每周高级威胁情报解读(2023.11.03~11.09)
Tags
country: Poland
attack-pattern: Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Connection Proxy - T1090 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 62017aaf-14df-4855-9340-1c10ceb77ee9
Fingerprint e600c812b3135c46
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 3, 2023, midnight
Added to db Nov. 20, 2023, 12:37 a.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline 每周高级威胁情报解读(2023.11.03~11.09)
Title 每周高级威胁情报解读(2023.11.03~11.09)
Detected Hints/Tags/Attributes 56/2/47
Source URLs
Redirection Url
Details Source https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247508688&idx=1&sn=b6832a381d8d49272c14488f2a33cc4d&chksm=ea6655a7dd11dcb1c985916b297d7c43dfa2138f351f055fbc74e96d8bac12afd9d0b265b76b&scene=58&subscene=0#rd
URL Provider
Details Provider Source level domain
Details qq.com mp.weixin.qq.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 267 奇安信威胁情报中心 https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 84 
cve-2023-46604
Details CVE 26 
cve-2023-36563
Details CVE 35 
cve-2023-4911
Details Domain 224 
unit42.paloaltonetworks.com
Details Domain 208 
mp.weixin.qq.com
Details Domain 26 
www.jamf.com
Details Domain 17 
www.deepinstinct.com
Details Domain 101 
www.elastic.co
Details Domain 37 
blogs.vmware.com
Details Domain 15 
blog.aquasec.com
Details Domain 403 
securelist.com
Details Domain 103 
www.mcafee.com
Details Domain 25 
cyble.com
Details Domain 189 
asec.ahnlab.com
Details File 1 
jupyter-rising-an-update-on-jupyter-infostealer.html
Details File 1 
双击安装.exe
Details File 1 
运行后释放pro.exe
Details File 1 
和dess.exe
Details File 1 
其中pro.exe
Details File 1 
dess.exe
Details File 72 
regsvcs.exe
Details File 1 
勒索信以info.txt
Details IPv4 3 
45.32.120.181
Details IPv4 7 
172.245.16.125
Details Threat Actor Identifier - APT 121 
APT36
Details Url 3 
https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors
Details Url 1 
https://mp.weixin.qq.com/s/ic7wnuwa1oiyi1w74-k52w
Details Url 4 
https://mp.weixin.qq.com/s/iwx2tgclor0jtdbnc3fowq
Details Url 6 
https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware
Details Url 4 
https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdoor
Details Url 1 
https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-day-and-linux-variant-of-ares-rat
Details Url 3 
https://www.sentinelone.com/labs/arid-viper-apts-nest-of-spyc23-malware-continues-to-target-android-devices
Details Url 3 
https://www.deepinstinct.com/blog/muddywater-en-able-spear-phishing-with-new-ttps
Details Url 5 
https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn
Details Url 4 
https://mp.weixin.qq.com/s/f6t_zqhylcdcjzrhihdxfa
Details Url 1 
https://mp.weixin.qq.com/s/ogy_2v6mxb0dllb2wvdewg
Details Url 1 
https://blogs.vmware.com/security/2023/11/jupyter-rising-an-update-on-jupyter-infostealer.html
Details Url 1 
https://arcticwolf.com/resources/blog/tellmethetruth-exploitation-of-cve-2023-46604-leading-to-ransomware
Details Url 2 
https://blog.aquasec.com/loony-tunables-vulnerability-exploited-by-kinsing
Details Url 1 
https://securelist.com/spyware-whatsapp-mod/110984
Details Url 1 
https://mp.weixin.qq.com/s/m5rckv-dh_t9dext0f307g
Details Url 1 
https://mp.weixin.qq.com/s/pqzfqtvzoeyosqqnc_qfua
Details Url 1 
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/unmasking-asyncrat-new-infection-chain
Details Url 1 
https://www.bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey
Details Url 1 
https://cyble.com/blog/new-java-based-sayler-rat-targets-polish-speaking-users
Details Url 1 
https://asec.ahnlab.com/ko/58511
Details Url 1 
https://mp.weixin.qq.com/s/ih0f2thk4lnshfmxxrquga