每周高级威胁情报解读(2023.04.20~04.27)
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 6eed8735-3be2-4fe1-805b-1890f24fa647 |
| Fingerprint | 8da61107dfb6dc0b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 20, 2023, midnight |
| Added to db | June 5, 2023, 2:22 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | 每周高级威胁情报解读(2023.04.20~04.27) |
| Title | 每周高级威胁情报解读(2023.04.20~04.27) |
| Detected Hints/Tags/Attributes | 74/2/59 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 32 | cve-2023-29552 |
|
| Details | CVE | 34 | cve-2017-6742 |
|
| Details | Domain | 13 | threatmon.io |
|
| Details | Domain | 11 | blog.virustotal.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 26 | www.jamf.com |
|
| Details | Domain | 18 | blog.sucuri.net |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 65 | blog.cyble.com |
|
| Details | Domain | 11 | interlab.or.kr |
|
| Details | Domain | 144 | www.fortinet.com |
|
| Details | Domain | 4 | evilextractor.com |
|
| Details | Domain | 5 | appcisco.com |
|
| Details | Domain | 71 | blogs.jpcert.or.jp |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | File | 4 | apt43-investigation-into-north-korean.html |
|
| Details | File | 1 | massive-abuse-of-abandoned-evalphp-wordpress-plugin.html |
|
| Details | File | 1 | attackers-use-containers-for-profit-via-trafficstealer.html |
|
| Details | File | 10 | blogs.inf |
|
| Details | File | 3 | s.apk |
|
| Details | File | 5 | cisco-anyconnect-4_9_0195.msi |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 1 | parallax-rat.html |
|
| Details | File | 2 | vipersoftx-updates-encryption-steals-data.html |
|
| Details | Interlab Threat Numbers | 6 | UCID902 |
|
| Details | Mandiant Uncategorized Groups | 59 | UNC4736 |
|
| Details | Threat Actor Identifier - APT-C | 16 | APT-C-09 |
|
| Details | Threat Actor Identifier - APT-LY | 2 | APT-LY-1007 |
|
| Details | Threat Actor Identifier - APT-Q | 11 | APT-Q-36 |
|
| Details | Threat Actor Identifier - APT | 115 | APT43 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Url | 1 | https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack |
|
| Details | Url | 2 | https://threatmon.io/apt-blind-eagles-malware-arsenal-technical-analysis |
|
| Details | Url | 4 | https://blog.virustotal.com/2023/04/apt43-investigation-into-north-korean.html |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/nk2zml2d0htk0hszykw2dw |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/lb_nyxhi9ijgmvi2wjy9qg |
|
| Details | Url | 1 | https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-targeting-israel-via-improved-arsenal-of-tools |
|
| Details | Url | 1 | https://www.ncsc.gov.uk/news/apt28-exploits-known-vulnerability-to-carry-out-reconnaissance-and-deploy-malware-on-cisco-routers |
|
| Details | Url | 5 | https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552 |
|
| Details | Url | 6 | https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware |
|
| Details | Url | 1 | https://decoded.avast.io/martinchlumecky/ddosia-project-how-noname05716-is-trying-to-improve-the-efficiency-of-ddos-attacks |
|
| Details | Url | 1 | https://blog.sucuri.net/2023/04/massive-abuse-of-abandoned-evalphp-wordpress-plugin.html |
|
| Details | Url | 5 | https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise |
|
| Details | Url | 1 | https://blog.cyble.com/2023/04/19/al-aqsa-mosque-incident-ignites-opisrael |
|
| Details | Url | 2 | https://interlab.or.kr/archives/18979 |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/boj88zzk27zahshlyucyga |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/23/d/attackers-use-containers-for-profit-via-trafficstealer.html |
|
| Details | Url | 1 | https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic |
|
| Details | Url | 2 | https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer |
|
| Details | Url | 1 | https://blog.cyble.com/2023/04/20/daam-android-botnet-being-distributed-through-trojanized-applications |
|
| Details | Url | 2 | https://www.secureworks.com/blog/bumblebee-malware-distributed-via-trojanized-installer-downloads |
|
| Details | Url | 1 | http://appcisco.com/vpncleint/cisco-anyconnect-4_9_0195.msi下载的 |
|
| Details | Url | 1 | https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fakecalls-android-malware-abusing-legitimate-signing-key |
|
| Details | Url | 1 | https://blog.cyble.com/2023/04/21/qakbot-malware-continues-to-morph |
|
| Details | Url | 1 | https://blogs.jpcert.or.jp/en/2023/04/parallax-rat.html |
|
| Details | Url | 2 | https://www.trendmicro.com/en_us/research/23/d/vipersoftx-updates-encryption-steals-data.html |
|
| Details | Url | 2 | https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp |