安全事件周报 2023-05-22 第21周
Tags
country: Brazil Cuba Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Hypervisor - T1062 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 1c285794-2171-4639-a40e-d3e815d3662e
Fingerprint fcc648264387e4da
Analysis status DONE
Considered CTI value 2
Text language
Published May 22, 2023, midnight
Added to db June 5, 2023, 2:20 p.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline 安全事件周报 2023-05-22 第21周
Title 安全事件周报 2023-05-22 第21周
Detected Hints/Tags/Attributes 95/3/106
Source URLs
Redirection Url
Details Source https://mp.weixin.qq.com/s?__biz=MzU5MjEzOTM3NA==&mid=2247492180&idx=1&sn=727371926b0c15f3777034feb2e8cf88&chksm=fe26e755c9516e435289b49bec0e4549f9253967ae58e2d14de1474b77aa193a7c458be955b5&scene=58&subscene=0#rd
URL Provider
Details Provider Source level domain
Details qq.com mp.weixin.qq.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 263 三六零CERT https://wechat2rss.xlab.app/feed/2dbce2e5f7b49dc8415db7a0ab325929e0f5d8c3.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CERT 360 CN 1 
CERT-R-2023-186
Details CVE 15 
cve-2023-21492
Details CVE 39 
cve-2023-32409
Details CVE 33 
cve-2023-32373
Details CVE 15 
cve-2023-2825
Details CVE 14 
cve-2023-32165
Details CVE 6 
cve-2023-32169
Details CVE 7 
cve-2023-28131
Details Domain 280 
thehackernews.com
Details Domain 3 
collab.land
Details Domain 99 
therecord.media
Details Domain 138 
www.darkreading.com
Details Domain 22 
www.genians.co.kr
Details Domain 208 
mp.weixin.qq.com
Details Domain 403 
securelist.com
Details Domain 83 
cert.gov.ua
Details Domain 58 
blog.sekoia.io
Details Domain 124 
www.sentinelone.com
Details Domain 144 
www.fortinet.com
Details Domain 91 
360.net
Details Domain 100 
cert.360.cn
Details File 1 
water-orthrus-copperstealer-malware.html
Details File 1 
web服务器进程w3wp.exe
Details File 1 
收到感染的服务器上的另一个恶意软件diagn.dll
Details File 384 
www.inf
Details File 1 
dark-frost-botnet-launches-devastating.html
Details File 5 
8.pdf
Details File 4 
threat_intelligence_report_apt37.pdf
Details File 1 
new-powerexchange-backdoor-used-in.html
Details File 1 
netgear-routers-flaws-expose-users-to.html
Details File 1 
samsung-devices-under-active.html
Details File 1 
new-michaelkors-ransomware-as-service.html
Details File 2 
notorious-cyber-gang-fin7-returns-cl0p.html
Details IPv4 5 
1.0.10.94
Details IPv4 3 
2.0.1.27
Details IPv4 3 
2.0.1.28
Details Microsoft Patch Numbers 4 
KB5026446
Details Threat Actor Identifier - APT-C 15 
APT-C-28
Details Threat Actor Identifier - APT-C 16 
APT-C-09
Details Threat Actor Identifier - APT-Q 11 
APT-Q-36
Details Threat Actor Identifier - APT 258 
APT34
Details Threat Actor Identifier - FIN 377 
FIN7
Details Url 1 
https://www.bleepingcomputer.com/news/security/new-ahrat-android-malware-hidden-in-app-with-50-000-installs
Details Url 1 
https://thehackernews.com/2023/05/water-orthrus-copperstealer-malware.html
Details Url 1 
https://www.bleepingcomputer.com/news/security/crypto-phishing-service-inferno-drainer-defrauds-thousands-of-victims
Details Url 2 
https://www.bleepingcomputer.com/news/security/new-powerexchange-malware-backdoors-microsoft-exchange-servers
Details Url 1 
https://www.scmagazine.com/perspective/cybercrime/how-the-iloveyou-worm-exposed-human-beings-as-the-achilles-heel-of-cybersecurity
Details Url 1 
https://www.infosecurity-magazine.com/news/lazarus-group-microsoft-servers?utm_source=twitterfeed&utm_medium=twitter
Details Url 1 
https://www.bleepingcomputer.com/news/security/predator-looking-under-the-hood-of-intellexas-android-spyware
Details Url 1 
https://www.bleepingcomputer.com/news/security/new-russian-linked-cosmicenergy-malware-targets-industrial-systems
Details Url 1 
https://thehackernews.com/2023/05/dark-frost-botnet-launches-devastating.html
Details Url 1 
https://therecord.media/lancefly-espionage-malware-backdoor-asia-apt
Details Url 1 
https://www.infosecurity-magazine.com/news/fata-morgana-watering-hole-attacks?utm_source=twitterfeed&utm_medium=twitter
Details Url 1 
https://www.scmagazine.com/news/privacy/cyberattack-on-norton-health-spurs-long-waits-prescription-and-lab-delays
Details Url 1 
https://www.bleepingcomputer.com/news/security/hackers-target-15m-wordpress-sites-with-cookie-consent-plugin-exploit
Details Url 1 
https://www.darkreading.com/endpoint/threat-actors-compromise-barracuda-email-security-appliances
Details Url 1 
https://www.clearskysec.com/wp-content/uploads/2023/05/fata-morgana-israeli-websites-infected-by-iranian-group-1.8.pdf
Details Url 2 
https://www.genians.co.kr/hubfs/blogfile/threat_intelligence_report_apt37.pdf
Details Url 1 
https://thehackernews.com/2023/05/new-powerexchange-backdoor-used-in.html
Details Url 1 
https://www.bleepingcomputer.com/news/security/android-phones-are-vulnerable-to-fingerprint-brute-force-attacks
Details Url 1 
https://thehackernews.com/2023/05/netgear-routers-flaws-expose-users-to.html
Details Url 1 
https://thehackernews.com/2023/05/samsung-devices-under-active.html
Details Url 1 
https://www.scmagazine.com/news/identity-and-access/keepass-bug-lets-attackers-extract-the-master-password-from-memory
Details Url 1 
https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-patch-iphone-bugs-exploited-in-attacks
Details Url 1 
https://www.darkreading.com/vulnerabilities-threats/google-debuts-quality-ratings-for-security-bug-disclosures
Details Url 1 
https://www.bleepingcomputer.com/news/security/gitlab-strongly-recommends-patching-max-severity-flaw-asap
Details Url 1 
https://www.bleepingcomputer.com/news/security/barracuda-warns-of-email-gateways-breached-via-zero-day-flaw
Details Url 1 
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5026446-update-released-how-to-enable-moment-3-features
Details Url 1 
https://www.bleepingcomputer.com/news/security/d-link-fixes-auth-bypass-and-rce-flaws-in-d-view-8-software
Details Url 1 
https://www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-vulnerabilities-in-firewall-and-vpn-devices
Details Url 1 
https://www.infosecurity-magazine.com/news/expo-framework-api-flaw-reveals?utm_source=twitterfeed&utm_medium=twitter
Details Url 1 
https://www.scmagazine.com/news/application-security/new-api-based-attacks-on-microsoft-teams-underscore-the-need-for-wider-awareness-training
Details Url 1 
https://www.scmagazine.com/news/identity-and-access/google-voice-scams-tied-to-majority-of-compromised-identities
Details Url 5 
https://mp.weixin.qq.com/s/rjvwkh6ubetzuvtxje_bia
Details Url 4 
https://securelist.com/cloudwizard-apt/109722
Details Url 1 
https://www.bleepingcomputer.com/news/security/goldenjackal-state-hackers-silently-attacking-govts-since-2019
Details Url 4 
https://mp.weixin.qq.com/s/g8osytvgrsv2773kwzyuha
Details Url 2 
https://cert.gov.ua/article/4697016
Details Url 6 
https://blog.sekoia.io/bluenoroffs-rustbucket-campaign
Details Url 1 
https://www.scmagazine.com/news/emerging-technology/quantum-attack-would-trigger-great-depression-think-tank-warns
Details Url 5 
https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit
Details Url 6 
https://securelist.com/goldenjackal-apt-group/109677
Details Url 1 
https://www.bleepingcomputer.com/news/security/microsoft-365-phishing-attacks-use-encrypted-rpmsg-messages
Details Url 1 
https://www.darkreading.com/endpoint/-operation-magalenha-attacks-window-brazil-cybercrime-ecosystem
Details Url 1 
https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge?utm_source=twitterfeed&utm_medium=twitter
Details Url 4 
https://mp.weixin.qq.com/s/dhqj9-0qlwvsqyh_ugdw2g
Details Url 2 
https://www.fortinet.com/blog/threat-research/operation-total-exchange-backdoor-discovered
Details Url 2 
https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-organizations
Details Url 1 
https://www.scmagazine.com/news/cybercrime/from-fleeceware-to-phishing-sites-cybercriminals-cash-in-on-chatgpt-hype
Details Url 2 
https://www.bleepingcomputer.com/news/security/malicious-windows-kernel-drivers-used-in-blackcat-ransomware-attacks
Details Url 1 
https://www.bleepingcomputer.com/news/security/arms-maker-rheinmetall-confirms-blackbasta-ransomware-attack
Details Url 2 
https://www.bleepingcomputer.com/news/security/it-employee-impersonates-ransomware-gang-to-extort-employer
Details Url 1 
https://www.bleepingcomputer.com/news/security/cuba-ransomware-claims-cyberattack-on-philadelphia-inquirer
Details Url 1 
https://www.bleepingcomputer.com/news/security/iranian-hackers-use-new-moneybird-ransomware-to-attack-israeli-orgs
Details Url 1 
https://www.scmagazine.com/news/ransomware/us-sanctions-russian-ransomware-operator-who-leaked-stolen-dc-police-data
Details Url 1 
https://thehackernews.com/2023/05/new-michaelkors-ransomware-as-service.html
Details Url 2 
https://thehackernews.com/2023/05/notorious-cyber-gang-fin7-returns-cl0p.html
Details Url 1 
https://www.scmagazine.com/news/identity-and-access/ftc-to-crack-down-on-biometric-tech-health-app-data-privacy-violations
Details Url 1 
https://www.scmagazine.com/news/application-security/ftc-says-fertility-app-premom-shared-user-health-data-with-third-parties
Details Url 1 
https://www.bleepingcomputer.com/news/technology/eu-slaps-meta-with-13-billion-fine-for-moving-data-to-us-servers
Details Url 2 
https://www.bleepingcomputer.com/news/security/pentagon-explosion-hoax-goes-viral-after-verified-twitter-accounts-push
Details Url 1 
https://www.bleepingcomputer.com/news/security/us-sanctions-orgs-behind-north-koreas-illicit-it-worker-army
Details Url 1 
https://www.scmagazine.com/news/privacy/google-pays-39-9m-to-end-washingtons-location-tracking-privacy-lawsuit
Details Url 1 
https://www.darkreading.com/endpoint/supermailer-abuse-email-security-super-sized-credential-theft
Details Url 87 
http://360.net
Details Url 93 
https://cert.360.cn