UNKNOWN
Common Information
| Type | Value |
|---|---|
| UUID | c0982230-02cb-426e-9c4c-91ce522723eb |
| Fingerprint | 73355b7af31fdc77add2398f0d30aa56b99491217ae4c7d2b3082fa7576ffc41 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 11, 2023, 6:23 p.m. |
| Added to db | March 10, 2024, 2:56 a.m. |
| Last updated | Aug. 30, 2024, 10:33 p.m. |
| Headline | UNKNOWN |
| Title | UNKNOWN |
| Detected Hints/Tags/Attributes | 168/3/244 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT Ukraine | 49 | UAC-0056 |
|
| Details | CVE | 176 | cve-2023-23397 |
|
| Details | CVE | 117 | cve-2023-2868 |
|
| Details | CVE | 29 | cve-2022-41128 |
|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | CVE | 30 | cve-2023-21674 |
|
| Details | CVE | 43 | cve-2023-23529 |
|
| Details | CVE | 27 | cve-2023-21823 |
|
| Details | CVE | 20 | cve-2023-21715 |
|
| Details | CVE | 36 | cve-2023-23376 |
|
| Details | CVE | 24 | cve-2023-20963 |
|
| Details | CVE | 43 | cve-2023-24880 |
|
| Details | CVE | 14 | cve-2023-21768 |
|
| Details | CVE | 20 | cve-2023-0266 |
|
| Details | CVE | 26 | cve-2023-26083 |
|
| Details | CVE | 53 | cve-2023-28206 |
|
| Details | CVE | 54 | cve-2023-28205 |
|
| Details | CVE | 73 | cve-2023-28252 |
|
| Details | CVE | 48 | cve-2023-2033 |
|
| Details | CVE | 41 | cve-2023-2136 |
|
| Details | CVE | 15 | cve-2023-21492 |
|
| Details | CVE | 32 | cve-2023-28204 |
|
| Details | CVE | 33 | cve-2023-32373 |
|
| Details | CVE | 39 | cve-2023-32409 |
|
| Details | CVE | 46 | cve-2023-29336 |
|
| Details | CVE | 37 | cve-2023-3079 |
|
| Details | CVE | 61 | cve-2023-32434 |
|
| Details | CVE | 51 | cve-2023-32435 |
|
| Details | CVE | 48 | cve-2023-32439 |
|
| Details | CVE | 31 | cve-2022-44698 |
|
| Details | Domain | 13 | qianxin.com |
|
| Details | Domain | 58 | ti.qianxin.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 3 | mandiant.widen.net |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 20 | labs.withsecure.com |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 37 | blog.alyac.co.kr |
|
| Details | Domain | 434 | medium.com |
|
| Details | Domain | 84 | www.zscaler.com |
|
| Details | Domain | 65 | blog.cyble.com |
|
| Details | Domain | 13 | threatmon.io |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 55 | blog.google |
|
| Details | Domain | 11 | blog.virustotal.com |
|
| Details | Domain | 26 | www.jamf.com |
|
| Details | Domain | 141 | research.checkpoint.com |
|
| Details | Domain | 124 | www.sentinelone.com |
|
| Details | Domain | 22 | www.genians.co.kr |
|
| Details | Domain | 25 | www.nsa.gov |
|
| Details | Domain | 101 | www.group-ib.com |
|
| Details | Domain | 101 | www.elastic.co |
|
| Details | Domain | 23 | www.intezer.com |
|
| Details | Domain | 25 | www.cyfirma.com |
|
| Details | Domain | 27 | www.uptycs.com |
|
| Details | Domain | 20 | www.seqrite.com |
|
| Details | Domain | 53 | blogs.blackberry.com |
|
| Details | Domain | 83 | cert.gov.ua |
|
| Details | Domain | 137 | securityaffairs.com |
|
| Details | Domain | 99 | therecord.media |
|
| Details | Domain | 72 | symantec-enterprise-blogs.security.com |
|
| Details | Domain | 3 | mrtiepolo.medium.com |
|
| Details | Domain | 10 | informnapalm.org |
|
| Details | Domain | 12 | www.gov.pl |
|
| Details | Domain | 88 | securityintelligence.com |
|
| Details | Domain | 15 | blog.eclecticiq.com |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | Domain | 4 | www.viewintech.com |
|
| Details | Domain | 13 | www.prodaft.com |
|
| Details | Domain | 20 | www.trustwave.com |
|
| Details | Domain | 78 | socradar.io |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 4 | www.gov.il |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 128 | www.bitdefender.com |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 11 | interlab.or.kr |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 15 | www.barracuda.com |
|
| Details | 11 | ti_support@qianxin.com |
||
| Details | File | 199 | excel.exe |
|
| Details | File | 1 | 使用户登录系统时调用msbuild.exe |
|
| Details | File | 1 | çš„configsecuritypolicy.exe |
|
| Details | File | 1 | youdaodictdesk.exe |
|
| Details | File | 1 | 获得国内外奖项的军官图库.docx |
|
| Details | File | 1 | intelligence-report-2023.pdf |
