ioc[.]one - OSINT Cyber Threat Intelligence Database

奇安信威胁情报中心

Tags

country:	Argentina Brazil Switzerland Germany India Indonesia Iraq Sweden Lithuania Poland Singapore Turkey Romania Russia Vietnam Ukraine United States Of America
attack-pattern:	Data Firmware - T1592.003 Social Media - T1593.001

Show in Graph

Common Information

Type	Value
UUID	60cfcb37-b2a8-4190-92ce-ec17c7093804
Fingerprint	ac9d19c3ea45ae85
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 29, 2022, midnight
Added to db	June 1, 2023, 10:51 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	UNKNOWN
Title	奇安信威胁情报中心
Detected Hints/Tags/Attributes	60/2/40

Source URLs

	Redirection	Url
Details	Source	https://ti.qianxin.com/blog/articles/Analysis-of-In-the-wild-Attack-Samples-Exploiting-Outlook-Privilege-Escalation-Vulnerability-(CVE-2023-23397)-EN/

URL Provider

Details	Provider	Source level domain
Details	qianxin.com	ti.qianxin.com

Attributes

Details	Type	#Events	Value
Details	CVE	176	cve-2023-23397
Details	CVE	2	cve-2021-22909
Details	Domain	2	wizzsolutions.com
Details	Domain	2	www.stm.com.tr
Details	Domain	4	globalnewsnew.com
Details	Domain	5	ceriossl.info
Details	Domain	3	dmsu.gov.ua
Details	Domain	5	sourcescdn.net
Details	Domain	17	sandbox.ti.qianxin.com
Details	Domain	452	msrc.microsoft.com
Details	Email	1	palamarchuk@dmsu.gov.ua
Details	File	49	nuxt.js
Details	File	5	www.stm
Details	File	4	лист.eml
Details	File	3	ceriossl.inf
Details	md5	3	2bb4c6b32d077c0f80cda1006da90365
Details	md5	3	9f4172d554bb9056c8ba28e32c606b1e
Details	md5	3	3d4362e8fe86d2f33acb3e15f1dad341
Details	md5	2	e6efaabb01e028ef61876dd129e66bac
Details	IPv4	7	113.160.234.229
Details	IPv4	7	5.199.162.132
Details	IPv4	4	77.243.181.10
Details	IPv4	4	45.138.87.250
Details	IPv4	7	101.255.119.42
Details	IPv4	2	5.199.162.13
Details	IPv4	7	213.32.252.221
Details	IPv4	7	168.205.200.55
Details	IPv4	7	185.132.17.160
Details	IPv4	4	69.162.253.21
Details	IPv4	6	181.209.99.204
Details	IPv4	4	82.196.113.102
Details	IPv4	6	85.195.206.7
Details	IPv4	5	61.14.68.33
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	2	https://www.stm.com.tr/tr
Details	Url	44	https://sandbox.ti.qianxin.com/sandbox/page
Details	Url	5	https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-23397
Details	Url	2	https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-zero-day-used-by-russian-hackers-since-april-2022
Details	Url	4	https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability
Details	Url	2	https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397