每周高级威胁情报解读(2024.10.25~10.31)
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 6192629e-2ad7-4533-b103-6cc6d7c3ca7c |
| Fingerprint | 26a5e1ffbf0440f7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 25, 2024, midnight |
| Added to db | Nov. 1, 2024, 1:18 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | 每周高级威胁情报解读(2024.10.25~10.31) |
| Title | 每周高级威胁情报解读(2024.10.25~10.31) |
| Detected Hints/Tags/Attributes | 58/3/55 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT Ukraine | 40 | UAC-0050 |
|
| Details | CVE | 17 | cve-2020-3837 |
|
| Details | CVE | 84 | cve-2024-40766 |
|
| Details | CVE | 10 | cve-2024-50550 |
|
| Details | CVE | 21 | cve-2024-28000 |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 72 | aws.amazon.com |
|
| Details | Domain | 16 | www.safebreach.com |
|
| Details | Domain | 83 | cert.gov.ua |
|
| Details | Domain | 8 | qaz.im |
|
| Details | Domain | 4 | qaz.is |
|
| Details | Domain | 4 | qaz.su |
|
| Details | Domain | 17 | www.threatfabric.com |
|
| Details | Domain | 101 | www.elastic.co |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | File | 2 | hajj_advisory.rar |
|
| Details | File | 1 | 解压后得到hajj_advisory.pdf |
|
| Details | File | 1 | 接着将其apple数据流写入mapistub.dll |
|
| Details | File | 1 | 将banana数据流写入file.pdf |
|
| Details | File | 1 | c:\windows\system32\fixmapi.exe |
|
| Details | File | 1 | 到mapistub.dll |
|
| Details | File | 3 | blueapple.exe |
|
| Details | File | 8 | mapistub.dll |
|
| Details | File | 4 | securitylabs.dat |
|
| Details | File | 72 | www.safe |
|
| Details | File | 30 | ci.dll |
|
| Details | File | 3 | dps_tax_gov_ua_0739220983.rar |
|
| Details | File | 4 | service.pdf |
|
| Details | File | 61 | __init__.py |
|
| Details | File | 1 | 将解密的文件放入praxisbackup.exe |
|
| Details | File | 1 | 保存为pay.exe |
|
| Details | Mandiant Uncategorized Groups | 25 | UNC5812 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Url | 3 | https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files |
|
| Details | Url | 1 | https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives |
|
| Details | Url | 1 | https://asec.ahnlab.com/ko/84066 |
|
| Details | Url | 3 | https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/qi1krfg75sxqo6dss3b3eq |
|
| Details | Url | 1 | https://aws.amazon.com/cn/blogs/security/amazon-identified-internet-domains-abused-by-apt29 |
|
| Details | Url | 1 | https://securitylabs.datadoghq.com/articles/tenacious-pungsan-dprk-threat-actor-contagious-interview |
|
| Details | Url | 2 | https://www.safebreach.com/blog/update-on-windows-downdate-downgrade-attacks |
|
| Details | Url | 2 | https://cert.gov.ua/article/6281202 |
|
| Details | Url | 1 | https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages |
|
| Details | Url | 1 | https://checkmarx.com/blog/cryptocurrency-enthusiasts-targeted-in-multi-vector-supply-chain-attack |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/fvaqqkidddey_qibult3rg |
|
| Details | Url | 2 | https://www.threatfabric.com/blogs/lightspy-implant-for-ios |
|
| Details | Url | 1 | https://www.elastic.co/security-labs/katz-and-mouse-game |
|
| Details | Url | 1 | https://www.welivesecurity.com/en/eset-research/embargo-ransomware-rocknrust |
|
| Details | Url | 1 | https://arcticwolf.com/resources/blog/arctic-wolf-labs-observes-increased-fog-and-akira-ransomware-activity-linked-to-sonicwall-ssl-vpn |
|
| Details | Url | 1 | https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware |
|
| Details | Url | 1 | https://patchstack.com/articles/rare-case-of-privilege-escalation-patched-in-litespeed-cache-plugin |
|
| Details | Url | 1 | https://www.securityweek.com/apple-patches-over-70-vulnerabilities-across-ios-macos-other-products |
|
| Details | Windows Registry Key | 18 | HKCU\SOFTWARE\Microsoft\Windows |