|
| Details | File | 4 | apt43-investigation-into-north-korean.html |
|
| Details | File | 4 | threat_intelligence_report_apt37.pdf |
|
| Details | File | 1 | sandworm-targets-ukraine-swiftslicer.html |
|
| Details | File | 40 | gov.pl |
|
| Details | File | 4 | articledetails.html |
|
| Details | Interlab Threat Numbers | 6 | UCID902 |
|
| Details | Mandiant Uncategorized Groups | 54 | UNC4841 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 25 | DEV-1084 |
|
| Details | Threat Actor Identifier - APT-C | 102 | APT-C-35 |
|
| Details | Threat Actor Identifier - APT-C | 14 | APT-C-56 |
|
| Details | Threat Actor Identifier - APT-C | 79 | APT-C-23 |
|
| Details | Threat Actor Identifier - APT-C | 44 | APT-C-00 |
|
| Details | Threat Actor Identifier - APT-Q | 20 | APT-Q-27 |
|
| Details | Threat Actor Identifier - APT-Q | 9 | APT-Q-31 |
|
| Details | Threat Actor Identifier - APT-Q | 15 | APT-Q-12 |
|
| Details | Threat Actor Identifier - APT-Q | 3 | APT-Q-77 |
|
| Details | Threat Actor Identifier - APT-Q | 3 | APT-Q-78 |
|
| Details | Threat Actor Identifier - APT-Q | 1 | APT-Q-94 |
|
| Details | Threat Actor Identifier - APT-Q | 5 | APT-Q-20 |
|
| Details | Threat Actor Identifier - APT-Q | 4 | APT-Q-29 |
|
| Details | Threat Actor Identifier - APT-Q | 7 | APT-Q-37 |
|
| Details | Threat Actor Identifier - APT-Q | 9 | APT-Q-39 |
|
| Details | Threat Actor Identifier - APT-Q | 4 | APT-Q-1 |
|
| Details | Threat Actor Identifier - APT-Q | 11 | APT-Q-36 |
|
| Details | Threat Actor Identifier - APT-Q | 4 | APT-Q-2 |
|
| Details | Threat Actor Identifier - APT-Q | 4 | APT-Q-38 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Threat Actor Identifier - APT | 115 | APT43 |
|
| Details | Threat Actor Identifier - APT | 144 | APT38 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Threat Actor Identifier - APT | 258 | APT34 |
|
| Details | Threat Actor Identifier - APT | 194 | APT35 |
|
| Details | Threat Actor Identifier - APT | 121 | APT36 |
|
| Details | Threat Actor Identifier - FIN | 377 | FIN7 |
|
| Details | Url | 24 | https://ti.qianxin.com |
|
| Details | Url | 5 | https://securelist.com/the-lazarus-group-deathnote-campaign/109490 |
|
| Details | Url | 2 | https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/eq8nrfe3tkfg4nb8f49vla |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/w4hkbrjnwn1g32qcpannoa |
|
| Details | Url | 3 | https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds |
|
| Details | Url | 1 | https://labs.withsecure.com/content/dam/labs/docs/withsecure-lazarus-no-pineapple-threat- |
|
| Details | Url | 2 | https://asec.ahnlab.com/ko/47622 |
|
| Details | Url | 3 | https://asec.ahnlab.com/ko/47820 |
|
| Details | Url | 3 | https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/iagumg7umdfcb96hyhqrdw |
|
| Details | Url | 3 | https://asec.ahnlab.com/en/49295 |
|
| Details | Url | 2 | https://blog.alyac.co.kr/5102 |
|
| Details | Url | 2 | https://blog.alyac.co.kr/5103 |
|
| Details | Url | 2 | https://medium.com/s2wblog/kimsuky-group-appears-to-be-exploiting-onenote-like-the- |
|
| Details | Url | 4 | https://www.zscaler.com/blogs/security-research/unintentional-leak-glimpse-attack-vectors-apt37 |
|
| Details | Url | 1 | https://blog.cyble.com/2023/03/27/ghostsec-targeting-satellite-receivers |
|
| Details | Url | 3 | https://threatmon.io/chinotto-backdoor-technical-analysis-of-the-apt-reapers-powerful |
|
| Details | Url | 2 | https://www.mandiant.com/resources/blog/apt43-north-korea-cybercrime-espionage |
|
| Details | Url | 3 | https://asec.ahnlab.com/en/50625 |
|
| Details | Url | 6 | https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344 |
|
| Details | Url | 1 | https://blog.google/threat-analysis-group/how-were-protecting-users-from-government-backed- |
|
| Details | Url | 4 | https://blog.virustotal.com/2023/04/apt43-investigation-into-north-korean.html |
|
| Details | Url | 2 | https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply- |
|
| Details | Url | 2 | https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/# |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/icfz9vhygxz0cd8_0-phdq |
|
| Details | Url | 5 | https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link |
