每周高级威胁情报解读(2023.10.13~10.19)
Tags
| cmtmf-attack-pattern: | Masquerading |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Malvertising - T1583.008 Masquerading - T1655 Powershell - T1059.001 Visual Basic - T1059.005 Masquerading - T1036 Powershell - T1086 Masquerading |
Common Information
| Type | Value |
|---|---|
| UUID | 4b0ba06d-7acf-4e83-a33d-02b74d8ec8ce |
| Fingerprint | 9e828d3a4692a627 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 13, 2023, midnight |
| Added to db | Nov. 20, 2023, 12:37 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | 每周高级威胁情报解读(2023.10.13~10.19) |
| Title | 每周高级威胁情报解读(2023.10.13~10.19) |
| Detected Hints/Tags/Attributes | 41/3/51 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 117 | cve-2023-20198 |
|
| Details | CVE | 53 | cve-2023-42793 |
|
| Details | CVE | 48 | cve-2021-26411 |
|
| Details | Domain | 2 | dobroua.one |
|
| Details | Domain | 3 | dobro.ua |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 3 | aml.slowmist.com |
|
| Details | Domain | 25 | cyble.com |
|
| Details | Domain | 7 | blog.phylum.io |
|
| Details | Domain | 20 | www.wordfence.com |
|
| Details | Domain | 3 | redalerts.me |
|
| Details | File | 1 | discord-i-want-to-play-a-game.html |
|
| Details | File | 1 | 安全人员在受害主机上发现了一个名为hwp.bat |
|
| Details | File | 1 | 随后攻击者使用k.ps1 |
|
| Details | File | 1 | 和onenote.vbs |
|
| Details | File | 3 | k.ps1 |
|
| Details | File | 6 | onenote.vbs |
|
| Details | File | 1 | 安全人员还在受害主机上发现了恶意程序pow.ps1 |
|
| Details | File | 7 | pow.ps1 |
|
| Details | File | 1 | 攻击者还安装了一个名为multiple.exe |
|
| Details | File | 1 | 然后授予修改负责rdp服务的termsrv.dll |
|
| Details | File | 1 | 将termsrv.dll |
|
| Details | File | 1 | 并将%appdata%路径中已存在的修复了多会话功能的termsrv.dll |
|
| Details | File | 1 | looking-into-tuts-tomb-the-universe-of-threats-in-latam.pdf |
|
| Details | File | 3 | void-rabisu-targets-female-leaders-with-new-romcom-variant.html |
|
| Details | File | 1 | darkgate-opens-organizations-for-attack-via-skype-teams.html |
|
| Details | Pdb | 1 | dll文件的名称更改为termsrv.pdb |
|
| Details | Url | 2 | https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability |
|
| Details | Url | 1 | https://www.trellix.com/en-au/about/newsroom/stories/research/discord-i-want-to-play-a-game.html |
|
| Details | Url | 2 | https://asec.ahnlab.com/ko/57748 |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/bssmrqfqz-2llhd3rofrvw |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/bxvgdeevomumgokwtisqxg |
|
| Details | Url | 1 | https://www.virusbulletin.com/uploads/pdf/conference/vb2023/papers/looking-into-tuts-tomb-the-universe-of-threats-in-latam.pdf |
|
| Details | Url | 3 | https://securelist.com/updated-mata-attacks-industrial-companies-in-eastern-europe/110829 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/jy_ivqxb3qlgsaxapvxc5a |
|
| Details | Url | 1 | https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/n5qej-9dbsopwhxpsa-93q |
|
| Details | Url | 1 | https://aml.slowmist.com/events/monkey_drainer_statistics |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/mkdrgvnjfoud4v1tc47pxq |
|
| Details | Url | 3 | https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html |
|
| Details | Url | 1 | https://cyble.com/blog/agenttesla-spreads-through-chm-and-pdf-files-in-recent-attacks |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/ryezejufgnlrpomeyf9uhq |
|
| Details | Url | 1 | https://blog.phylum.io/phylum-discovers-seroxen-rat-in-typosquatted-nuget-package |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html |
|
| Details | Url | 1 | https://www.wordfence.com/blog/2023/10/backdoor-masquerading-as-legitimate-plugin |
|
| Details | Url | 1 | https://www.sentinelone.com/blog/dark-angels-esxi-ransomware-borrows-code-victimology-from-ragnarlocker |
|
| Details | Url | 2 | https://blog.cloudflare.com/malicious-redalert-rocket-alerts-application-targets-israeli-phone-calls-sms-and-user-information |
|
| Details | Url | 2 | https://redalerts.me |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/dxp4qqdmfqny-cprxe7tlq |