Bluepurple Pulse: week ending February 12th
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 3d7f55a2-e3c2-47cf-897d-ddcc561650ee |
| Fingerprint | a530991b0db78783 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 9, 2023, midnight |
| Added to db | June 5, 2023, 2:39 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Cyber Defence Analysis for Blue & Purple Teams |
| Title | Bluepurple Pulse: week ending February 12th |
| Detected Hints/Tags/Attributes | 273/4/119 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 76 | ✔ | Cyber Defence Analysis for Blue & Purple Teams | https://bluepurple.binaryfirefly.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT Ukraine | 40 | UAC-0050 |
|
| Details | CERT Ukraine | 49 | UAC-0056 |
|
| Details | CERT Ukraine | 32 | UAC-0114 |
|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | Domain | 83 | cert.gov.ua |
|
| Details | Domain | 10 | scpc.gov.ua |
|
| Details | Domain | 124 | www.sentinelone.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 41 | blogs.microsoft.com |
|
| Details | Domain | 13 | threatmon.io |
|
| Details | Domain | 17 | www.deepinstinct.com |
|
| Details | Domain | 65 | blog.cyble.com |
|
| Details | Domain | 1 | resources.securityscorecard.com |
|
| Details | Domain | 29 | www.trellix.com |
|
| Details | Domain | 8 | www.cleafy.com |
|
| Details | Domain | 2 | c3rb3ru5d3d53c.github.io |
|
| Details | Domain | 1 | opaque-predicate-hunting-with-yara.en.md |
|
| Details | Domain | 30 | www.sciencedirect.com |
|
| Details | Domain | 2 | www.preludesecurity.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 58 | redcanary.com |
|
| Details | Domain | 6 | blog.sygnia.co |
|
| Details | Domain | 1 | www.prio-n.com |
|
| Details | Domain | 6 | sansec.io |
|
| Details | Domain | 26 | posts.specterops.io |
|
| Details | Domain | 255 | www.optiv.com |
|
| Details | Domain | 5 | vscode.dev |
|
| Details | Domain | 3 | global.rel.tunnels.api.visualstudio.com |
|
| Details | Domain | 4 | badoption.eu |
|
| Details | Domain | 10 | blog.xpnsec.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 80 | infosec.exchange |
|
| Details | Domain | 3 | recover.sh |
|
| Details | Domain | 1 | winsiderss.github.io |
|
| Details | Domain | 15 | github.blog |
|
| Details | Domain | 1 | washi.dev |
|
| Details | Domain | 25 | link.springer.com |
|
| Details | Domain | 101 | www.elastic.co |
|
| Details | Domain | 12 | binaryfirefly.com |
|
| Details | 12 | hello@binaryfirefly.com |
||
| Details | File | 2 | debt.rar |
|
| Details | File | 1 | -254507.txt |
|
| Details | File | 8 | pdf.rar |
|
| Details | File | 1 | debt.pdf |
|
| Details | File | 1 | officetemplate.exe |
|
| Details | File | 1 | microsoftofficedashboard.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 1 | earth-zhulong-familiar-patterns-target-vietnam.html |
|
| Details | File | 10 | mcvsocfg.dll |
|
| Details | File | 16 | mcods.exe |
|
| Details | File | 1 | guloader-the-nsis-vantage-point.html |
|
| Details | File | 263 | www.opt |
|
| Details | File | 41 | code.exe |
|
| Details | File | 1 | code_c2.html |
|
| Details | File | 7 | procexp152.sys |
|
| Details | File | 1 | arm64-cycle-based-cpu.html |
|
| Details | Github username | 2 | preludeorg |
|
| Details | Github username | 21 | azure |
|
| Details | Github username | 1 | wh0nsq |
|
| Details | Github username | 2 | zblurx |
|
| Details | Github username | 1 | omribaso |
|
| Details | Github username | 1 | nopbrick |
|
| Details | Github username | 1 | eversinc33 |
|
| Details | Github username | 3 | thed1rkmtr |
|
| Details | Github username | 46 | rapid7 |
|
| Details | Github username | 11 | cisagov |
|
| Details | Github username | 2 | rbmm |
|
| Details | Github username | 1 | goatmilkkk |
|
| Details | md5 | 3 | 703254254bf23f72b26f54a936cda496 |
|
| Details | Threat Actor Identifier - APT-C | 102 | APT-C-35 |
|
| Details | Url | 1 | https://cert.gov.ua/article/3804703 |
|
| Details | Url | 1 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer |
|
| Details | Url | 1 | https://scpc.gov.ua/article/231 |