|
| Details | Url | 2 | https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global- |
|
| Details | Url | 4 | https://asec.ahnlab.com/ko/52662 |
|
| Details | Url | 5 | https://mp.weixin.qq.com/s/rjvwkh6ubetzuvtxje_bia |
|
| Details | Url | 2 | https://www.genians.co.kr/hubfs/blogfile/threat_intelligence_report_apt37.pdf?hslang=ko |
|
| Details | Url | 5 | https://asec.ahnlab.com/en/53132 |
|
| Details | Url | 2 | https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance- |
|
| Details | Url | 2 | https://threatmon.io/reverse-engineering-rokrat-a-closer-look-at-apt37s-onedrive-based-attack- |
|
| Details | Url | 1 | https://www.nsa.gov/press-room/press-releases-statements/press-release-view/article/3413621 |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/v5jgn15kvr4zgjpkceuovq |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/g3gujg9wc96nw4crpww6gw |
|
| Details | Url | 5 | https://www.group-ib.com/blog/dark-pink-apt |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/7kojlgehsgei7kudhfoika |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/_wmljf41etsbrqda3bjftq |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/w--fsifrhquaiv80auitzq |
|
| Details | Url | 3 | https://www.group-ib.com/blog/dark-pink-episode-2 |
|
| Details | Url | 5 | https://www.elastic.co/cn/security-labs/elastic-charms-spectralviper |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/jbaepcmvc80eoe8x0dnwkq |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/p7vxmhib5djl9zoe1obdww |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/7q2nulqlsofjsftbwqt2ka |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/rslbgqgtl_jzd73ajqi05q |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/sr-m-rrqyt3v2zkopbm-9g |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/xu7b3m-l2olai2bu7nbj0a |
|
| Details | Url | 3 | https://threatmon.io/apt-sidecopy-targeting-indian-government-entities |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/yx8ikapsr9vs3z2wsgdisw |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/rd03yh2ngrubume80d18uw |
|
| Details | Url | 1 | https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian- |
|
| Details | Url | 5 | https://mp.weixin.qq.com/s/lvsragnmsl3a1jeuubuvyw |
|
| Details | Url | 2 | https://ti.qianxin.com/blog/articles/analysis-of-sidecopy-group |
|
| Details | Url | 4 | https://blog.cyble.com/2023/03/21/notorious-sidecopy-apt-group-sets-sights-on-indias-drdo |
|
| Details | Url | 1 | https://ti.qianxin.com/blog/articles/heavy-shadows |
|
| Details | Url | 2 | https://www.intezer.com/blog/research/phishing-campaign-targets-nuclear-energy-industry |
|
| Details | Url | 3 | https://asec.ahnlab.com/ko/50851 |
|
| Details | Url | 2 | https://www.sentinelone.com/labs/transparent-tribe-apt36-pakistan-aligned-threat-actor-expands- |
|
| Details | Url | 1 | https://www.cyfirma.com/outofband/donot-apt-targets-individuals-in-south-asia-using-android- |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/so2rjbybqlcyb3avaumegg |
|
| Details | Url | 3 | https://www.uptycs.com/blog/cyber_espionage_in_india_decoding_apt_36_new_linux_malware |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/nk2zml2d0htk0hszykw2dw |
|
| Details | Url | 1 | https://ti.qianxin.com/blog/articles/sidecopy-group-launches-attacks-on-india-using-a-new- |
|
| Details | Url | 2 | https://www.seqrite.com/blog/transparent-tribe-apt-actively-lures-indian-army-amidst-increased- |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/lb_nyxhi9ijgmvi2wjy9qg |
|
| Details | Url | 2 | https://blogs.blackberry.com/en/2023/05/sidewinder-uses-server-side-polymorphism-to-target- |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/syk4ptmjloruogbmnd3hrg |
|
| Details | Url | 5 | https://www.group-ib.com/blog/hunting-sidewinder |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/g8osytvgrsv2773kwzyuha |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/dhqj9-0qlwvsqyh_ugdw2g |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/wu0vnmcf-fqyxibkzfzaew |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/h-zrvcofbzwz8ikyn5vu4w |
|
| Details | Url | 4 | https://www.mandiant.com/resources/blog/turla-galaxy-opportunity |
|
