ioc[.]one - OSINT Cyber Threat Intelligence Database

每周高级威胁情报解读(2023.09.01~09.07)

Tags

attack-pattern:

Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Ssh - T1021.004 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	63bca997-9e47-4fc9-89e5-2529c1abce79
Fingerprint	caa8ac16f594e346
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 1, 2023, midnight
Added to db	Nov. 6, 2023, 8:08 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	每周高级威胁情报解读(2023.09.01~09.07)
Title	每周高级威胁情报解读(2023.09.01~09.07)
Detected Hints/Tags/Attributes	49/1/46

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247508039&idx=1&sn=091cfbf3415c3cb8d94276f731fbea7d&chksm=ea665730dd11de264cbe8ab92d50efea864566a5be174e1006b6117d970e67603efe56cc34f9&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	267	✔	奇安信威胁情报中心	https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	3	cve-2023-28434
Details	CVE	375	cve-2017-11882
Details	Domain	84	www.zscaler.com
Details	Domain	189	asec.ahnlab.com
Details	Domain	208	mp.weixin.qq.com
Details	Domain	469	www.cisa.gov
Details	Domain	45	www.reversinglabs.com
Details	Domain	11	interlab.or.kr
Details	Domain	101	www.group-ib.com
Details	Domain	20	www.seqrite.com
Details	Domain	45	source.android.com
Details	File	674	node.js
Details	File	1	包括一个autoit3.exe
Details	File	1	会生成一个explorer.exe
Details	File	1	icymi-emotet-reappeared-early-this-year-unfortunately.html
Details	File	1	攻击者通过创建虚假浏览器更新页面诱导用户下载了一个名为chromesetup.exe
Details	File	1	dropper将写入合法的vmwarehostopen.exe
Details	File	1	文件vmtools.dll
Details	File	1	合法的vmwarehostopen.exe
Details	File	1	则会从执行vmwarehostopen.exe
Details	File	1	的同一目录加载恶意的vmtools.dll
Details	File	1	analyzing-a-facebook-profile-stealer-written-in-node-js.html
Details	File	1	它是用node.js
Details	Threat Actor Identifier - APT-Q	1	APT-Q-40
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	4	https://www.zscaler.com/blogs/security-research/steal-it-campaign
Details	Url	2	https://asec.ahnlab.com/ko/56654
Details	Url	2	https://mp.weixin.qq.com/s/6bicahgymobqmxnm27nnaq
Details	Url	2	https://www.cisa.gov/news-events/analysis-reports/ar23-243a
Details	Url	2	https://mp.weixin.qq.com/s/vcgi3ftr4lwxpwzf5eulia
Details	Url	3	https://asec.ahnlab.com/en/56405
Details	Url	4	https://www.reversinglabs.com/blog/vmconnect-supply-chain-campaign-continues
Details	Url	2	https://interlab.or.kr/archives/19416
Details	Url	1	https://www.trellix.com/en-us/about/newsroom/stories/research/icymi-emotet-reappeared-early-this-year-unfortunately.html
Details	Url	1	https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services
Details	Url	1	https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware
Details	Url	1	https://blog.eclecticiq.com/decrypting-key-group-ransomware-emerging-financially-motivated-cyber-crime-gang
Details	Url	1	https://mp.weixin.qq.com/s/l1mdq3nu3bi6bfzx9pjduw
Details	Url	1	https://www.group-ib.com/blog/classiscam-2023
Details	Url	1	https://www.seqrite.com/blog/new-warp-malware-drops-modified-stealerium-infostealer
Details	Url	2	https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers
Details	Url	1	https://www.trendmicro.com/en_us/research/23/i/analyzing-a-facebook-profile-stealer-written-in-node-js.html
Details	Url	1	https://www.fortinet.com/blog/threat-research/agent-tesla-variant-spread-by-crafted-excel-document
Details	Url	1	https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers
Details	Url	1	https://research.checkpoint.com/2023/from-hidden-bee-to-rhadamanthys-the-evolution-of-custom-executable-formats
Details	Url	1	https://source.android.com/docs/security/bulletin/2023-09-01