Threat Advisory
Common Information
| Type | Value |
|---|---|
| UUID | ab5b6251-bf00-4e9b-9726-328dbae0bfc0 |
| Fingerprint | cba620b371465440a27463db5d5c2b3e9ed0626f61b594843ae0f3a8404468e6 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 28, 2023, 9:36 a.m. |
| Added to db | Feb. 7, 2024, 7:34 p.m. |
| Last updated | Aug. 31, 2024, 2:34 a.m. |
| Headline | Threat Advisory |
| Title | Threat Advisory |
| Detected Hints/Tags/Attributes | 97/4/80 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 39 | msstorageazure.com |
|
| Details | Domain | 41 | officestoragebox.com |
|
| Details | Domain | 40 | visualstudiofactory.com |
|
| Details | Domain | 40 | azuredeploystore.com |
|
| Details | Domain | 42 | msstorageboxes.com |
|
| Details | Domain | 41 | officeaddons.com |
|
| Details | Domain | 39 | sourceslabs.com |
|
| Details | Domain | 41 | zacharryblogs.com |
|
| Details | Domain | 41 | pbxcloudeservices.com |
|
| Details | Domain | 41 | pbxphonenetwork.com |
|
| Details | Domain | 40 | akamaitechcloudservices.com |
|
| Details | Domain | 40 | azureonlinestorage.com |
|
| Details | Domain | 40 | msedgepackageinfo.com |
|
| Details | Domain | 41 | glcloudservice.com |
|
| Details | Domain | 42 | pbxsources.com |
|
| Details | Domain | 37 | sbmsa.wiki |
|
| Details | Domain | 98 | www.ncsc.gov.uk |
|
| Details | Domain | 2 | s3.documentcloud.org |
|
| Details | Domain | 435 | www.hivepro.com |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | File | 2 | s3.doc |
|
| Details | File | 1 | advisoryeng.pdf |
|
| Details | md5 | 2 | 316c088874a5dfb8b8c1c4b259329257 |
|
| Details | md5 | 2 | 33ca34605e8077047e30e764f5182df0 |
|
| Details | md5 | 8 | d5101c3b86d973a848ab7ed79cd11e5a |
|
| Details | md5 | 6 | 660ea9b8205fbd2da59fefd26ae5115c |
|
| Details | md5 | 3 | 5faf36ca90f6406a78124f538a03387a |
|
| Details | sha1 | 7 | 3dc840d32ce86cebf657b17cef62814646ba8e98 |
|
| Details | sha1 | 9 | 769383fc65d1386dd141c960c9970114547da0c2 |
|
| Details | sha1 | 5 | 9e9a5f8d86356796162cee881c843cde9eaedfb3 |
|
| Details | IBM X-Force - Threat Group Enumeration | 6 | ITG03 |
|
| Details | IPv4 | 7 | 1.0.0.26 |
|
| Details | Mandiant Uncategorized Groups | 9 | UNC577 |
|
| Details | Mandiant Uncategorized Groups | 44 | UNC2970 |
|
| Details | Mandiant Uncategorized Groups | 16 | UNC4034 |
|
| Details | Mandiant Uncategorized Groups | 59 | UNC4736 |
|
| Details | Mandiant Uncategorized Groups | 21 | UNC4899 |
|
| Details | MITRE ATT&CK Techniques | 542 | T1190 |
|
| Details | MITRE ATT&CK Techniques | 120 | T1129 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | MITRE ATT&CK Techniques | 348 | T1036 |
|
| Details | MITRE ATT&CK Techniques | 11 | T1563 |
|
| Details | MITRE ATT&CK Techniques | 550 | T1112 |
|
| Details | MITRE ATT&CK Techniques | 152 | T1056 |
|
| Details | MITRE ATT&CK Techniques | 501 | T1012 |
|
| Details | MITRE ATT&CK Techniques | 243 | T1018 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 141 | T1518.001 |
|
| Details | MITRE ATT&CK Techniques | 444 | T1071 |
|
| Details | MITRE ATT&CK Techniques | 159 | T1095 |
|
| Details | MITRE ATT&CK Techniques | 492 | T1105 |
|
| Details | MITRE ATT&CK Techniques | 110 | T1588.006 |
|
| Details | MITRE ATT&CK Techniques | 163 | T1573 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 24 | DEV-0139 |
|
| Details | Threat Actor Identifier - APT-C | 30 | APT-C-26 |
|
| Details | Threat Actor Identifier by Red Alert | 39 | SectorA01 |
|
| Details | Threat Actor Identifier by Thales | 7 | ATK 3 |
|
| Details | Url | 3 | https://msstorageazure.com/analysis |
|
| Details | Url | 3 | https://officestoragebox.com/api/biosync |
|
| Details | Url | 3 | https://visualstudiofactory.com/groupcore |
|
| Details | Url | 3 | https://azuredeploystore.com/cloud/images |
|
| Details | Url | 3 | https://msstorageboxes.com/xbox |
|
| Details | Url | 3 | https://officeaddons.com/quality |
|
| Details | Url | 3 | https://sourceslabs.com/status |
|
| Details | Url | 3 | https://zacharryblogs.com/xmlquery |
|
| Details | Url | 3 | https://pbxcloudeservices.com/network |
|
| Details | Url | 3 | https://pbxphonenetwork.com/phone |
|
| Details | Url | 4 | https://akamaitechcloudservices.com/v2/fileapi |
|
| Details | Url | 3 | https://azureonlinestorage.com/google/storage |
|
| Details | Url | 3 | https://msedgepackageinfo.com/ms-webview |
|
| Details | Url | 3 | https://glcloudservice.com/v1/status |
|
| Details | Url | 4 | https://pbxsources.com/queue |
|
| Details | Url | 8 | https://sbmsa.wiki/blog/_insert |
|
| Details | Url | 1 | https://www.ncsc.gov.uk/news/uk-republic-of-korea-issue-warning-dprk-state-linked- |
|
| Details | Url | 1 | https://s3.documentcloud.org/documents/24174869/rok-uk-joint-cyber-security- |
|
| Details | Url | 1 | https://www.hivepro.com/threat-advisory/smoothoperator-campaign-trojanizes- |
|
| Details | Url | 1 | https://www.hivepro.com/threat-advisory/malicious-dprk-actors-target-the-healthcare- |
|
| Details | Url | 1 | https://www.hivepro.com/threat-advisory/lazarus-group-orchestrates-supply-chain- |
|
| Details | Url | 2 | https://asec.ahnlab.com/en/57736 |