ioc[.]one - OSINT Cyber Threat Intelligence Database

安全事件周报 2023-10-16 第42周

Tags

country:	Belarus India Israel Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Confluence - T1213.001 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Vulnerabilities - T1588.006 Powershell - T1086 Rootkit - T1014 Rootkit

Show in Graph

Common Information

Type	Value
UUID	7c5f61b7-dd5a-4cd1-9c8f-6f76a6be7356
Fingerprint	adeaa8bb1286346e
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 16, 2023, midnight
Added to db	Nov. 19, 2023, 5:47 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	安全事件周报 2023-10-16 第42周
Title	安全事件周报 2023-10-16 第42周
Detected Hints/Tags/Attributes	100/3/104

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzU5MjEzOTM3NA==&mid=2247497557&idx=1&sn=8fa4c7cb366dfcfb642e0c9f255317b0&chksm=fe26f254c9517b42a9be9151722c4038199b58f2b6b1a4630fe6b2adc997213433cadfd7b795&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	263	✔	三六零CERT	https://wechat2rss.xlab.app/feed/2dbce2e5f7b49dc8415db7a0ab325929e0f5d8c3.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CERT 360 CN	1	CERT-R-2023-477
Details	CERT Ukraine	16	UAC-0165
Details	CERT Ukraine	29	UAC-0006
Details	CVE	48	cve-2021-26411
Details	CVE	102	cve-2023-22515
Details	CVE	117	cve-2023-20198
Details	CVE	6	cve-2023-5360
Details	CVE	6	cve-2023-43261
Details	CVE	53	cve-2023-42793
Details	CVE	116	cve-2023-4966
Details	CVE	133	cve-2023-38831
Details	CVE	26	cve-2023-40044
Details	Domain	137	securityaffairs.com
Details	Domain	403	securelist.com
Details	Domain	2	www.keepass.info
Details	Domain	133	www.infosecurity-magazine.com
Details	Domain	280	thehackernews.com
Details	Domain	6	codeberg.org
Details	Domain	139	wordpress.org
Details	Domain	6	blog.cluster25.duskrise.com
Details	Domain	208	mp.weixin.qq.com
Details	Domain	94	bing.com
Details	Domain	189	asec.ahnlab.com
Details	Domain	22	www.genians.co.kr
Details	Domain	91	360.net
Details	Domain	100	cert.360.cn
Details	File	1	darkgate-campaign-messaging-platforms.html
Details	File	1	redalert-rocket-alerts-spyware.html
Details	File	3	it-alert.apk
Details	File	8	keepass.inf
Details	File	1	alphv-ransomware-morrison-community-hospital.html
Details	File	384	www.inf
Details	File	1	akira-ransomware-attack-blocked.html
Details	File	1	cert-ua-reports-11-ukrainian-telecom.html
Details	File	1	tetrisphantom-cyber-espionage-via.html
Details	File	7	httpd.log
Details	File	1	experts-warn-of-severe-flaws-affecting.html
Details	File	1	critical-citrix-netscaler-flaw.html
Details	File	1	celebrities.csv
Details	IPv4	4	35.3.0.7
Details	Microsoft Threat Actor Naming Taxonomy (Groups in development)	5	Storm-1567
Details	Threat Actor Identifier - APT-C	15	APT-C-55
Details	Threat Actor Identifier - APT	258	APT34
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	1	https://www.bleepingcomputer.com/news/security/steam-enforces-sms-verification-to-curb-malware-ridden-updates
Details	Url	1	https://www.bleepingcomputer.com/news/security/women-political-leaders-summit-targeted-in-romcom-malware-phishing
Details	Url	1	https://www.darkreading.com/ics-ot/feds-beware-avoslocker-ransomware-attacks-critical-infrastructure
Details	Url	1	https://www.bleepingcomputer.com/news/security/darkgate-malware-spreads-through-compromised-skype-accounts
Details	Url	1	https://securityaffairs.com/152513/cyber-crime/darkgate-campaign-messaging-platforms.html
Details	Url	1	https://www.bleepingcomputer.com/news/security/fake-redalert-rocket-alert-app-for-israel-installs-android-spyware
Details	Url	1	https://www.bleepingcomputer.com/news/security/discord-still-a-hotbed-of-malware-activity-now-apts-join-the-fun
Details	Url	1	https://securityaffairs.com/152569/malware/redalert-rocket-alerts-spyware.html
Details	Url	1	https://www.bleepingcomputer.com/news/security/spynote-android-malware-spreads-via-fake-volcano-eruption-alerts
Details	Url	1	https://www.bleepingcomputer.com/news/security/malicious-notepad-plus-plus-google-ads-evade-detection-for-months
Details	Url	1	https://www.bleepingcomputer.com/news/security/mata-malware-framework-exploits-edr-in-attacks-on-defense-firms
Details	Url	3	https://securelist.com/updated-mata-attacks-industrial-companies-in-eastern-europe/110829
Details	Url	2	https://www.keepass.info
Details	Url	1	https://www.bleepingcomputer.com/news/security/fake-keepass-site-uses-google-ads-and-punycode-to-push-malware
Details	Url	1	https://securityaffairs.com/152486/cyber-crime/alphv-ransomware-morrison-community-hospital.html
Details	Url	1	https://www.bleepingcomputer.com/news/security/d-link-confirms-data-breach-after-employee-phishing-attack
