Threat Advisory
Common Information
| Type | Value |
|---|---|
| UUID | d1fe538c-c375-4d53-934a-b4792961ec20 |
| Fingerprint | 5a5270a6591554c4ab78f4a7e0f5804d5ad3a6297b27bbb60232471d637726bc |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 19, 2023, 6:34 p.m. |
| Added to db | Feb. 7, 2024, 7:29 p.m. |
| Last updated | Aug. 31, 2024, 2:28 a.m. |
| Headline | Threat Advisory |
| Title | Threat Advisory |
| Detected Hints/Tags/Attributes | 92/2/78 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 53 | cve-2023-42793 |
|
| Details | Domain | 1 | www.bandarpowder.com |
|
| Details | Domain | 1 | petro.com |
|
| Details | Domain | 1 | www.mge.sn |
|
| Details | Domain | 1 | feed.zip |
|
| Details | Domain | 1 | feedmd.zip |
|
| Details | Domain | 1 | vadtalmandir.org |
|
| Details | Domain | 1 | commune-fraita.ma |
|
| Details | Domain | 180 | readme.md |
|
| Details | Domain | 1 | dersmarketim.com |
|
| Details | Domain | 4 | olidhealth.com |
|
| Details | Domain | 1 | galerielamy.com |
|
| Details | Domain | 1 | 3dkit.org |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 9 | www.jetbrains.com |
|
| Details | Domain | 2 | download.jetbrains.com |
|
| Details | Domain | 2 | cve-2023-42793-fix-2018-1.zip |
|
| Details | Domain | 2 | versions.zip |
|
| Details | Domain | 435 | www.hivepro.com |
|
| Details | File | 1 | cfg.png |
|
| Details | File | 1 | user64.png |
|
| Details | File | 1 | feed.zip |
|
| Details | File | 1 | feedmd.zip |
|
| Details | File | 23 | about.php |
|
| Details | File | 17 | contact.php |
|
| Details | File | 1 | imgr.ico |
|
| Details | File | 1 | bottom.gif |
|
| Details | File | 2 | c:\programdata\forest64.exe |
|
| Details | File | 1 | c:\programdata\dsrole.dll |
|
| Details | File | 1 | c:\programdata\version.dll |
|
| Details | File | 1 | c:\programdata\wsmprovhost.exe |
|
| Details | File | 1 | c:\programdata\clip.exe |
|
| Details | File | 2 | c:\windows\temp\temp.exe |
|
| Details | File | 2 | c:\windows\adfs\bg\inetmgr.exe |
|
| Details | File | 2 | other.html |
|
| Details | File | 2 | cve-2023-42793-fix-2018-1.zip |
|
| Details | File | 2 | versions.zip |
|
| Details | IBM X-Force - Threat Group Enumeration | 6 | ITG03 |
|
| Details | IPv4 | 2 | 147.78.149.201 |
|
| Details | IPv4 | 3 | 162.19.71.175 |
|
| Details | Mandiant Temporary Group Assumption | 22 | TEMP.EXE |
|
| Details | Mandiant Uncategorized Groups | 9 | UNC577 |
|
| Details | Mandiant Uncategorized Groups | 44 | UNC2970 |
|
| Details | Mandiant Uncategorized Groups | 16 | UNC4034 |
|
| Details | Mandiant Uncategorized Groups | 59 | UNC4736 |
|
| Details | Mandiant Uncategorized Groups | 21 | UNC4899 |
|
| Details | MITRE ATT&CK Techniques | 145 | T1588 |
|
| Details | MITRE ATT&CK Techniques | 110 | T1588.006 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 460 | T1059.001 |
|
| Details | MITRE ATT&CK Techniques | 164 | T1574 |
|
| Details | MITRE ATT&CK Techniques | 70 | T1574.001 |
|
| Details | MITRE ATT&CK Techniques | 492 | T1105 |
|
| Details | MITRE ATT&CK Techniques | 86 | T1136 |
|
| Details | MITRE ATT&CK Techniques | 159 | T1021 |
|
| Details | MITRE ATT&CK Techniques | 160 | T1021.001 |
|
| Details | MITRE ATT&CK Techniques | 289 | T1003 |
|
| Details | MITRE ATT&CK Techniques | 173 | T1003.001 |
|
| Details | MITRE ATT&CK Techniques | 100 | T1007 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 24 | DEV-0139 |
|
| Details | Threat Actor Identifier - APT-C | 30 | APT-C-26 |
|
| Details | Threat Actor Identifier by Red Alert | 39 | SectorA01 |
|
| Details | Threat Actor Identifier by Thales | 7 | ATK 3 |
|
| Details | Url | 1 | http://www.bandarpowder.com/public/assets/img/cfg.png |
|
| Details | Url | 1 | https://www.bandarpowder.com/public/assets/img/cfg.png |
|
| Details | Url | 1 | http://www.aeon |
|
| Details | Url | 1 | http://www.bandarpowder.com/public/assets/img/user64.png |
|
| Details | Url | 1 | https://www.bandarpowder.com/public/assets/img/user64.png |
|
| Details | Url | 1 | http://www.mge.sn/themes/classic/modules/ps_rssfeed/feed.zip |
|
| Details | Url | 1 | http://www.mge.sn/themes/classic/modules/ps_rssfeed/feedmd.zip |
|
| Details | Url | 1 | https://vadtalmandir.org/admin/ckeditor/plugins/icontact/about.php |
|
| Details | Url | 1 | https://commune-fraita.ma/wp-content/plugins/wp- |
|
| Details | Url | 1 | http://147.78.149.201:9090/imgr.ico |
|
| Details | Url | 1 | http://162.19.71.175:7443/bottom.gif |
|
| Details | Url | 2 | https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat- |
|
| Details | Url | 2 | https://www.jetbrains.com/teamcity/download/other.html |
|
| Details | Url | 2 | https://download.jetbrains.com/teamcity/plugins/internal/cve-2023-42793-fix-2018-1.zip |
|
| Details | Url | 1 | https://download.jetbrains.com/teamcity/plugins/internal/cve-2023-42793-fix-recent- |