ioc[.]one - OSINT Cyber Threat Intelligence Database

每周高级威胁情报解读（2023.03.02～03.09）

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Bootkit - T1542.003 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Vulnerabilities - T1588.006 Bootkit - T1067 Mshta - T1170 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	56fd9dcb-2420-44fd-95b2-6be92687fb30
Fingerprint	80a4fe74b3d65ef3
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 2, 2023, midnight
Added to db	April 20, 2023, 12:45 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	每周高级威胁情报解读（2023.03.02～03.09）
Title	每周高级威胁情报解读（2023.03.02～03.09）
Detected Hints/Tags/Attributes	49/2/43

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247505580&idx=1&sn=ed1d37ed4a9b25c8501cdffe00677a67&chksm=ea6621dbdd11a8cdf0e6d35f2112f9132b7a90b8203cdbf59e0e1e150f694dcbe409bb057e4e&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	267	✔	奇安信威胁情报中心	https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	208	mp.weixin.qq.com
Details	Domain	189	asec.ahnlab.com
Details	Domain	18	www.cadosecurity.com
Details	Domain	87	booking.com
Details	Domain	31	blog.morphisec.com
Details	Domain	8	www.metabaseq.com
Details	Domain	13	blog.lumen.com
Details	Domain	124	www.sentinelone.com
Details	Domain	262	www.welivesecurity.com
Details	Domain	65	blog.cyble.com
Details	Domain	10	salt.security
Details	File	48	1.html
Details	File	1	dovlet_proqram13062022.rar
Details	File	478	lsass.exe
Details	File	1	managed-xdr-exposes-spear-phishing-campaign-targeting-hospitalit.html
Details	File	3	christian-robinson-route.jpg
Details	File	38	7.exe
Details	File	3	ferriteswarmed.exe
Details	IPv4	3	45.93.201.62
Details	Threat Actor Identifier - APT-C	14	APT-C-56
Details	Threat Actor Identifier - APT	121	APT36
Details	Threat Actor Identifier - APT	277	APT37
Details	Url	3	https://mp.weixin.qq.com/s/iagumg7umdfcb96hyhqrdw
Details	Url	1	https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/?web_view=true
Details	Url	5	https://mp.weixin.qq.com/s/lvsragnmsl3a1jeuubuvyw
Details	Url	1	https://asec.ahnlab.com/ko/48764
Details	Url	2	https://mp.weixin.qq.com/s/doq5ka7mwqcdg2x_ngboea
Details	Url	1	https://docs.az-link.email/dovlet_proqram13062022.rar
Details	Url	1	https://mp.weixin.qq.com/s/dn-0e5k3d6ybzheps9zung
Details	Url	1	https://www.bitdefender.com/blog/hotforsecurity/bitdefender-labs-warns-of-fresh-phishing-campaign-that-uses-copycat-chatgpt-platform-to-swindle-eager-investors
Details	Url	1	https://www.fortinet.com/blog/threat-research/just-because-its-old-doesnt-mean-you-throw-it-away-including-malware
Details	Url	1	https://www.esentire.com/blog/hackers-attack-employees-from-six-law-firms-with-the-gootloader-and-socgholish-malware-using-fake-legal-agreements-and-malicious-watering-hole-s-reports-esentire
Details	Url	2	https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service
Details	Url	1	https://www.trendmicro.com/en_us/research/23/c/managed-xdr-exposes-spear-phishing-campaign-targeting-hospitalit.html
Details	Url	3	http://45.93.201.62/docs
Details	Url	2	https://blog.morphisec.com/sys01stealer-facebook-info-stealer
Details	Url	1	https://www.metabaseq.com/fixs-atms-malware
Details	Url	2	https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims
Details	Url	1	https://blog.cyble.com/2023/03/06/imbetter-new-information-stealer-spotted-targeting-cryptocurrency-users
Details	Url	1	https://www.sentinelone.com/blog/dbatloader-and-remcos-rat-sweep-eastern-europe
Details	Url	3	https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed
Details	Url	1	https://blog.cyble.com/2023/03/08/critical-vulnerabilities-in-wago-web-based-management-system
Details	Url	2	https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com