全球高级持续性威胁 (APT) 2019年中报告
Tags
| cmtmf-attack-pattern: | Supply Chain Compromise |
| country: | China Iran Russia Vietnam |
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Supply Chain Compromise - T1474 Supply Chain Compromise - T1195 Supply Chain Compromise |
Common Information
| Type | Value |
|---|---|
| UUID | 47cb5f5b-0b96-48a7-9393-92658990bb3e |
| Fingerprint | e0fd0f9ab7e749ec |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 4, 2019, midnight |
| Added to db | Sept. 22, 2024, 3:32 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | 全球高级持续性威胁 (APT) 2019年中报告 |
| Title | 全球高级持续性威胁 (APT) 2019年中报告 |
| Detected Hints/Tags/Attributes | 96/3/96 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.secrss.com/articles/11927 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 16 | cve-2019-0797 |
|
| Details | CVE | 49 | cve-2018-8453 |
|
| Details | CVE | 16 | cve-2018-8611 |
|
| Details | CVE | 16 | cve-2018-8589 |
|
| Details | Domain | 58 | ti.qianxin.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 15 | www.misp-project.org |
|
| Details | Domain | 112 | docs.google.com |
|
| Details | Domain | 111 | www.justice.gov |
|
| Details | Domain | 43 | www.cyberscoop.com |
|
| Details | Domain | 37 | blog.alyac.co.kr |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 42 | tencent.com |
|
| Details | Domain | 41 | www.freebuf.com |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 6 | blog.yoroi.company |
|
| Details | Domain | 78 | securityaffairs.co |
|
| Details | Domain | 36 | media.defense.gov |
|
| Details | Domain | 124 | www.nytimes.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 3 | hack2interesting.com |
|
| Details | Domain | 177 | www.wired.com |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | Domain | 85 | 163.com |
|
| Details | File | 1 | c437f2e1f3eba14802924e26fc2318fb.pdf |
|
| Details | File | 2 | 56e5630023fe905b2a8f511e24d9b84a.pdf |
|
| Details | File | 5 | galaxy.html |
|
| Details | File | 2 | 711.html |
|
| Details | File | 3 | 120002.html |
|
| Details | File | 2 | linking_south_asian_cyber_espionnage_groups-to-publish.pdf |
|
| Details | File | 3 | penquins_moonlit_maze_pdf_eng.pdf |
|
| Details | File | 5 | eset_greyenergy.pdf |
|
| Details | File | 1 | russian-apt-groups-may-elections.html |
|
| Details | File | 1 | apt28-institutions-europe.html |
|
| Details | File | 1 | obama-ordered-wave-of-cyberattacks-against-iran.html |
|
| Details | File | 3 | cyber_strategy_summary_final.pdf |
|
| Details | File | 2 | trump-cyber-russia-grid.html |
|
| Details | File | 2 | global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html |
|
| Details | File | 2 | dnspionage-campaign-targets-middle-east.html |
|
| Details | File | 3 | targeted-attack-in-middle-east-by-apt34.html |
|
| Details | File | 1 | dnspionage-brings-out-karkoff.html |
|
| Details | File | 1 | us-iran-cyber-attacks.html |
|
| Details | File | 1 | 20150117-spiegel-overview_of_methods_for_nsa_integrated_cyber_operations_0.pdf |
|
| Details | md5 | 1 | c437f2e1f3eba14802924e26fc2318fb |
|
| Details | md5 | 2 | 56e5630023fe905b2a8f511e24d9b84a |
|
| Details | MITRE ATT&CK Techniques | 52 | T1195 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Threat Actor Identifier - APT | 132 | APT32 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Threat Actor Identifier - APT | 258 | APT34 |
|
| Details | Threat Actor Identifier - APT | 181 | APT33 |
|
| Details | Url | 3 | https://ti.qianxin.com/blog |
|
| Details | Url | 1 | https://ti.qianxin.com/uploads/2018/08/01/c437f2e1f3eba14802924e26fc2318fb.pdf |
|
| Details | Url | 2 | https://ti.qianxin.com/uploads/2019/01/02/56e5630023fe905b2a8f511e24d9b84a.pdf |
|
| Details | Url | 57 | https://attack.mitre.org |
|
| Details | Url | 3 | https://www.misp-project.org/galaxy.html |
|
| Details | Url | 1 | https://docs.google.com/spreadsheets/u/0/d/1h9_xaxqhpwaa4o_son4gx0yoizlcbwmsdvepfx68eku/pubhtml# |
|
| Details | Url | 6 | https://www.justice.gov/opa/press-release/file/1092091/download |
|
| Details | Url | 1 | https://www.cyberscoop.com/apt32-ocean-lotus-vietnam-car-companies-hacked |
|
| Details | Url | 2 | https://blog.alyac.co.kr |
|
| Details | Url | 2 | https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729 |
|
| Details | Url | 2 | https://s.tencent.com/research/report/711.html |
|
| Details | Url | 3 | https://www.freebuf.com/articles/paper/120002.html |
|
| Details | Url | 2 | https://www.first.org/resources/papers/tallinn2019/linking_south_asian_cyber_espionnage_groups-to-publish.pdf |
|
| Details | Url | 1 | https://labs.bitdefender.com/2017/09/ehdevel-the-story-of-a-continuously-improving-advanced-threat-creation-toolkit |
|
| Details | Url | 1 | https://www.arbornetworks.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia |
|
| Details | Url | 1 | https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180251/penquins_moonlit_maze_pdf_eng.pdf |
|
| Details | Url | 4 | https://www.welivesecurity.com/wp-content/uploads/2018/10/eset_greyenergy.pdf |
|
| Details | Url | 1 | https://blog.yoroi.company/research/apt28-and-upcoming-elections-possible-interference-signals |
|
| Details | Url | 1 | https://securityaffairs.co/wordpress/82772/apt/russian-apt-groups-may-elections.html |
|
| Details | Url | 1 | https://securityaffairs.co/wordpress/81445/apt/apt28-institutions-europe.html |
|
| Details | Url | 3 | https://securelist.com/zebrocys-multilanguage-malware-salad/90680 |
|
| Details | Url | 1 | https://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html |
|
| Details | Url | 3 | https://securelist.com/equation-the-death-star-of-malware-galaxy/68750 |
|
| Details | Url | 2 | https://media.defense.gov/2018/sep/18/2002041658/-1/-1/1/cyber_strategy_summary_final.pdf |
|
| Details | Url | 2 | https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html |
|
| Details | Url | 2 | https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html |
|
| Details | Url | 1 | https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors |
|
| Details | Url | 2 | https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html |
|
| Details | Url | 3 | https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html |
|
| Details | Url | 3 | https://unit42.paloaltonetworks.com/behind-the-scenes-with-oilrig |
|
| Details | Url | 1 | https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html |
|
| Details | Url | 2 | https://unit42.paloaltonetworks.com/unit42-muddying-the-water-targeted-attacks-in-the-middle-east |
|
| Details | Url | 1 | https://ti.qianxin.com/blog/articles/apt-organization-muddywater-new-weapon-muddyc3-code-leak-and-analysis |
|
| Details | Url | 2 | https://hack2interesting.com/iranian-cyber-espionage-apt33 |
|
| Details | Url | 2 | https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia |
|
| Details | Url | 6 | https://securelist.com/operation-shadowhammer/89992 |
|
| Details | Url | 5 | https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage |
|
| Details | Url | 2 | https://www.wired.com/story/triton-hackers-scan-us-power-grid |
|
| Details | Url | 1 | https://www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html |
|
| Details | Url | 1 | https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments |
|
| Details | Url | 1 | https://www.eff.org/files/2015/01/27/20150117-spiegel-overview_of_methods_for_nsa_integrated_cyber_operations_0.pdf |
|
| Details | Url | 1 | https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers |