每周高级威胁情报解读(2023.05.18~05.25)
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 297baa11-1ee7-4d06-a289-b423f85ffa7a
Fingerprint 6356de671ce6f5df
Analysis status DONE
Considered CTI value 2
Text language
Published May 18, 2023, midnight
Added to db June 5, 2023, 2:22 p.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline 每周高级威胁情报解读(2023.05.18~05.25)
Title 每周高级威胁情报解读(2023.05.18~05.25)
Detected Hints/Tags/Attributes 61/1/51
Source URLs
Redirection Url
Details Source https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247506525&idx=1&sn=0a49cfaa5721fba724bece4f836b50f4&chksm=ea662d2add11a43ccb738522005dc3e34bca1184d32d5031b63f196613551a59c1d348bd1e20&scene=58&subscene=0#rd
URL Provider
Details Provider Source level domain
Details qq.com mp.weixin.qq.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 267 奇安信威胁情报中心 https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 15 
cve-2023-2825
Details CVE 43 
cve-2021-22205
Details CVE 73 
cve-2023-28252
Details Domain 403 
securelist.com
Details Domain 208 
mp.weixin.qq.com
Details Domain 57 
www.clearskysec.com
Details Domain 58 
blog.sekoia.io
Details Domain 23 
permiso.io
Details Domain 65 
blog.cyble.com
Details Domain 37 
openai.com
Details Domain 622 
en.wikipedia.org
Details Domain 144 
www.fortinet.com
Details Domain 141 
research.checkpoint.com
Details Domain 45 
www.reversinglabs.com
Details File 49 
onedrive.exe
Details File 1 
info-stealer-abusing-codespaces-puts-discord-users--data-at-risk.html
Details File 1 
rust-based-info-stealers-abuse-github-codespaces.html
Details File 1 
report-dark-web-threats-against-the-energy-industry.pdf
Details File 8 
wintapix.sys
Details File 2 
srvnet2.sys
Details File 1 
blackcat-ransomware-deploys-new-signed-kernel-driver.html
Details sha1 3 
b2f955b3e6107f831ebe67997f8586d4fe9f3e98
Details sha256 3 
c92a7425959121ff49970c53b78e714b9e450e4b214ac85deb878d0bedf82a70
Details Threat Actor Identifier - APT-C 15 
APT-C-28
Details Threat Actor Identifier - APT 277 
APT37
Details Url 5 
https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit
Details Url 6 
https://securelist.com/goldenjackal-apt-group/109677
Details Url 4 
https://mp.weixin.qq.com/s/g8osytvgrsv2773kwzyuha
Details Url 5 
https://mp.weixin.qq.com/s/rjvwkh6ubetzuvtxje_bia
Details Url 4 
https://securelist.com/cloudwizard-apt/109722
Details Url 2 
https://www.clearskysec.com/fata-morgana
Details Url 6 
https://blog.sekoia.io/bluenoroffs-rustbucket-campaign
Details Url 252 
https://medium.com
Details Url 3 
https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor
Details Url 1 
https://www.trendmicro.com/en_us/research/23/e/info-stealer-abusing-codespaces-puts-discord-users--data-at-risk.html
Details Url 1 
https://blog.cyble.com/2023/05/23/new-mdbotnet-unleashes-ddos-attacks
Details Url 1 
https://drops.scamsniffer.io/post/5-9-million-stolen-by-scam-as-a-service-provider-called-inferno-drainer
Details Url 1 
https://www.trendmicro.com/en_us/research/23/e/rust-based-info-stealers-abuse-github-codespaces.html
Details Url 1 
https://blog.cyble.com/2023/05/19/capcut-users-under-fire
Details Url 1 
https://25608397.fs1.hubspotusercontent-eu1.net/hubfs/25608397/report-dark-web-threats-against-the-energy-industry.pdf
Details Url 3 
https://www.esentire.com/blog/batloader-impersonates-midjourney-chatgpt-in-drive-by-cyberattacks
Details Url 6 
https://openai.com/blog/chatgpt
Details Url 1 
https://en.wikipedia.org/wiki/midjourney
Details Url 1 
https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration
Details Url 1 
https://www.fortinet.com/blog/threat-research/youtube-pirated-software-videos-deliver-triple-threat-vidar-stealer-laplas-clipper-xmrig-miner
Details Url 2 
https://www.fortinet.com/blog/threat-research/wintapix-kernal-driver-middle-east-countries
Details Url 1 
https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
Details Url 1 
https://research.checkpoint.com/2023/cloud-based-malware-delivery-the-evolution-of-guloader
Details Url 1 
https://www.reversinglabs.com/blog/rats-found-hiding-in-the-npm-attic
Details Url 1 
https://mp.weixin.qq.com/s/qlst6cx_z1a698tvvx-biq
Details Url 1 
https://mp.weixin.qq.com/s/r0gg4sfcssuesqk7gfhpbw