Threat Trend Report on APT Groups
Common Information
| Type | Value |
|---|---|
| UUID | e5732e4e-60a1-4f86-84b3-a55bfe9255d6 |
| Fingerprint | ef6c69f1ad4f08605688ec9aaf3d501fc051d3114095c52e3cca85242ca25ff9 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 6, 2023, 2:50 p.m. |
| Added to db | March 10, 2024, 12:27 a.m. |
| Last updated | Sept. 22, 2024, 3:15 p.m. |
| Headline | Threat Trend Report on APT Groups |
| Title | Threat Trend Report on APT Groups |
| Detected Hints/Tags/Attributes | 183/3/72 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 269 | cve-2017-0199 |
|
| Details | Domain | 141 | research.checkpoint.com |
|
| Details | Domain | 101 | cert.pl |
|
| Details | Domain | 434 | medium.com |
|
| Details | Domain | 21 | lab52.io |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 8 | phdays.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 124 | www.sentinelone.com |
|
| Details | Domain | 44 | atip.ahnlab.com |
|
| Details | Domain | 118 | sekoia.io |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 58 | blog.sekoia.io |
|
| Details | Domain | 72 | symantec-enterprise-blogs.security.com |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 22 | www.genians.co.kr |
|
| Details | Domain | 13 | threatmon.io |
|
| Details | Domain | 144 | www.fortinet.com |
|
| Details | Domain | 53 | blogs.blackberry.com |
|
| Details | Domain | 101 | www.group-ib.com |
|
| Details | Domain | 6 | www.bridewell.com |
|
| Details | Domain | 20 | www.seqrite.com |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 98 | www.secureworks.com |
|
| Details | Domain | 54 | www.ahnlab.com |
|
| Details | File | 99 | cert.pl |
|
| Details | File | 1 | with-new-tricks.html |
|
| Details | File | 1 | final.ppam |
|
| Details | Threat Actor Identifier - APT-C | 83 | APT-C-36 |
|
| Details | Threat Actor Identifier - APT-Q | 11 | APT-Q-98 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Threat Actor Identifier - APT | 522 | APT41 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Threat Actor Identifier - APT | 121 | APT36 |
|
| Details | Url | 1 | https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli- |
|
| Details | Url | 252 | https://medium.com |
|
| Details | Url | 1 | https://blog.sekoia.io/apt28-leverages-multiple-phishing-techniques-to-target-ukrainian-civil-society |
|
| Details | Url | 1 | https://lab52.io/blog/2162-2 |
|
| Details | Url | 1 | https://ti.qianxin.com/blog/articles/subgroup-of-blind-eagle-analysis-of-recent-attack-activities-from- |
|
| Details | Url | 1 | https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router- |
|
| Details | Url | 4 | https://securelist.com/cloudwizard-apt/109722 |
|
| Details | Url | 5 | https://securelist.com/bad-magic-apt/109087 |
|
| Details | Url | 1 | https://phdays.com/en/broadcast/?tag=defense&talk=228 |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/23/e/attack-on-security-titans-earth-longzhi-returns- |
|
| Details | Url | 6 | https://securelist.com/goldenjackal-apt-group/109677 |
|
| Details | Url | 2 | https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global- |
|
| Details | Url | 5 | https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit |
|
| Details | Url | 1 | https://medium.com/s2wblog/detailed-analysis-of-alphaseed-a-new-version-of-kimsukys-appleseed- |
|
| Details | Url | 1 | https://atip.ahnlab.com/ti/contents/regular-report/monthly?i=80818237 |
|
| Details | Url | 5 | https://asec.ahnlab.com/en/53132 |
|
| Details | Url | 6 | https://blog.sekoia.io/bluenoroffs-rustbucket-campaign |
|
| Details | Url | 1 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell- |
|
| Details | Url | 4 | https://www.recordedfuture.com/oilalpha-likely-pro-houthi-group-targeting-arabian-peninsula |
|
| Details | Url | 5 | https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link |
|
| Details | Url | 5 | https://mp.weixin.qq.com/s/rjvwkh6ubetzuvtxje_bia |
|
| Details | Url | 3 | https://www.genians.co.kr/blog/threat_intelligence_report_apt37 |
|
| Details | Url | 2 | https://threatmon.io/reverse-engineering-rokrat-a-closer-look-at-apt37s-onedrive-based-attack- |
|
| Details | Url | 3 | https://asec.ahnlab.com/en/53377 |
|
| Details | Url | 1 | https://atip.ahnlab.com/ti/contents/asec-notes?i=9973a52b |
|
| Details | Url | 4 | https://www.fortinet.com/blog/threat-research/clean-rooms-nuclear-missiles-and-sidecopy |
|
| Details | Url | 2 | https://blogs.blackberry.com/en/2023/05/sidewinder-uses-server-side-polymorphism-to-target- |
|
| Details | Url | 5 | https://www.group-ib.com/blog/hunting-sidewinder |
|
| Details | Url | 1 | https://www.bridewell.com/insights/news/detail/the-distinctive-rattle-of-apt-sidewinder |
|
| Details | Url | 2 | https://www.seqrite.com/blog/transparent-tribe-apt-actively-lures-indian-army-amidst-increased- |
|
| Details | Url | 4 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a |
|
| Details | Url | 3 | https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical- |
|
| Details | Url | 1 | https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us- |
|
| Details | Url | 34 | https://www.ahnlab.com |
|
| Details | Url | 34 | https://asec.ahnlab.com/en |