每周高级威胁情报解读(2023.07.06~07.13)
Tags
| country: | Turkey Ukraine |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Sharepoint - T1213.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 2a91b0f8-4781-4eb2-98e4-ff921bdb4dcc |
| Fingerprint | d3bceb76be56dcf1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 6, 2023, midnight |
| Added to db | July 14, 2023, 1 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | 每周高级威胁情报解读(2023.07.06~07.13) |
| Title | 每周高级威胁情报解读(2023.07.06~07.13) |
| Detected Hints/Tags/Attributes | 51/3/62 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT Ukraine | 8 | UAC-0029 |
|
| Details | CVE | 119 | cve-2023-36884 |
|
| Details | CVE | 31 | cve-2023-32046 |
|
| Details | CVE | 31 | cve-2023-32049 |
|
| Details | CVE | 34 | cve-2023-36874 |
|
| Details | CVE | 32 | cve-2023-35311 |
|
| Details | CVE | 14 | cve-2023-33157 |
|
| Details | CVE | 13 | cve-2023-35352 |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 83 | cert.gov.ua |
|
| Details | Domain | 287 | yahoo.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 15 | blog.aquasec.com |
|
| Details | Domain | 2 | scanyalx.online |
|
| Details | Domain | 2 | turkiye.gov.tr |
|
| Details | Domain | 21 | lab52.io |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 452 | msrc.microsoft.com |
|
| Details | 2 | iri_1357@yahoo.com |
||
| Details | File | 1 | perekazf173_04072023.xls |
|
| Details | File | 1 | rahunok_05072023.xls |
|
| Details | File | 41 | avastui.exe |
|
| Details | File | 41 | avastsvc.exe |
|
| Details | File | 5 | xagt.exe |
|
| Details | File | 3 | fcappdb.exe |
|
| Details | File | 3 | fortiwf.exe |
|
| Details | File | 4 | detail.html |
|
| Details | File | 1 | 其中包含一个.bat |
|
| Details | File | 1 | 两个.tmp |
|
| Details | File | 1 | 和另一个.pdf |
|
| Details | File | 2 | tailing-big-head-ransomware-variants-tactics-and-impact.html |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 17 | DEV-0978 |
|
| Details | Microsoft Threat Actor Naming Taxonomy (Groups in development) | 7 | storm-0978 |
|
| Details | Microsoft Threat Actor Naming Taxonomy (Groups in development) | 79 | Storm-0978 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier - APT | 121 | APT42 |
|
| Details | Url | 4 | https://unit42.paloaltonetworks.com/cloaked-ursa-phishing |
|
| Details | Url | 3 | https://cert.gov.ua/article/5098518 |
|
| Details | Url | 5 | https://cert.gov.ua/article/5105791 |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/uyv4x-46dkkpx76uzqytmg |
|
| Details | Url | 2 | https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit |
|
| Details | Url | 2 | https://www.proofpoint.com/us/blog/threat-insight/welcome-new-york-exploring-ta453s-foray-lnks-and-mac-malware |
|
| Details | Url | 5 | https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives |
|
| Details | Url | 1 | https://blog.talosintelligence.com/undocumented-reddriver |
|
| Details | Url | 3 | https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/tqik-jhf8fobysdfa-pumg |
|
| Details | Url | 1 | https://blog.cyble.com/2023/07/10/the-turkish-government-masqueraded-site-distributing-android-rat |
|
| Details | Url | 2 | https://scanyalx.online |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/-3ptgmvtcpd04ix87k7j2g |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/fi_wg6lh4hrd3rqsnhs9ca |
|
| Details | Url | 3 | https://lab52.io/blog/beyond-appearances-unknown-actor-using-apt29s-ttp-against-chinese-users |
|
| Details | Url | 2 | https://www.fortinet.com/blog/threat-research/lokibot-targets-microsoft-office-document-using-vulnerabilities-and-macros |
|
| Details | Url | 1 | https://www.threatfabric.com/blogs/letscall-new-sophisticated-vishing-toolset#introduction_to_letscall |
|
| Details | Url | 1 | https://www.reversinglabs.com/blog/operation-brainleeches-malicious-npm-packages-fuel-supply-chain-and-phishing-attacks |
|
| Details | Url | 2 | https://www.welivesecurity.com/2023/07/06/whats-up-with-emotet |
|
| Details | Url | 2 | https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html |
|
| Details | Url | 1 | https://www.zscaler.com/blogs/security-research/toitoin-trojan-analyzing-new-multi-stage-attack-targeting-latam-region |
|
| Details | Url | 1 | https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study |
|
| Details | Url | 1 | https://research.checkpoint.com/2023/major-security-flaws-in-popular-quickblox-chat-and-video-framework-expose-sensitive-data-of-millions |
|
| Details | Url | 1 | https://msrc.microsoft.com/update-guide/en-us/releasenote/2023-jul |