ioc[.]one - OSINT Cyber Threat Intelligence Database

每周高级威胁情报解读(2023.08.17~08.24)

Tags

country:	Cuba Laos
maec-delivery-vectors:	Watering Hole
attack-pattern:	Botnet - T1583.005 Botnet - T1584.005 Cmstp - T1218.003 Malvertising - T1583.008 Cmstp - T1191

Show in Graph

Common Information

Type	Value
UUID	82913c0f-4c27-488c-830c-8223bfd45a7f
Fingerprint	2112fd17c503dce3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 17, 2023, midnight
Added to db	Oct. 23, 2023, 1:10 a.m.
Last updated	Nov. 17, 2024, 6:53 p.m.
Headline	每周高级威胁情报解读(2023.08.17~08.24)
Title	每周高级威胁情报解读(2023.08.17~08.24)
Detected Hints/Tags/Attributes	49/3/43

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247507927&idx=1&sn=e5ecea5561dcb74b724fb367d2eb377c&chksm=ea6628a0dd11a1b6a3d76edebd7bd488197c8dca25e2a7acfc2ceb9578d7364fbcee274c7464&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	267	✔	奇安信威胁情报中心	https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	133	cve-2023-38831
Details	CVE	217	cve-2020-1472
Details	CVE	85	cve-2023-27532
Details	Domain	7	it.rising.com.cn
Details	Domain	128	www.fbi.gov
Details	Domain	189	asec.ahnlab.com
Details	Domain	137	securityaffairs.com
Details	Domain	208	mp.weixin.qq.com
Details	Domain	16	rebrand.ly
Details	Domain	24	sysdig.com
Details	Domain	262	www.welivesecurity.com
Details	Domain	84	www.zscaler.com
Details	Domain	13	blog.lumen.com
Details	Domain	101	www.group-ib.com
Details	File	2	20037.html
Details	File	1	opfukushima-anonymous.html
Details	File	2	kimsuky-war-simulation-centre.html
Details	File	18	chrome.dll
Details	File	1	profile-stealers-spread-via-llm-themed-facebook-ads.html
Details	File	1	命令将启动mshta.exe
Details	File	1	shell脚本还会利用cmstp.exe
Details	IPv4	2	185.224.128.141
Details	Threat Actor Identifier - APT	144	APT38
Details	Url	2	https://it.rising.com.cn/anquan/20037.html
Details	Url	3	https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk
Details	Url	2	https://asec.ahnlab.com/ko/56256
Details	Url	1	https://securityaffairs.com/149660/hacking/opfukushima-anonymous.html
Details	Url	2	https://securityaffairs.com/149698/apt/kimsuky-war-simulation-centre.html
Details	Url	1	https://mp.weixin.qq.com/s/sclrp1dmhqyhiiammed-ow
Details	Url	1	https://www.trendmicro.com/en_us/research/23/h/profile-stealers-spread-via-llm-themed-facebook-ads.html
Details	Url	1	https://mp.weixin.qq.com/s/acyncthoadk_saixteifsg
Details	Url	1	https://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign
Details	Url	2	https://www.welivesecurity.com/en/eset-research/mass-spreading-campaign-targeting-zimbra-users
Details	Url	1	https://asec.ahnlab.com/en/56010
Details	Url	1	https://www.sentinelone.com/blog/from-conti-to-akira-decoding-the-latest-linux-esxi-ransomware-families
Details	Url	1	https://www.malwarebytes.com/blog/threat-intelligence/2023/08/darkgate-reloaded-via-malvertising-campaigns
Details	Url	1	https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers
Details	Url	1	https://www.zscaler.com/blogs/security-research/agniane-stealer-dark-webs-crypto-threat
Details	Url	1	https://mp.weixin.qq.com/s/drxlahjpvdrrnberl20joq
Details	Url	1	https://blog.lumen.com/hiatusrat-takes-little-time-off-in-a-return-to-action
Details	Url	1	https://cyble.com/blog/unveiling-the-stealthy-exploitation-of-microsoft-cmstp-using-malicious-lnk-files
Details	Url	2	https://blogs.blackberry.com/en/2023/08/cuba-ransomware-deploys-new-tools-targets-critical-infrastructure-sector-in-the-usa-and-it-integrator-in-latin-america
Details	Url	4	https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day