每周高级威胁情报解读(2023.10.27~11.02)
Tags
| country: | Albania |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Ssh - T1021.004 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 82e27ff6-bdb1-4dc7-837b-455926c41e79 |
| Fingerprint | d503bec317b69c08 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 27, 2023, midnight |
| Added to db | Nov. 20, 2023, 12:37 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | 每周高级威胁情报解读(2023.10.27~11.02) |
| Title | 每周高级威胁情报解读(2023.10.27~11.02) |
| Detected Hints/Tags/Attributes | 74/3/43 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 176 | cve-2023-23397 |
|
| Details | CVE | 172 | cve-2022-30190 |
|
| Details | CVE | 116 | cve-2023-4966 |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 58 | blog.sekoia.io |
|
| Details | Domain | 65 | www.cert.ssi.gouv.fr |
|
| Details | Domain | 25 | cyble.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 74 | thedfirreport.com |
|
| Details | Domain | 45 | www.reversinglabs.com |
|
| Details | Domain | 144 | www.fortinet.com |
|
| Details | Domain | 4 | www.securityjoes.com |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | File | 77 | http.sys |
|
| Details | File | 141 | www.cer |
|
| Details | File | 3 | certfr-2023-cti-009.pdf |
|
| Details | File | 6 | yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html |
|
| Details | File | 9 | open.ai |
|
| Details | Mandiant Uncategorized Groups | 111 | UNC3944 |
|
| Details | Threat Actor Identifier - APT-C | 83 | APT-C-36 |
|
| Details | Threat Actor Identifier - APT | 258 | APT34 |
|
| Details | Url | 3 | https://medium.com/s2wblog/fastviewer-variant-merged-with-fastspy-and-disguised-as-a-legitimate-mobile-application-f3004588f95c |
|
| Details | Url | 5 | https://blog.talosintelligence.com/arid-viper-mobile-spyware |
|
| Details | Url | 3 | https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/-7u1-ntp0edvotptzbhusg |
|
| Details | Url | 4 | https://blog.sekoia.io/aridviper-an-intrusion-set-allegedly-associated-with-hamas |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/fnumsdllv24snyfpvj-hva |
|
| Details | Url | 3 | https://www.cert.ssi.gouv.fr/uploads/certfr-2023-cti-009.pdf |
|
| Details | Url | 4 | https://cyble.com/blog/higaisa-apt-resurfaces-via-phishing-website-targeting-chinese-users |
|
| Details | Url | 5 | https://securelist.com/unveiling-lazarus-new-campaign/110888 |
|
| Details | Url | 2 | https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/ahbl9o2lcyxmfo03tsrtzg |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/hawwcstxoaek4oflxrjxmq |
|
| Details | Url | 4 | https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html |
|
| Details | Url | 1 | https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/ontmtn5pk8yjzvh266lbag |
|
| Details | Url | 1 | https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise |
|
| Details | Url | 1 | https://research.nccgroup.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments |
|
| Details | Url | 1 | https://www.reversinglabs.com/blog/iamreboot-malicious-nuget-packages-exploit-msbuild-loophole |
|
| Details | Url | 1 | https://www.fortinet.com/blog/threat-research/ransomware-roundup-knight |
|
| Details | Url | 3 | https://www.securityjoes.com/post/bibi-linux-a-new-wiper-dropped-by-pro-hamas-hacktivist-group |
|
| Details | Url | 3 | https://www.mandiant.com/resources/blog/session-hijacking-citrix-cve-2023-4966 |