain | 23 | paper.seebug.org |
|
| Details | Domain | 54 | www.ahnlab.com |
|
| Details | File | 1 | brief.html |
|
| Details | File | 2 | cyberespionage.html |
|
| Details | File | 2 | groundpeony-crawling-with-malice.html |
|
| Details | File | 1 | security_view.html |
|
| Details | File | 1 | %20dongwook%20kim.pdf |
|
| Details | Microsoft Threat Actor Naming Taxonomy (Groups in development) | 3 | Storm-0401 |
|
| Details | Threat Actor Identifier - APT-C | 22 | APT-C-08 |
|
| Details | Threat Actor Identifier - APT-K | 10 | APT-K-47 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Threat Actor Identifier - APT | 166 | APT31 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Threat Actor Identifier - APT | 85 | APT15 |
|
| Details | Threat Actor Identifier by Recorded Future | 24 | TAG-53 |
|
| Details | Url | 3 | https://asec.ahnlab.com/en/56405 |
|
| Details | Url | 5 | https://blog.talosintelligence.com/lazarus-collectionrat |
|
| Details | Url | 4 | https://blog.talosintelligence.com/lazarus-quiterat |
|
| Details | Url | 1 | https://blog.eclecticiq.com/german-embassy-lure-likely-part-of-campaign-against-nato-aligned- |
|
| Details | Url | 1 | https://securelist.com/common-ttps-of-attacks-against-industrial-organizations/110319 |
|
| Details | Url | 1 | https://www.verfassungsschutz.de/shareddocs/publikationen/de/cyberabwehr/2023-02-bfv-cyber- |
|
| Details | Url | 1 | https://ti.qianxin.com/blog/articles/persistence-in-shadows-recent-analysis-of-magnolia-attacks-cn |
|
| Details | Url | 2 | https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector |
|
| Details | Url | 1 | https://www.recordedfuture.com/bluecharlie-previously-tracked-as-tag-53-continues-to-deploy-new- |
|
| Details | Url | 1 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/carderbee-software-supply- |
|
| Details | Url | 1 | https://www.recordedfuture.com/redhotel-a-prolific-chinese-state-sponsored-group-operating-at-a- |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for- |
|
| Details | Url | 1 | https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software- |
|
| Details | Url | 2 | https://nao-sec.org/2023/08/groundpeony-crawling-with-malice.html |
|
| Details | Url | 2 | https://hitcon.org/2023/cmt/en/agenda/e8fe6942-9c60-419a-b9a0-dbda80a27ad0 |
|
| Details | Url | 1 | https://www.ncsc.gov.uk/section/keep-up-to-date/malware-analysis-reports |
|
| Details | Url | 1 | https://www.yna.co.kr/view/akr20230818133200061?input=1195m |
|
| Details | Url | 1 | https://www.hauri.co.kr/security/security_view.html?intseq=53&page=1&keyfield=&key= |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s?__biz=mzuymjk4nzexma==&mid=2247493300&idx=1&sn=614dda72d95b5df |
|
| Details | Url | 1 | https://atip.ahnlab.com/ti/contents/regular-report/monthly?i=f14822dd |
|
| Details | Url | 1 | https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian- |
|
| Details | Url | 1 | https://conference.hitb.org/hitbsecconf2023hkt/session/lazarus-groups-undercover-operations |
|
| Details | Url | 1 | https://conference.hitb.org/hitbsecconf2023hkt/materials/d1t2%20-%20lazarus%20groups%20underc |
|
| Details | Url | 1 | https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open- |
|
| Details | Url | 4 | https://www.reversinglabs.com/blog/vmconnect-supply-chain-campaign-continues |
|
| Details | Url | 1 | https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign- |
|
| Details | Url | 252 | https://medium.com |
|
| Details | Url | 1 | https://paper.seebug.org/2092 |
|
| Details | Url | 1 | https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted- |
|
| Details | Url | 2 | https://asec.ahnlab.com/en/55569 |
|
| Details | Url | 34 | https://www.ahnlab.com |
|
| Details | Url | 34 | https://asec.ahnlab.com/en |