Details	Url	1	https://www.bleepingcomputer.com/news/security/hacker-leaks-millions-of-new-23andme-genetic-data-profiles
Details	Url	1	https://www.bleepingcomputer.com/news/security/casio-discloses-data-breach-impacting-customers-in-149-countries
Details	Url	1	https://www.bleepingcomputer.com/news/security/ai-algorithm-detects-mitm-attacks-on-unmanned-military-vehicles
Details	Url	1	https://www.infosecurity-magazine.com/news/new-phishing-campaign-uses
Details	Url	1	https://bi-zone.medium.com/sticky-werewolf-attacks-public-organizations-in-russia-and-belarus-0a9bcf4cefd0
Details	Url	1	https://www.infosecurity-magazine.com/news/concern-hacktivism-israel-hamas
Details	Url	2	https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-breached-11-ukrainian-telcos-since-may
Details	Url	1	https://securityaffairs.com/152501/malware/akira-ransomware-attack-blocked.html
Details	Url	1	https://thehackernews.com/2023/10/cert-ua-reports-11-ukrainian-telecom.html
Details	Url	1	https://thehackernews.com/2023/10/tetrisphantom-cyber-espionage-via.html
Details	Url	1	https://www.bleepingcomputer.com/news/security/ukrainian-activists-hack-trigona-ransomware-gang-wipe-servers
Details	Url	1	https://www.bleepingcomputer.com/news/security/qubitstrike-attacks-rootkit-jupyter-linux-servers-to-steal-credentials
Details	Url	1	https://www.darkreading.com/vulnerabilities-threats/critical-unpatched-cisco-zero-day-bug-active-exploit
Details	Url	1	https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-flaw-in-wordpress-royal-elementor-plugin
Details	Url	1	https://www.bleepingcomputer.com/news/security/cisa-fbi-urge-admins-to-patch-atlassian-confluence-immediately
Details	Url	1	https://www.bleepingcomputer.com/news/security/over-10-000-cisco-devices-hacked-in-ios-xe-zero-day-attacks
Details	Url	1	https://thehackernews.com/2023/10/experts-warn-of-severe-flaws-affecting.html
Details	Url	1	https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-critical-teamcity-flaw-to-breach-networks
Details	Url	1	https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html
Details	Url	1	https://www.infosecurity-magazine.com/news/north-korean-exploiting-critical
Details	Url	2	https://www.bleepingcomputer.com/news/security/over-40-000-cisco-ios-xe-devices-infected-with-backdoor-using-zero-day
Details	Url	2	https://blog.cluster25.duskrise.com/2023/10/12/cve-2023-38831-russian-attack
Details	Url	3	https://mp.weixin.qq.com/s/bssmrqfqz-2llhd3rofrvw
Details	Url	1	https://www.infosecurity-magazine.com/news/espionage-campaign-targets-apac
Details	Url	1	https://www.bleepingcomputer.com/news/security/over-40-000-admin-portal-accounts-use-admin-as-a-password
Details	Url	1	https://www.infosecurity-magazine.com/news/qr-codes-used-22-phishing-attacks
Details	Url	1	https://www.bleepingcomputer.com/news/security/microsoft-plans-to-kill-off-ntlm-authentication-in-windows-11
Details	Url	1	https://www.darkreading.com/vulnerabilities-threats/microsoft-debuts-ai-bug-bounty-program-offers-15k
Details	Url	1	https://www.bleepingcomputer.com/news/security/amazon-adds-passkey-support-as-new-passwordless-login-option
Details	Url	1	https://www.bleepingcomputer.com/news/security/google-play-protect-adds-real-time-scanning-to-fight-android-malware
Details	Url	1	https://www.infosecurity-magazine.com/news/ransomware-targets-unpatched-wsftp
Details	Url	2	https://www.bleepingcomputer.com/news/security/blackcat-ransomware-uses-new-munchkin-linux-vm-in-stealthy-attacks
Details	Url	1	https://asec.ahnlab.com/ko/57666
Details	Url	1	https://www.bleepingcomputer.com/news/security/23andme-hit-with-lawsuits-after-hacker-leaks-stolen-genetics-data
Details	Url	1	https://www.genians.co.kr/blog/darkhorse
Details	Url	1	https://www.bleepingcomputer.com/news/security/ex-navy-it-head-gets-5-years-for-selling-peoples-data-on-darkweb
Details	Url	1	https://www.bleepingcomputer.com/news/security/fbi-warns-of-extortion-groups-targeting-plastic-surgery-offices
Details	Url	2	https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability
Details	Url	1	https://www.bleepingcomputer.com/news/security/iranian-hackers-lurked-in-middle-eastern-govt-network-for-8-months
Details	Url	1	https://www.bleepingcomputer.com/news/security/india-targets-microsoft-amazon-tech-support-scammers-in-nationwide-crackdown
Details	Url	1	https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomwares-dark-web-extortion-sites-seized-by-police
Details	Url	1	https://www.bleepingcomputer.com/news/security/e-root-admin-faces-20-years-for-selling-stolen-rdp-ssh-accounts
Details	Url	87	http://360.net
Details	Url	93	https://cert.360.cn