|
| Details | Url | 2 | https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/23/b/earth-zhulong-familiar-patterns-target-vietnam.html |
|
| Details | Url | 1 | https://blogs.microsoft.com/on-the-issues/2023/02/03/dtac-charlie-hebdo-hack-iran-neptunium |
|
| Details | Url | 1 | https://threatmon.io/donot-team-apt-c-35-analysis-of-latest-campaing |
|
| Details | Url | 1 | https://www.deepinstinct.com/blog/no-macro-no-worries-vsto-being-weaponized-by-threat-actors |
|
| Details | Url | 1 | https://blog.cyble.com/2023/02/01/vector-stealer-a-gateway-for-rdp-hijacking |
|
| Details | Url | 2 | https://blog.cyble.com/2023/02/03/new-medusa-botnet-emerging-via-mirai-botnet-targeting-linux-users |
|
| Details | Url | 1 | https://resources.securityscorecard.com/research/stealerium-detailed-analysis |
|
| Details | Url | 1 | https://www.trellix.com/en-us/about/newsroom/stories/research/guloader-the-nsis-vantage-point.html |
|
| Details | Url | 1 | https://www.cleafy.com/cleafy-labs/pixpirate-a-new-brazilian-banking-trojan |
|
| Details | Url | 1 | https://c3rb3ru5d3d53c.github.io/2023/02/opaque-predicate-hunting-with-yara.en.md |
|
| Details | Url | 1 | https://www.sciencedirect.com/science/article/pii/s0167404822003510 |
|
| Details | Url | 1 | https://www.preludesecurity.com/blog/verified-security-tests-explained |
|
| Details | Url | 1 | https://github.com/preludeorg/test |
|
| Details | Url | 1 | https://redcanary.com/blog/credential-access |
|
| Details | Url | 1 | https://github.com/azure/azure-sentinel-notebooks/tree/master/mitremap-notebook |
|
| Details | Url | 1 | https://blog.sygnia.co/incident-response-in-google-cloud-forensic-artifacts |
|
| Details | Url | 1 | https://www.prio-n.com/a-year-in-review-2022-100-vulnerabilities-you-should-prioritize |
|
| Details | Url | 1 | https://sansec.io/research/sansec-analysis-12-of-online-stores-leak-private-backups |
|
| Details | Url | 1 | https://posts.specterops.io/at-the-edge-of-tier-zero-the-curious-case-of-the-rodc-ef5f1799ca06 |
|
| Details | Url | 1 | https://www.optiv.com/insights/source-zero/blog/diving-deeper-pre-created-computer-accounts |
|
| Details | Url | 2 | https://vscode.dev |
|
| Details | Url | 1 | https://global.rel.tunnels.api.visualstudio.com |
|
| Details | Url | 1 | https://badoption.eu/docs/blog/2023/01/31/code_c2.html |
|
| Details | Url | 1 | https://github.com/wh0nsq/bypasscredguard |
|
| Details | Url | 2 | https://github.com/zblurx/certsync |
|
| Details | Url | 1 | https://blog.xpnsec.com/building-a-mach-o-memory-loader-part-1 |
|
| Details | Url | 1 | https://github.com/omribaso/rtoolz |
|
| Details | Url | 1 | https://github.com/nopbrick/seeproxy |
|
| Details | Url | 1 | https://github.com/eversinc33/bouncygate |
|
| Details | Url | 1 | https://github.com/thed1rkmtr/unhookingpatch |
|
| Details | Url | 1 | https://github.com/thed1rkmtr/ntdllreflection |
|
| Details | Url | 2 | https://github.com/thed1rkmtr/amsi_patch |
|
| Details | Url | 1 | https://github.com/thed1rkmtr/ntdlll-unhooking-collection |
|
| Details | Url | 1 | https://github.com/thed1rkmtr/filelesspeloader |
|
| Details | Url | 1 | https://www.crowdstrike.com/blog/how-adversaries-persist-with-aws-user-federation |
|
| Details | Url | 35 | https://infosec.exchange |
|
| Details | Url | 2 | https://github.com/rapid7/metasploit-framework/pull/17607 |
|
| Details | Url | 1 | https://github.com/cisagov/esxiargs-recover/blob/main/recover.sh |
|
| Details | Url | 1 | https://winsiderss.github.io/si-blog/2023/02/04/arm64-cycle-based-cpu.html |
|
| Details | Url | 1 | https://github.blog/2023-02-06-the-technology-behind-githubs-new-code-search |
|
| Details | Url | 1 | https://github.com/rbmm/ntdetours |
|
| Details | Url | 1 | https://washi.dev/blog/posts/import-patching |
|
| Details | Url | 1 | https://link.springer.com/chapter/10.1007/978-3-031-25538-0_39 |
|
| Details | Url | 1 | https://github.com/goatmilkkk/tinyprocessor |
|
| Details | Url | 1 | https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction |