每周高级威胁情报解读(2024.09.06~09.12)
Tags
| attack-pattern: | Credentials - T1589.001 Javascript - T1059.007 Mshta - T1218.005 Python - T1059.006 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Ssh - T1021.004 Mshta - T1170 |
Common Information
| Type | Value |
|---|---|
| UUID | 480a80b4-0d44-4084-8032-bcbf331081b4 |
| Fingerprint | bd49519655a2e9fb |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Sept. 6, 2024, midnight |
| Added to db | Sept. 13, 2024, 2:42 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | 每周高级威胁情报解读(2024.09.06~09.12) |
| Title | 每周高级威胁情报解读(2024.09.06~09.12) |
| Detected Hints/Tags/Attributes | 52/1/35 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 84 | cve-2024-40766 |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 25 | cyble.com |
|
| Details | Domain | 15 | trycloudflare.com |
|
| Details | Domain | 101 | www.group-ib.com |
|
| Details | Domain | 23 | paper.seebug.org |
|
| Details | Domain | 8 | www.kaspersky.ru |
|
| Details | Domain | 58 | blog.sekoia.io |
|
| Details | Domain | 13 | www.reliaquest.com |
|
| Details | File | 3 | 例如类型3种的crypt86.dat |
|
| Details | File | 4 | 和profapii.dat |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 1 | 诱骗求职者下载并运行包含beavertail恶意软件的node.js |
|
| Details | File | 14 | veriti.ai |
|
| Details | File | 1 | 例如.sldprt |
|
| Details | File | 35 | securityonline.inf |
|
| Details | File | 256 | net.exe |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/qsgzog-0rzfxen4hfj9rlw |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024 |
|
| Details | Url | 1 | https://asec.ahnlab.com/ko/83026 |
|
| Details | Url | 1 | https://cyble.com/blog/gamaredons-spear-phishing-assault-on-ukraines-military |
|
| Details | Url | 2 | https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar |
|
| Details | Url | 2 | https://www.group-ib.com/blog/apt-lazarus-python-scripts |
|
| Details | Url | 1 | https://paper.seebug.org/3226 |
|
| Details | Url | 1 | https://veriti.ai/blog/exposed-onlyfans-hack-gone-wrong-how-cyber-criminals-turn-into-victims-overnight |
|
| Details | Url | 1 | https://www.kaspersky.ru/blog/librarian-ghouls-cad-formats/38199 |
|
| Details | Url | 2 | https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts |
|
| Details | Url | 1 | https://www.group-ib.com/blog/pluggable-authentication-module |
|
| Details | Url | 1 | https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets |
|
| Details | Url | 1 | https://securityonline.info/cybervolk-ransomware-a-new-and-evolving-threat-to-global-cybersecurity |
|
| Details | Url | 1 | https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition |
|
| Details | Url | 1 | https://www.reliaquest.com/blog/inc-ransom-attack-analysis-extortion-methodologies |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/7prunfkrilmivn-fu7dekg |