全球高级持续性威胁(APT)2018年总结报告 - FreeBuf网络安全行业门户
Tags
| country: | China Lebanon Oman Russia |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Rootkit - T1014 Rootkit |
Common Information
| Type | Value |
|---|---|
| UUID | 2299fd33-e7a4-48fe-9d70-2d277708d517 |
| Fingerprint | 8abb27c65480cf0b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 9, 2019, 9 a.m. |
| Added to db | April 15, 2023, 1:04 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | UNKNOWN |
| Title | 全球高级持续性威胁(APT)2018年总结报告 - FreeBuf网络安全行业门户 |
| Detected Hints/Tags/Attributes | 100/2/123 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.freebuf.com/articles/paper/193553.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 63 | cve-2017-8570 |
|
| Details | CVE | 9 | cve-2017-12824 |
|
| Details | CVE | 92 | cve-2018-4878 |
|
| Details | CVE | 27 | cve-2018-8373 |
|
| Details | CVE | 15 | cve-2018-8414 |
|
| Details | CVE | 49 | cve-2018-8453 |
|
| Details | CVE | 7 | cve-2018-8242 |
|
| Details | CVE | 16 | cve-2018-8611 |
|
| Details | CVE | 59 | cve-2018-15982 |
|
| Details | CVE | 19 | cve-2018-8440 |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 13 | asert.arbornetworks.com |
|
| Details | Domain | 20 | ti.360.net |
|
| Details | Domain | 111 | www.justice.gov |
|
| Details | Domain | 24 | www2.fireeye.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 141 | research.checkpoint.com |
|
| Details | Domain | 43 | www.cyberscoop.com |
|
| Details | Domain | 23 | www.forcepoint.com |
|
| Details | Domain | 6 | blog.yoroi.company |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 2 | www.issuemakerslab.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 37 | blog.alyac.co.kr |
|
| Details | Domain | 184 | www.fireeye.com |
|
| Details | Domain | 10 | global.ahnlab.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 3 | blog.k7computing.com |
|
| Details | Domain | 138 | www.securityweek.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 57 | www.clearskysec.com |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | Domain | 78 | securityaffairs.co |
|
| Details | Domain | 26 | www.accenture.com |
|
| Details | Domain | 175 | www.zdnet.com |
|
| Details | Domain | 20 | blogs.360.cn |
|
| Details | Domain | 145 | www.us-cert.gov |
|
| Details | File | 16 | mcods.exe |
|
| Details | File | 10 | mcvsocfg.dll |
|
| Details | File | 8 | flash.exe |
|
| Details | File | 29 | uxtheme.dll |
|
| Details | File | 28 | goopdate.dll |
|
| Details | File | 33 | wwlib.dll |
|
| Details | File | 33 | 360tray.exe |
|
| Details | File | 54 | dbghelp.dll |
|
| Details | File | 3 | 使用nbt.exe |
|
| Details | File | 1 | 进行扫描net.exe |
|
| Details | File | 1 | 实现ipc用户添加msbuild.exe |
|
| Details | File | 4 | threat-actor.json |
|
| Details | File | 6 | rpt_apt37.pdf |
|
| Details | File | 7 | korea-in-crosshairs.html |
|
| Details | File | 2 | apt37-overlooked-north-korean-actor.html |
|
| Details | File | 2 | navrat.html |
|
| Details | File | 1 | fake-av-investigation-unearths-kevdroid.html |
|
| Details | File | 3 | who-wasnt-responsible-for-olympic.html |
|
| Details | File | 1 | apt28-targeted-senator-mccaskill.html |
|
| Details | File | 1 | 数字加密货币交易软件apt攻击简报-2.html |
|
| Details | Github username | 11 | misp |
|
| Details | Threat Actor Identifier - APT-C | 30 | APT-C-26 |
|
| Details | Threat Actor Identifier - APT-C | 102 | APT-C-35 |
|
| Details | Threat Actor Identifier - APT-C | 44 | APT-C-00 |
|
| Details | Threat Actor Identifier - APT-C | 19 | APT-C-01 |
|
| Details | Threat Actor Identifier - APT-C | 11 | APT-C-12 |
|
| Details | Threat Actor Identifier - APT-C | 24 | APT-C-06 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Threat Actor Identifier - APT | 144 | APT38 |
|
| Details | Url | 5 | https://ti.360.net |
|
| Details | Url | 4 | https://github.com/misp/misp-galaxy/blob/master/clusters/threat-actor.json |
|
| Details | Url | 13 | https://attack.mitre.org/groups |
|
| Details | Url | 1 | https://asert.arbornetworks.com/donot-team-leverages-new-modular-malware-framework-south-asia |
|
| Details | Url | 2 | https://ti.360.net/blog/articles/latest-activity-of-apt-c-35 |
|
| Details | Url | 1 | https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china |
|
| Details | Url | 6 | https://www.justice.gov/opa/press-release/file/1092091/download |
