ioc[.]one - OSINT Cyber Threat Intelligence Database

每周高级威胁情报解读(2024.11.22~11.28)

Tags

country:	Russia
attack-pattern:	Bootkit - T1542.003 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Ssh - T1021.004 Visual Basic - T1059.005 Bootkit - T1067 Powershell - T1086 Rootkit - T1014 Rootkit

Show in Graph

Common Information

Type	Value
UUID	80257c5e-ea42-437b-9121-0aae0893a811
Fingerprint	49daa93b7b6732d6
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 22, 2024, midnight
Added to db	Nov. 29, 2024, 12:59 p.m.
Last updated	Dec. 18, 2024, 3:28 a.m.
Headline	每周高级威胁情报解读(2024.11.22~11.28)
Title	每周高级威胁情报解读(2024.11.22~11.28)
Detected Hints/Tags/Attributes	54/2/60

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247513164&idx=1&sn=555504b6d4e00161e6043bc35e5e7e34&chksm=ea66433bdd11ca2d91df7bb11c686f8cfdc1babf56d8bc0aa4e71f5071fbfd368078f5984aa8&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	267	✔	奇安信威胁情报中心	https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CERT Ukraine	20	UAC-0063
Details	CVE	88	cve-2024-9680
Details	CVE	80	cve-2024-49039
Details	CVE	157	cve-2023-38831
Details	CVE	23	cve-2024-27348
Details	CVE	19	cve-2022-30525
Details	CVE	5	cve-2022-30075
Details	CVE	49	cve-2018-10562
Details	CVE	48	cve-2018-10561
Details	CVE	17	cve-2018-9995
Details	CVE	28	cve-2017-18368
Details	CVE	79	cve-2017-17215
Details	CVE	80	cve-2014-8361
Details	CVE	34	cve-2024-11680
Details	Domain	227	mp.weixin.qq.com
Details	Domain	73	blogs.jpcert.or.jp
Details	Domain	25	paper.seebug.org
Details	Domain	552	www.recordedfuture.com
Details	Domain	8	blog.phylum.io
Details	Domain	9	www.aquasec.com
Details	Domain	266	www.welivesecurity.com
Details	Domain	43	vulncheck.com
Details	File	2	apt-c-60.html
Details	File	14	git.exe
Details	File	4	ipml.txt
Details	File	9	securebootuefi.dat
Details	File	1	实现恶意软件securebootuefi.dat
Details	File	1	并运行service.dat
Details	File	5	cbmp.txt
Details	File	5	icon.txt
Details	File	5	cn.dat
Details	File	5	sp.dat
Details	File	11	sync.py
Details	File	21	aswarpot.sys
Details	File	7	kill-floor.exe
Details	File	10	ntfs.bin
Details	File	129	sc.exe
Details	File	1	credit-card-skimmer-malware-targeting-magento-checkout-pages.html
Details	IPv4	6	103.187.26.176
Details	Threat Actor Identifier - APT-C	8	APT-C-48
Details	Threat Actor Identifier - APT-C	46	APT-C-60
Details	Threat Actor Identifier - APT-K	21	APT-K-47
Details	Threat Actor Identifier - APT	837	APT28
Details	Threat Actor Identifier by Recorded Future	16	TAG-110
Details	Url	1	https://mp.weixin.qq.com/s/xb8bezmv3fhc1o6lwt-4pg
Details	Url	3	https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild
Details	Url	1	https://blogs.jpcert.or.jp/ja/2024/11/apt-c-60.html
Details	Url	2	https://paper.seebug.org/3240
Details	Url	2	https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access
Details	Url	1	https://www.recordedfuture.com/research/russia-aligned-tag-110-targets-asia-and-europe
Details	Url	2	https://research.checkpoint.com/2024/gaming-engines-an-undetected-playground-for-malware-loaders
Details	Url	1	https://blog.phylum.io/python-crypto-library-updated-to-steal-private-keys
Details	Url	1	https://www.trellix.com/blogs/research/when-guardians-become-predators-how-malware-corrupts-the-protectors
Details	Url	1	https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors
Details	Url	1	https://www.aquasec.com/blog/matrix-unleashes-a-new-widespread-ddos-campaign
Details	Url	1	https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux
Details	Url	1	https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html
Details	Url	1	https://mp.weixin.qq.com/s/qv7naa2miyoewcuergws8a
Details	Url	1	https://mp.weixin.qq.com/s/lrv5i4zpbp4esk9r1byz8g
Details	Url	4	https://vulncheck.com/blog/projectsend-exploited-itw