每周高级威胁情报解读(2023.05.25~06.01)
Tags
| country: | Colombia Portugal Russia |
| attack-pattern: | Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Ssh - T1021.004 Rootkit - T1014 Rootkit |
Common Information
| Type | Value |
|---|---|
| UUID | 5cb4a36b-49ae-432f-9750-f1fb83fa7fa1 |
| Fingerprint | 91b9fddbdf2677c1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 25, 2023, midnight |
| Added to db | June 5, 2023, 2:21 p.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | 每周高级威胁情报解读(2023.05.25~06.01) |
| Title | 每周高级威胁情报解读(2023.05.25~06.01) |
| Detected Hints/Tags/Attributes | 62/2/48 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 51 | cve-2023-33246 |
|
| Details | CVE | 4 | cve-2023-27076 |
|
| Details | CVE | 5 | cve-2023-26801 |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 22 | www.genians.co.kr |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 101 | www.group-ib.com |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 35 | www.akamai.com |
|
| Details | Domain | 72 | symantec-enterprise-blogs.security.com |
|
| Details | Domain | 65 | blog.cyble.com |
|
| Details | Domain | 71 | blogs.jpcert.or.jp |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 19 | cybersecurity.att.com |
|
| Details | File | 128 | w3wp.exe |
|
| Details | File | 2 | 原始名称为olemapi32.dll |
|
| Details | File | 4 | void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html |
|
| Details | File | 3 | gobrat.html |
|
| Details | File | 1 | new-info-stealer-bandit-stealer-targets-browsers-wallets.html |
|
| Details | File | 2 | investigating-blacksuit-ransomwares-similarities-to-royal.html |
|
| Details | Threat Actor Identifier - APT-C | 16 | APT-C-09 |
|
| Details | Threat Actor Identifier - APT-Q | 11 | APT-Q-36 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/wu0vnmcf-fqyxibkzfzaew |
|
| Details | Url | 3 | https://www.genians.co.kr/blog/threat_intelligence_report_apt37 |
|
| Details | Url | 5 | https://asec.ahnlab.com/en/53132 |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/h-zrvcofbzwz8ikyn5vu4w |
|
| Details | Url | 2 | https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-organizations |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/dhqj9-0qlwvsqyh_ugdw2g |
|
| Details | Url | 1 | https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/analyzing-the-ntc-vulkan-leak-what-it-says-about-russias-cyber-capabilities |
|
| Details | Url | 3 | https://www.group-ib.com/blog/dark-pink-episode-2 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/uyunrranpz2_gfe5ac0lmg |
|
| Details | Url | 1 | https://blog.cyble.com/2023/05/30/bl00dy-ransomware-targets-indian-university-actively-exploiting-papercut-vulnerability |
|
| Details | Url | 4 | https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html |
|
| Details | Url | 3 | https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response |
|
| Details | Url | 1 | https://www.sentinelone.com/labs/operation-magalenha-long-running-campaign-pursues-portuguese-credentials-and-pii |
|
| Details | Url | 1 | https://www.akamai.com/blog/security-research/dark-frost-botnet-unexpected-author-profile |
|
| Details | Url | 2 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware |
|
| Details | Url | 1 | https://blog.cyble.com/2023/05/31/evolving-threat-landscape-of-hacktivism-in-colombia |
|
| Details | Url | 1 | https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries |
|
| Details | Url | 1 | https://blog.cyble.com/2023/05/30/pixbankbot-new-ats-based-malware-poses-threat-to-the-brazilian-banking-sector |
|
| Details | Url | 2 | https://blogs.jpcert.or.jp/en/2023/05/gobrat.html |
|
| Details | Url | 2 | https://unit42.paloaltonetworks.com/mirai-variant-iz1h9 |
|
| Details | Url | 1 | https://asec.ahnlab.com/en/53267 |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/23/e/new-info-stealer-bandit-stealer-targets-browsers-wallets.html |
|
| Details | Url | 2 | https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html |
|
| Details | Url | 1 | https://cybersecurity.att.com/blogs/labs-research/seroxen-rat-for-sale |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/fz3nyr8ynqwhn1pv_dmtyg |