ioc[.]one - OSINT Cyber Threat Intelligence Database

Bluepurple Pulse: week ending October 8th

Tags

cmtmf-attack-pattern:	Masquerading
country:	Australia Belgium China North Korea Netherlands France Greece Guyana Hong Kong Iran Japan Saudi Arabia Spain Seychelles Singapore Taiwan Ukraine United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Models Artificial Intelligence - T1588.007 Confluence - T1213.001 Credentials - T1589.001 Dll Side-Loading - T1574.002 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Mshta - T1218.005 Ntds - T1003.003 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Social Media - T1593.001 Social Media Accounts - T1585.001 Social Media Accounts - T1586.001 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Dll Side-Loading - T1073 Masquerading - T1036 Mshta - T1170 Powershell - T1086 Masquerading

Show in Graph

Common Information

Type	Value
UUID	4c115704-dedd-4361-928a-3b72aed4e08c
Fingerprint	2521899101b3b789
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 6, 2023, midnight
Added to db	Aug. 31, 2024, 1:23 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Cyber Defence Analysis for Blue & Purple Teams
Title	Bluepurple Pulse: week ending October 8th
Detected Hints/Tags/Attributes	207/4/51

Attributes

Details	Type	#Events	Value
Details	File	6	mycv.doc
Details	File	4	apt34-deploys-phishing-attack-with-new-malware.html
Details	File	11	papers.cfm
Details	File	456	mshta.exe
Details	File	1	ziplink.html
Details	Github username	1	pruzko
Details	Github username	4	chocapikk
Details	Github username	4	rickdejager
Details	Github username	1	eunomia-bpf
Details	Threat Actor Identifier - APT	258	APT34
Details	Url	1	https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set
Details	Url	2	https://www.welivesecurity.com/en/eset-research/operation-jacana-spying-guyana-entity
Details	Url	3	https://www.trendmicro.com/en_us/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html
Details	Url	2	https://blog.sekoia.io/active-lycantrox-infrastructure-illumination
Details	Url	1	https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4581208
Details	Url	1	https://www.magnetforensics.com/blog/how-to-detect-blastpass-inside-a-webp-file
Details	Url	3	https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
Details	Url	1	https://kqlquery.com/posts/kql-incident-response
Details	Url	1	https://aws.amazon.com/blogs/security/security-by-design-aws-to-enhance-mfa-requirements-in-2024
Details	Url	1	https://blog.xpnsec.com/dirtynib
Details	Url	1	https://theevilbit.github.io/beyond/beyond_0032
Details	Url	1	https://theevilbit.github.io/beyond
Details	Url	1	https://badoption.eu/blog/2023/09/28/ziplink.html
Details	Url	1	https://github.com/pruzko/hakuin
Details	Url	1	https://www.mandiant.com/resources/blog/time-to-exploit-trends-2021-2022
Details	Url	2	https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server
Details	Url	1	https://github.com/chocapikk/cve-2023-29357
Details	Url	1	https://github.com/rickdejager/cve-2023-4911
Details	Url	1	https://github.com/eunomia-bpf/bpftime
Details	CVE	102	cve-2023-22515
Details	CVE	26	cve-2023-40044
Details	CVE	12	cve-2023-42657
Details	CVE	48	cve-2023-29357
Details	CVE	27	cve-2023-24955
Details	CVE	35	cve-2023-4911
Details	Domain	101	www.elastic.co
Details	Domain	262	www.welivesecurity.com
Details	Domain	604	www.trendmicro.com
Details	Domain	58	blog.sekoia.io
Details	Domain	12	papers.ssrn.com
Details	Domain	6	www.magnetforensics.com
Details	Domain	469	www.cisa.gov
Details	Domain	3	kqlquery.com
Details	Domain	72	aws.amazon.com
Details	Domain	10	blog.xpnsec.com
Details	Domain	3	theevilbit.github.io
Details	Domain	4	badoption.eu
Details	Domain	4127	github.com
Details	Domain	182	www.mandiant.com
Details	Domain	32	ysoserial.net
Details	Domain	63	www.rapid7.com