每周高级威胁情报解读(2023.08.03~08.10)
Tags
country: Bangladesh Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 7cde43e1-2574-4949-811a-951a8185b3e1
Fingerprint 5898bf40b7365f51
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 3, 2023, midnight
Added to db Aug. 13, 2023, 9:55 a.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline 每周高级威胁情报解读(2023.08.03~08.10)
Title 每周高级威胁情报解读(2023.08.03~08.10)
Detected Hints/Tags/Attributes 58/3/63
Source URLs
Redirection Url
Details Source https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247507544&idx=2&sn=22fe3ebe241d7703d25c13ad908761a2&chksm=ea66292fdd11a0399b6a86983141aca4316d3ef7c297cf292c90e80fd91878aaab3abdf445c4&scene=58&subscene=0#rd
URL Provider
Details Provider Source level domain
Details qq.com mp.weixin.qq.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 267 奇安信威胁情报中心 https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 119 
cve-2023-36884
Details CVE 36 
cve-2023-38180
Details CVE 12 
cve-2023-38182
Details CVE 17 
cve-2023-35385
Details CVE 17 
cve-2023-36910
Details CVE 14 
cve-2023-36911
Details CVE 15 
cve-2023-21709
Details CVE 15 
cve-2023-29328
Details CVE 13 
cve-2023-29330
Details CVE 15 
cve-2023-35359
Details CVE 11 
cve-2023-35380
Details CVE 11 
cve-2023-35382
Details CVE 12 
cve-2023-35386
Details CVE 9 
cve-2023-38154
Details CVE 11 
cve-2023-36900
Details CVE 10 
cve-2023-35384
Details CVE 12 
cve-2023-36895
Details Domain 9 
freeze.rs
Details Domain 101 
www.group-ib.com
Details Domain 208 
mp.weixin.qq.com
Details Domain 41 
www.imperva.com
Details Domain 261 
blog.talosintelligence.com
Details Domain 31 
www.esentire.com
Details Domain 144 
www.fortinet.com
Details Domain 604 
www.trendmicro.com
Details Domain 1 
ps1.rhysida.sm
Details Domain 10 
www.kasada.io
Details Domain 14 
www.guidepointsecurity.com
Details Domain 84 
www.zscaler.com
Details Domain 25 
cyble.com
Details Domain 452 
msrc.microsoft.com
Details Domain 397 
asp.net
Details File 1 
teachflix.exe
Details File 1 
batloader-campaigns-use-pyarmor-pro-for-evasion.html
Details File 1 
an-overview-of-the-new-rhysida-ransomware.html
Details File 1 
检测为ransom.ps1
Details File 1 
targetcompany-ransomware-abuses-fud-obfuscator-packers.html
Details File 2 
adobeupdates.vbs
Details File 2 
clang.vbs
Details File 1 
和clang.vbs
Details Threat Actor Identifier - APT-K 10 
APT-K-47
Details Url 1 
https://medium.com/checkmarx-security/lazarus-group-launches-first-open-source-supply-chain-attacks-targeting-crypto-sector-cabc626e404e
Details Url 2 
https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company
Details Url 2 
https://www.group-ib.com/blog/mysterious-team-bangladesh
Details Url 2 
https://mp.weixin.qq.com/s/e4s10n9slxjrmmgyjfzn0g
Details Url 2 
https://mp.weixin.qq.com/s/9cqxdfn7erjupk9qprhqpg
Details Url 1 
https://www.proofpoint.com/us/blog/email-and-cloud-threats/cloud-account-takeover-campaign-leveraging-evilproxy-targets-top-level
Details Url 1 
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/new-rilide-stealer-version-targets-banking-data-and-works-around-google-chrome-manifest-v3
Details Url 1 
https://www.imperva.com/blog/analysis-of-a-phishing-campaign
Details Url 1 
https://blog.talosintelligence.com/new-threat-actor-using-yashma-ransomware
Details Url 1 
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/invisible-adware-unveiling-ad-fraud-targeting-korean-android-users
Details Url 1 
https://www.esentire.com/blog/operation-phantomcontrol
Details Url 1 
https://www.trendmicro.com/en_us/research/23/h/batloader-campaigns-use-pyarmor-pro-for-evasion.html
Details Url 1 
https://www.fortinet.com/blog/threat-research/malware-distributed-via-freezers-and-syk-crypter
Details Url 1 
https://www.trendmicro.com/en_us/research/23/h/an-overview-of-the-new-rhysida-ransomware.html
Details Url 2 
https://www.kasada.io/threat-intel-openbullet-malware
Details Url 1 
https://www.trendmicro.com/en_us/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html
Details Url 4 
https://www.guidepointsecurity.com/blog/tunnel-vision-cloudflared-abused-in-the-wild
Details Url 1 
https://www.zscaler.com/blogs/security-research/statc-stealer-decoding-elusive-malware-threat
Details Url 1 
https://cyble.com/blog/agenttesla-malware-targets-users-with-malicious-control-panel-file/#
Details Url 1 
https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society
Details Url 1 
https://mp.weixin.qq.com/s/z4xncgzpc_5xundypd7ifw
Details Url 3 
https://msrc.microsoft.com/update-guide/releasenote/2023-aug