Bluepurple Pulse: week ending July 9th
Tags
country: Albania Australia Canada China North Korea India Ireland Iran Kazakhstan Poland Russia Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Models Applescript - T1059.002 Artificial Intelligence - T1588.007 Confluence - T1213.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Html Smuggling - T1027.006 Ip Addresses - T1590.005 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Remote Desktop Protocol - T1021.001 Sharepoint - T1213.002 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Applescript - T1155 Remote Desktop Protocol - T1076
Show in Graph
Common Information
Type Value
UUID 6e3b3ea1-de0b-4997-9d7d-6f6dbcd55c0f
Fingerprint e581991fa4238fd8
Analysis status DONE
Considered CTI value 2
Text language
Published July 9, 2023, midnight
Added to db July 9, 2023, 9:32 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Cyber Defence Analysis for Blue & Purple Teams
Title Bluepurple Pulse: week ending July 9th
Detected Hints/Tags/Attributes 201/3/61
Source URLs
Redirection Url
Details Source https://bluepurple.binaryfirefly.com/p/bluepurple-pulse-week-ending-july-2b5
URL Provider
Details Provider Source level domain
Details binaryfirefly.com bluepurple.binaryfirefly.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 76 Cyber Defence Analysis for Blue & Purple Teams https://bluepurple.binaryfirefly.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CERT Ukraine 19 
UAC-0028
Details CVE 29 
cve-2022-31199
Details CVE 4 
cve-2023-0458
Details CVE 2 
cve-2023-0459
Details Domain 49 
ukr.net
Details Domain 287 
yahoo.com
Details Domain 83 
cert.gov.ua
Details Domain 141 
research.checkpoint.com
Details Domain 7 
intrusiontruth.wordpress.com
Details Domain 21 
lab52.io
Details Domain 19 
www.huntress.com
Details Domain 4127 
github.com
Details Domain 154 
arxiv.org
Details Domain 1 
blog.nathanmcnulty.com
Details Domain 170 
www.sans.org
Details Domain 1 
ris.utwente.nl
Details Domain 38 
community.progress.com
Details Domain 1 
redmaple.tech
Details Domain 4 
badoption.eu
Details Domain 1 
kpwn.de
Details Domain 12 
binaryfirefly.com
Details Email 2 
iri_1357@yahoo.com
Details Email 12 
hello@binaryfirefly.com
Details File 4 
detail.html
Details File 1 
thesis_ebook.pdf
Details File 1 
teams3.html
Details File 74 
mstsc.exe
Details File 1 
credentialuibroker.exe
Details Github username 1 
0x534a
Details Github username 1 
f-bader
Details Github username 1 
mastodon
Details Github username 3 
thed1rkmtr
Details Github username 1 
werdhaihai
Details Github username 1 
lem0nsec
Details Github username 30 
google
Details md5 1 
b0ef610dffa854e239fca9475f35272a
Details Threat Actor Identifier - APT 783 
APT28
Details Threat Actor Identifier - APT 166 
APT31
Details Threat Actor Identifier - APT 665 
APT29
Details Url 5 
https://cert.gov.ua/article/5105791
Details Url 2 
https://cert.gov.ua/article/5077168
Details Url 4 
https://research.checkpoint.com/2023/chinese-threat-actors-targeting-europe-in-smugx-campaign
Details Url 1 
https://intrusiontruth.wordpress.com/2023/07/04/wuhan-xiaoruizhi-class-of-19
Details Url 3 
https://lab52.io/blog/beyond-appearances-unknown-actor-using-apt29s-ttp-against-chinese-users
Details Url 1 
https://www.huntress.com/blog/threat-hunting-for-business-email-compromise-through-user-agents
Details Url 1 
https://github.com/0x534a/dynmx
Details Url 1 
https://arxiv.org/abs/2111.07093
Details Url 1 
https://github.com/f-bader/sentinelarconverter
Details Url 1 
https://blog.nathanmcnulty.com/azure-automation-advanced-auditing
Details Url 1 
https://www.sans.org/blog/google-workspace-log-extraction
Details Url 1 
https://ris.utwente.nl/ws/portalfiles/portal/306181219/thesis_ebook.pdf
Details Url 2 
https://community.progress.com/s/article/moveit-transfer-2020-1-service-pack-july-2023
Details Url 1 
https://github.com/mastodon/mastodon/security/advisories
Details Url 1 
https://redmaple.tech/blogs/2023/extract-bitwarden-vault-passwords
Details Url 1 
https://badoption.eu/blog/2023/06/30/teams3.html
Details Url 1 
https://kpwn.de/2023/06/brute-forcing-one-time-passwords
Details Url 1 
https://github.com/thed1rkmtr/takemyrdp
Details Url 1 
https://github.com/werdhaihai/atlasreaper
Details Url 1 
https://github.com/lem0nsec/shellghost
Details Url 1 
https://github.com/google/security-research/tree/master/pocs/cpus/spectre-gadgets
Details Url 1 
https://arxiv.org/abs/2306.10998