ioc[.]one - OSINT Cyber Threat Intelligence Database

Bluepurple Pulse: week ending September 17th

Tags

cmtmf-attack-pattern:	Code Injection Geofencing
country:	Australia United Arab Emirates Belgium Brazil China North Korea Netherlands Estonia Germany Nigeria India Iran Israel Japan Saudi Arabia Lithuania Poland Singapore South Africa Turkey Russia Ukraine United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Models Artificial Intelligence - T1588.007 Code Injection - T1540 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Geofencing - T1627.001 Geofencing - T1581 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110

Show in Graph

Common Information

Type	Value
UUID	3e4014be-9205-4a36-8152-bf6e414030fd
Fingerprint	a481991d83368bcd
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 13, 2023, midnight
Added to db	Nov. 19, 2023, 6:03 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Cyber Defence Analysis for Blue & Purple Teams
Title	Bluepurple Pulse: week ending September 17th
Detected Hints/Tags/Attributes	190/4/43

Source URLs

	Redirection	Url
Details	Source	https://bluepurple.binaryfirefly.com/p/bluepurple-pulse-week-ending-september-97a

URL Provider

Details	Provider	Source level domain
Details	binaryfirefly.com	bluepurple.binaryfirefly.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	76	✔	Cyber Defence Analysis for Blue & Purple Teams	https://bluepurple.binaryfirefly.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	3	cve-2023-4809
Details	CVE	17	cve-2023-26369
Details	Domain	13	mockbin.org
Details	Domain	6	photo.zip
Details	Domain	83	cert.gov.ua
Details	Domain	16	stake.com
Details	Domain	189	asec.ahnlab.com
Details	Domain	2	www.alethea.com
Details	Domain	84	www.zscaler.com
Details	Domain	31	dl.acm.org
Details	Domain	4	rtx.meta.security
Details	Domain	154	arxiv.org
Details	Domain	61	seclists.org
Details	Domain	2	www.enricobassetti.it
Details	Domain	7	ssd-disclosure.com
Details	Domain	10	blog.quarkslab.com
Details	File	6	photo.zip
Details	File	5	yara32.exe
Details	File	2	sandboxing-imageio-in-macos.html
Details	File	2	fhsvc.dll
Details	File	2	fhcfg.dll
Details	File	10	securekernel.exe
Details	File	7	vmsp.exe
Details	File	2	tpmengum.dll
Details	File	2	debugging-windows-isolated-user-mode-ium-processes.html
Details	Microsoft Threat Actor Naming Taxonomy (Groups in development)	12	Storm-0324
Details	Threat Actor Identifier - APT-C	30	APT-C-26
Details	Threat Actor Identifier - APT	783	APT28
Details	Threat Actor Identifier - APT	144	APT38
Details	Threat Actor Identifier - APT	194	APT35
Details	Url	7	https://cert.gov.ua/article/5702579
Details	Url	2	https://asec.ahnlab.com/en/56981
Details	Url	2	https://www.alethea.com/post/chinese-influence-operation-spreads-to-american-alt-platforms
Details	Url	5	https://www.zscaler.com/blogs/security-research/technical-analysis-hijackloader
Details	Url	4	https://www.zscaler.com/blogs/security-research/steal-it-campaign
Details	Url	2	https://dl.acm.org/doi/10.1145/3603269.3604840
Details	Url	2	https://rtx.meta.security/mitigation/2023/09/11/sandboxing-imageio-in-macos.html
Details	Url	2	https://arxiv.org/abs/2309.00614
Details	Url	2	https://seclists.org/oss-sec/2023/q3/168
Details	Url	2	https://www.enricobassetti.it/2023/09/cve-2023-4809-freebsd-pf-bypass-when-using-ipv6
Details	Url	2	https://arxiv.org/abs/2309.02926
Details	Url	2	https://ssd-disclosure.com/ssd-advisory-file-history-service-fhsvc-dll-elevation-of-privilege
Details	Url	2	https://blog.quarkslab.com/debugging-windows-isolated-user-mode-ium-processes.html