|
| Details | Url | 2 | https://ti.360.net/blog/articles/analysis-of-donot-andriod-sample |
|
| Details | Url | 6 | https://www2.fireeye.com/rs/848-did-242/images/rpt_apt37.pdf |
|
| Details | Url | 1 | https://ti.360.net/blog/articles/analysis-of-group123-sample-with-hwp-exploitkit |
|
| Details | Url | 3 | https://securelist.com/olympic-destroyer-is-still-alive/86169 |
|
| Details | Url | 2 | https://research.checkpoint.com/new-strain-of-olympic-destroyer-droppers |
|
| Details | Url | 1 | https://securelist.com/kaspersky-security-bulletin-2018-top-security-stories/89118 |
|
| Details | Url | 3 | https://ti.360.net/blog/articles/oceanlotus-targets-chinese-university |
|
| Details | Url | 2 | https://ti.360.net/blog/articles/analyzing-attack-of-cve-2018-8373-and-darkhotel |
|
| Details | Url | 2 | https://www.cyberscoop.com/kaspersky-slingshot-isis-operation-socom-five-eyes |
|
| Details | Url | 2 | https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft |
|
| Details | Url | 2 | https://ti.360.net/blog/articles/details-of-apt-c-12-of-operation-nuclearcrisis |
|
| Details | Url | 2 | https://blog.yoroi.company/research/new-cozy-bear-campaign-old-habits |
|
| Details | Url | 2 | https://ti.360.net/blog/articles/analysis-of-settingcontent-ms-file |
|
| Details | Url | 2 | https://ti.360.net/blog/articles/excel-macro-technology-to-evade-detection |
|
| Details | Url | 2 | https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151 |
|
| Details | Url | 1 | https://securelist.com/zero-day-in-windows-kernel-transaction-manager-cve-2018-8611/89253 |
|
| Details | Url | 1 | https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability |
|
| Details | Url | 2 | http://www.issuemakerslab.com/research3 |
|
| Details | Url | 2 | https://ti.360.net/blog/articles/analysis-of-targeted-attacks-suspected-of-patchover |
|
| Details | Url | 6 | https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html |
|
| Details | Url | 3 | http://blog.alyac.co.kr/1521 |
|
| Details | Url | 2 | https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html |
|
| Details | Url | 5 | https://global.ahnlab.com/global/upload/download/techreport |
|
| Details | Url | 2 | https://blog.talosintelligence.com/2018/05/navrat.html |
|
| Details | Url | 2 | http://blog.alyac.co.kr/1985 |
|
| Details | Url | 2 | http://blog.alyac.co.kr/2035 |
|
| Details | Url | 1 | https://blog.talosintelligence.com/2018/04/fake-av-investigation-unearths-kevdroid.html |
|
| Details | Url | 2 | http://blog.alyac.co.kr/1853 |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/unit42-reaper-groups-updated-mobile-arsenal |
|
| Details | Url | 2 | http://blog.k7computing.com/?p=6507 |
|
| Details | Url | 1 | https://www.securityweek.com/russia-hacked-olympics-computers-turned-blame-north-korea-report |
|
| Details | Url | 3 | https://blog.talosintelligence.com/2018/02/who-wasnt-responsible-for-olympic.html |
|
| Details | Url | 5 | https://securelist.com/olympicdestroyer-is-here-to-trick-the-industry/84295 |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/dggtasjpim179qynzx6kfa |
|
| Details | Url | 4 | https://securelist.com/muddywater/88059 |
|
| Details | Url | 3 | https://www.clearskysec.com/muddywater-operations-in-lebanon-and-oman |
|
| Details | Url | 4 | https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group |
|
| Details | Url | 1 | https://securityaffairs.co/wordpress/74843/cyber-warfare-2/apt28-targeted-senator-mccaskill.html |
|
| Details | Url | 1 | https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group |
|
| Details | Url | 1 | https://www.symantec.com/blogs/election-security/apt28-espionage-military-government |
|
| Details | Url | 2 | https://www.welivesecurity.com/2018/11/20/sednit-whats-going-zebrocy |
|
| Details | Url | 1 | https://www.accenture.com/us-en/blogs/blogs-snakemackerel-delivers-zekapab-malware |
|
| Details | Url | 2 | https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign |
|
| Details | Url | 1 | https://www.zdnet.com/article/russian-apt-comes-back-to-life-with-new-us-spear-phishing-campaign |
|
| Details | Url | 1 | http://blogs.360.cn/post/数字加密货币交易软件apt攻击简报-2.html |
|
| Details | Url | 4 | https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break |
|
| Details | Url | 4 | https://www.us-cert.gov/ncas/alerts/ta18-275a |