ioc[.]one - OSINT Cyber Threat Intelligence Database

每周高级威胁情报解读(2024.12.06~12.12)

Tags

country:	Russia Ukraine
attack-pattern:	Applescript - T1059.002 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Software - T1592.002 Visual Basic - T1059.005 Applescript - T1155 Mshta - T1170 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	640f1e80-bfff-4c4c-9180-6e77a13b6778
Fingerprint	8cce02de77b61c6b
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 6, 2024, midnight
Added to db	Dec. 13, 2024, 12:14 p.m.
Last updated	Dec. 18, 2024, 3:10 p.m.
Headline	每周高级威胁情报解读(2024.12.06~12.12)
Title	每周高级威胁情报解读(2024.12.06~12.12)
Detected Hints/Tags/Attributes	74/2/50

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247513364&idx=1&sn=5005a5941edb54507003f479f430fa53&chksm=ea664263dd11cb75d776ce49889a5ac4d98f471e4210cc42c5983a6068089e5d5a45f4e66639&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	267	✔	奇安信威胁情报中心	https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CERT Ukraine	8	UAC-0185
Details	CVE	13	cve-2024-11477
Details	Domain	227	mp.weixin.qq.com
Details	Domain	552	www.recordedfuture.com
Details	Domain	20	trycloudflare.com
Details	Domain	2	analyzev.oss-cn-beijing.aliyuncs.com
Details	Domain	19	www.zimperium.com
Details	Domain	7	claroty.com
Details	Domain	57	cyble.com
Details	Domain	12	doc.zip
Details	Domain	85	cert.gov.ua
Details	Domain	14	securelist.ru
Details	Domain	13	www.gdatasoftware.com
Details	Domain	6	blog.xlab.qianxin.com
Details	File	1	56-27-11875.rar
Details	File	496	mshta.exe
Details	File	9	doc.zip
Details	File	2226	cmd.exe
Details	File	3	front.png
Details	File	3	main.bat
Details	File	181	update.exe
Details	File	1	如safestore.dll
Details	File	5	techsys.dll
Details	File	8	1cv8.exe
Details	File	3	c:\windows\system32\drivers\ws3ifsl.sys
Details	File	2	c:\programdata\microsoft\windows\eventstore.dat
Details	File	6	blog.xla
Details	File	1	0检测率的恶意php文件init_task.txt
Details	IPv4	5	80.67.167.81
Details	IPv4	6	45.10.247.152
Details	IPv4	6	172.247.127.210
Details	Threat Actor Identifier - APT-C	26	APT-C-08
Details	Url	1	https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine
Details	Url	1	https://security.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware
Details	Url	1	https://www.bleepingcomputer.com/news/security/radiant-links-50-million-crypto-heist-to-north-korean-hackers
Details	Url	1	https://mp.weixin.qq.com/s/eudqdzm0ra5q_ebeoiws8g
Details	Url	1	https://www.recordedfuture.com/research/bluealpha-abuses-cloudflare-tunneling-service
Details	Url	2	https://mp.weixin.qq.com/s/qqw1dxe25gkz_p8pepvahg
Details	Url	2	https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices
Details	Url	1	https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol
Details	Url	2	https://cyble.com/blog/head-mare-deploys-phantomcore-against-russia
Details	Url	1	https://cert.gov.ua/article/6281632
Details	Url	2	https://cyble.com/blog/russian-hacktivists-target-energy-and-water-infrastructure
Details	Url	1	https://mp.weixin.qq.com/s/bgyxau0mn8wjkfuq_atc-g
Details	Url	1	https://www.rapid7.com/blog/post/2024/12/04/black-basta-ransomware-campaign-drops-zbot-darkgate-and-custom-malware
Details	Url	1	https://securelist.ru/redline-stealer-in-activators-for-business-software/111241
Details	Url	1	https://www.gdatasoftware.com/blog/2024/12/38091-analysis-fk-undead
Details	Url	2	https://blog.xlab.qianxin.com/glutton_stealthily_targets_mainstream_php_frameworks
Details	Url	1	https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2024-11477-7-zip-flaw-allows-remote-code-execution
Details	Url	2	https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch