ioc[.]one - OSINT Cyber Threat Intelligence Database

每周高级威胁情报解读(2024.08.23~08.29)

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Dns - T1071.004 Dns - T1590.002 Kerberoasting - T1558.003 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Kerberoasting - T1208 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	739346a2-a9f8-448e-97cd-c2337101797c
Fingerprint	250e67447784e5de
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 23, 2024, midnight
Added to db	Aug. 31, 2024, 9:20 a.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	每周高级威胁情报解读(2024.08.23~08.29)
Title	每周高级威胁情报解读(2024.08.23~08.29)
Detected Hints/Tags/Attributes	65/2/48

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247511849&idx=2&sn=5d6240137e9e127ece05fb30477281a5&chksm=ea66585edd11d14823c89f08bd7652f5aa8b0c38e9b2c06d3e9bfa57546ff71fcef54548bbe2&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	267	✔	奇安信威胁情报中心	https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CERT Ukraine	6	UAC-0020
Details	CVE	32	cve-2024-7262
Details	CVE	17	cve-2024-7263
Details	CVE	84	cve-2024-40766
Details	Domain	208	mp.weixin.qq.com
Details	Domain	83	cert.gov.ua
Details	Domain	469	www.cisa.gov
Details	Domain	224	unit42.paloaltonetworks.com
Details	Domain	6	sway.cloud.microsoft
Details	Domain	74	thedfirreport.com
Details	Domain	1	jabberplugins.net
Details	Domain	403	securelist.com
Details	Domain	604	www.trendmicro.com
Details	Domain	22	www.sonatype.com
Details	File	2	spysok_kursk.zip
Details	File	1	kursk.chm
Details	File	18	promecefpluginhost.exe
Details	File	6	ksojscore.dll
Details	File	12	taskcontroler.dll
Details	File	10	get-datainfo.ps1
Details	File	3	qwe.exe
Details	File	1	pressing-pause-on-play-ransomware.html
Details	File	1	同时会在目标主机上引入一个附加工具gt_net.exe
Details	File	1	将生成的端点列表放入一个文件中并存档到data.zip
Details	File	3	gt_net.exe
Details	File	27	node.exe
Details	File	1	netflix_checker_cache.exe
Details	File	155	horizon3.ai
Details	Threat Actor Identifier - APT-C	27	APT-C-60
Details	Threat Actor Identifier - APT-Q	15	APT-Q-12
Details	Url	1	https://mp.weixin.qq.com/s/vb-4ljqtddwohs5g2zwvva
Details	Url	1	https://cert.gov.ua/article/6280422
Details	Url	5	https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office
Details	Url	1	https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
Details	Url	2	https://www.microsoft.com/en-us/security/blog/2024/08/28/peach-sandstorm-deploys-new-custom-tickler-malware-in-long-running-intelligence-gathering-operations
Details	Url	1	https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion
Details	Url	1	https://www.zscaler.com/blogs/security-research/5-key-takeaways-ransomware-attacks-healthcare-education-and-public-sector
Details	Url	1	https://www.netskope.com/blog/phishing-in-style-microsoft-sway-abused-to-deliver-quishing-attacks
Details	Url	1	https://mp.weixin.qq.com/s/c5o6etpwwj1n8whvdiek8q
Details	Url	1	https://medium.com/s2wblog/threat-tracking-analysis-of-punk-003s-lilith-rat-ported-to-autoit-script-30dd59e68213
Details	Url	2	https://thedfirreport.com/2024/08/26/blacksuit-ransomware
Details	Url	1	https://www.bleepingcomputer.com/news/security/malware-infiltrates-pidgin-messengers-official-plugin-repository
Details	Url	1	https://securelist.com/hz-rat-attacks-wechat-and-dingtalk/113513
Details	Url	1	https://www.trendmicro.com/en_us/research/24/h/pressing-pause-on-play-ransomware.html
Details	Url	1	https://www.sonatype.com/blog/pyfetcher-netfetch-drop-netflix-checker-on-windows
Details	Url	1	https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-access-control-flaw-in-sonicos
Details	Url	1	https://jfrog.com/blog/from-mlops-to-mloops-exposing-the-attack-surface-of-machine-learning-platforms
Details	Url	2	https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications