ioc[.]one - OSINT Cyber Threat Intelligence Database

每周高级威胁情报解读(2024.10.11~10.17)

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Javascript - T1059.007 Mshta - T1218.005 Powershell - T1059.001 Python - T1059.006 Mshta - T1170 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	23cd0640-f99b-4314-8310-8c85c79e4966
Fingerprint	1fecf980d7f4e667
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 11, 2024, midnight
Added to db	Oct. 18, 2024, 2:26 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	每周高级威胁情报解读(2024.10.11~10.17)
Title	每周高级威胁情报解读(2024.10.11~10.17)
Detected Hints/Tags/Attributes	53/2/45

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247512825&idx=1&sn=1be3ff8880f4fdd22506cbfdf64a0e7d&chksm=ea66458edd11cc98ebe8a50ecd87e38662c85a2b0482c03b115dbca6c1d9b9c20c52d30dce29&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	267	✔	奇安信威胁情报中心	https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	19	cve-2022-27924
Details	CVE	53	cve-2023-42793
Details	CVE	95	cve-2024-40711
Details	CVE	49	cve-2024-9680
Details	Domain	208	mp.weixin.qq.com
Details	Domain	4	libraofficeonline.com
Details	Domain	167	www.ic3.gov
Details	Domain	2	doubleagent.net
Details	Domain	280	thehackernews.com
Details	Domain	80	infosec.exchange
Details	Domain	84	www.zscaler.com
Details	Domain	5	harfanglab.io
Details	Domain	17	cyberscoop.com
Details	File	2	pdf.chm
Details	File	1	earth-simnavaz-cyberattacks-uae-gulf-regions.html
Details	File	1	241010.pdf
Details	File	1	cisa-warns-of-threat-actors-exploiting.html
Details	File	1	edrsilencer-disrupting-endpoint-security-solutions.html
Details	File	20	veeam.backup
Details	File	10	mountservice.exe
Details	File	256	net.exe
Details	File	1	water-makara-uses-obfuscated-javascript-in-spear-phishing-campai.html
Details	File	456	mshta.exe
Details	Threat Actor Identifier - APT-C	9	APT-C-20
Details	Threat Actor Identifier - APT-Q	7	APT-Q-37
Details	Threat Actor Identifier - APT	783	APT28
Details	Threat Actor Identifier - APT	665	APT29
Details	Url	1	https://mp.weixin.qq.com/s/tkomihy36tujpkjwkva6ka
Details	Url	1	https://mp.weixin.qq.com/s/eseliivhqiwi-q1coca81g
Details	Url	1	https://mp.weixin.qq.com/s/vfdoulqrybeiezb1e1l-dg
Details	Url	1	https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks-uae-gulf-regions.html
Details	Url	1	https://mp.weixin.qq.com/s/kv2nfqr26nk8ybrdcwhldg
Details	Url	1	https://www.ic3.gov/media/news/2024/241010.pdf
Details	Url	1	https://doubleagent.net/fastcash-for-linux
Details	Url	1	https://thehackernews.com/2024/10/cisa-warns-of-threat-actors-exploiting.html
Details	Url	1	https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html
Details	Url	1	https://checkmarx.com/blog/this-new-supply-chain-attack-technique-can-trojanize-all-your-cli-commands
Details	Url	35	https://infosec.exchange
Details	Url	1	https://www.trendmicro.com/en_us/research/24/j/water-makara-uses-obfuscated-javascript-in-spear-phishing-campai.html
Details	Url	1	https://www.bleepingcomputer.com/news/security/over-200-malicious-apps-on-google-play-downloaded-millions-of-times
Details	Url	2	https://www.zscaler.com/blogs/security-research/technical-analysis-darkvision-rat
Details	Url	1	https://harfanglab.io/insidethelab/hijackloader-abusing-genuine-certificates
Details	Url	1	https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples
Details	Url	1	https://mp.weixin.qq.com/s/bbe-d14diwl--eubghqklg
Details	Url	1	https://cyberscoop.com/ips-vulnerable-fortinet-flaw-must-patch