| Details | Url | 1 | https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian- |
|
| Details | Url | 3 | https://cert.gov.ua/article/3718487 |
|
| Details | Url | 1 | https://securityaffairs.com/141473/apt/sandworm-targets-ukraine-swiftslicer.html |
|
| Details | Url | 2 | https://therecord.media/latvia-confirms-phishing-attack-on-ministry-of-defense-linking-it-to- |
|
| Details | Url | 3 | https://cert.gov.ua/article/3761023 |
|
| Details | Url | 1 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine- |
|
| Details | Url | 1 | https://mrtiepolo.medium.com/russian-apt-gamaredon-exploits-hoaxshell-to-target-ukrainian- |
|
| Details | Url | 1 | https://mrtiepolo.medium.com/sophisticated-apt29-campaign-abuses-notion-api-to-target-the- |
|
| Details | Url | 1 | https://threatmon.io/beyond-bullets-and-bombs-an-examination-of-armageddon-groups-cyber- |
|
| Details | Url | 5 | https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine |
|
| Details | Url | 3 | https://informnapalm.org/en/hacked-russian-gru-officer |
|
| Details | Url | 3 | https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services |
|
| Details | Url | 1 | https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-domino-backdoor |
|
| Details | Url | 2 | https://blog.eclecticiq.com/exposed-web-panel-reveals-gamaredon-groups-automated-spear- |
|
| Details | Url | 4 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108 |
|
| Details | Url | 5 | https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552 |
|
| Details | Url | 3 | https://www.viewintech.com/html/articledetails.html?newsid=35 |
|
| Details | Url | 4 | https://labs.withsecure.com/publications/fin7-target-veeam-servers |
|
| Details | Url | 3 | https://www.prodaft.com/resource/detail/paperbug-nomadic-octopus-paperbug-campaign |
|
| Details | Url | 5 | https://cert.gov.ua/article/4492467 |
|
| Details | Url | 4 | https://cert.gov.ua/article/4501891 |
|
| Details | Url | 1 | https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/analyzing-the-ntc-vulkan-leak- |
|
| Details | Url | 2 | https://socradar.io/dark-web-profile-muddywater-apt-group |
|
| Details | Url | 1 | https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android- |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/23/b/new-apt34-malware-targets-the-middle-east. |
|
| Details | Url | 2 | https://www.gov.il/en/departments/news/_muddywater |
|
| Details | Url | 5 | https://mp.weixin.qq.com/s/nomfjajgydsoplbtioszpa |
|
| Details | Url | 3 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mantis-palestinian- |
|
| Details | Url | 2 | https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive- |
|
| Details | Url | 2 | https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint- |
|
| Details | Url | 4 | https://www.group-ib.com/blog/muddywater-infrastructure |
|
| Details | Url | 1 | https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-targeting- |
|
| Details | Url | 1 | https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans- |
|
| Details | Url | 3 | https://www.welivesecurity.com/2023/05/02/apt-groups-muddying-waters-msps |
|
| Details | Url | 2 | https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against- |
|
| Details | Url | 1 | https://ti.qianxin.com/blog/articles/analysis-of-recent-attacks-against-russia-by-the-suspected- |
|
| Details | Url | 2 | https://blogs.blackberry.com/en/2023/02/newspenguin-a-previously-unknown-threat-actor- |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/y8vvztwefng3mmih1kfxfw |
|
| Details | Url | 2 | https://www.elastic.co/cn/security-labs/elastic-security-labs-discovers-lobshot-malware |
|
| Details | Url | 4 | https://www.recordedfuture.com/oilalpha-likely-pro-houthi-group-targeting-arabian-peninsula |
|
| Details | Url | 6 | https://securelist.com/goldenjackal-apt-group/109677 |
|
| Details | Url | 2 | https://interlab.or.kr/archives/18979 |
|
| Details | Url | 1 | https://twitter.com/reddrip7/status/1640966547081662464 |
|
| Details | Url | 4 | https://securelist.com/operation-triangulation/109842 |
|
| Details | Url | 7 | https://www.barracuda.com/company/legal/esg-vulnerability |
|
| Details | Url | 4 | https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally |