ioc[.]one - OSINT Cyber Threat Intelligence Database

APT Group Trends in October 2024 - ASEC

Tags

cmtmf-attack-pattern:	Geofencing
country:	Australia Japan United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Clipboard Data - T1414 Credentials - T1589.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Geofencing - T1627.001 Geofencing - T1581 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Clipboard Data - T1115 Powershell - T1086 Remote Desktop Protocol - T1076

Show in Graph

Common Information

Type	Value
UUID	05805111-8aea-4fdd-9316-e6da72421661
Fingerprint	94a08b090f439783
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 11, 2024, 3 p.m.
Added to db	Nov. 14, 2024, 7:10 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	APT Group Trends in October 2024
Title	APT Group Trends in October 2024 - ASEC
Detected Hints/Tags/Attributes	84/4/15

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/en/84418/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	17	✔	ASEC	https://asec.ahnlab.com/en/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	8		cve-2023-43770
Details	Domain	88		secretsdump.py
Details	Domain	72		symantec-enterprise-blogs.security.com
Details	Domain	224		unit42.paloaltonetworks.com
Details	Domain	83		cert.gov.ua
Details	File	85		secretsdump.py
Details	File	6		browser.ps1
Details	md5	2		d93b1d195596dcc3d5fb41ca18006dfe
Details	Threat Actor Identifier - APT	783		APT28
Details	Threat Actor Identifier - APT	665		APT29
Details	Url	3		https://symantec-enterprise-blogs.security.com/threat-intelligence/stonefly-north-korea-extortion
Details	Url	3		https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware
Details	Url	2		https://mp.weixin.qq.com/s?__biz=mzuymjk4nzexma==&mid=2247501024&idx=1&sn=d93b1d195596dcc3d5fb41ca18006dfe
Details	Url	3		https://cert.gov.ua/article/6281123
Details	Url	3		https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files