Bluepurple Pulse: week ending May 21st
Tags
cmtmf-attack-pattern: Masquerading
country: Australia Azerbaijan Brazil Canada China North Korea Germany Gabon Ghana India Iran Israel Spain Latvia Yemen Russia Vietnam Ukraine U.S. Virgin Islands
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Model Models Artificial Intelligence - T1588.007 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Gatekeeper Bypass - T1553.001 Hardware - T1592.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Browser Extensions - T1176 Connection Proxy - T1090 Gatekeeper Bypass - T1144 Masquerading - T1036 Powershell - T1086 Rootkit - T1014 Web Shell - T1100 Masquerading Rootkit
Show in Graph
Common Information
Type Value
UUID 86cd810f-a7d6-4107-9b02-281ad9ce5d43
Fingerprint a4349d9d85279389
Analysis status DONE
Considered CTI value 2
Text language
Published May 20, 2023, midnight
Added to db June 5, 2023, 2:37 p.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Cyber Defence Analysis for Blue & Purple Teams
Title Bluepurple Pulse: week ending May 21st
Detected Hints/Tags/Attributes 224/4/72
Source URLs
Redirection Url
Details Source https://bluepurple.binaryfirefly.com/p/bluepurple-pulse-week-ending-may-fb5
URL Provider
Details Provider Source level domain
Details binaryfirefly.com bluepurple.binaryfirefly.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 76 Cyber Defence Analysis for Blue & Purple Teams https://bluepurple.binaryfirefly.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 375 
cve-2017-11882
Details CVE 140 
cve-2023-27350
Details Domain 5 
cert.lv
Details Domain 2 
greydynamics.com
Details Domain 189 
asec.ahnlab.com
Details Domain 17 
www.deepinstinct.com
Details Domain 7 
intrusiontruth.wordpress.com
Details Domain 141 
research.checkpoint.com
Details Domain 182 
www.mandiant.com
Details Domain 546 
www.recordedfuture.com
Details Domain 434 
medium.com
Details Domain 124 
www.sentinelone.com
Details Domain 122 
www.kaspersky.com
Details Domain 4 
squiblydoo.blog
Details Domain 4 
www.blumira.com
Details Domain 4127 
github.com
Details Domain 7 
www.phoronix.com
Details Domain 154 
arxiv.org
Details Domain 359 
com.apple
Details Domain 58 
redcanary.com
Details Domain 1 
neodyme.io
Details Domain 23 
www.cobaltstrike.com
Details Domain 469 
www.cisa.gov
Details Domain 1 
reversing.info
Details Domain 12 
binaryfirefly.com
Details Email 12 
hello@binaryfirefly.com
Details File 1260 
explorer.exe
Details File 4 
datasources.xml
Details File 4 
registry.xml
Details File 1 
reversing.inf
Details Github username 4 
theflink
Details Github username 5 
magicsword-io
Details Github username 1 
agencyenterprise
Details Github username 1 
gabriellandau
Details Github username 12 
nationalsecurityagency
Details Github username 3 
awslabs
Details Github username 1 
xyrem
Details Github username 1 
alukym
Details Mandiant Uncategorized Groups 111 
UNC3944
Details Threat Actor Identifier - APT 783 
APT28
Details Threat Actor Identifier - APT 132 
APT32
Details Url 1 
https://greydynamics.com/the-five-bears-russias-offensive-cyber-capabilities
Details Url 4 
https://asec.ahnlab.com/ko/52662
Details Url 252 
https://medium.com
Details Url 1 
https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game
Details Url 1 
https://intrusiontruth.wordpress.com/2023/05/12/the-illustrious-graduates-of-wuhan-kerui
Details Url 1 
https://intrusiontruth.wordpress.com/2023/05/15/trouble-in-paradise
Details Url 1 
https://intrusiontruth.wordpress.com/2023/05/16/introducing-cheng-feng
Details Url 1 
https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant
Details Url 2 
https://www.mandiant.com/resources/blog/sim-swapping-abuse-azure-serial
Details Url 4 
https://www.recordedfuture.com/oilalpha-likely-pro-houthi-group-targeting-arabian-peninsula
Details Url 1 
https://medium.com/s2wblog/deep-dark-web-user-profiling-mont4na-fbf10e4688e6
Details Url 5 
https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors
Details Url 1 
https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155
Details Url 1 
https://squiblydoo.blog/2023/05/12/certified-bad
Details Url 1 
https://www.blumira.com/sysvol-enumeration
Details Url 1 
https://github.com/theflink/hunt-weird-imageloads
Details Url 1 
https://www.mandiant.com/resources/blog/permhash-no-curls-necessary
Details Url 1 
https://github.com/magicsword-io/loldrivers/pull/79
Details Url 1 
https://www.phoronix.com/news/intel-12-may-2023-microcode
Details Url 1 
https://arxiv.org/abs/2211.09527
Details Url 1 
https://github.com/agencyenterprise/promptinject
Details Url 1 
https://redcanary.com/blog/gatekeeper-bypass-vulnerabilities
Details Url 1 
https://neodyme.io/blog/csgo_from_zero_to_0day
Details Url 2 
https://www.cobaltstrike.com/blog/cobalt-strike-and-yara-can-i-have-your-signature
Details Url 1 
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a
Details Url 1 
https://github.com/gabriellandau/pplfault
Details Url 1 
https://github.com/nationalsecurityagency/ghidra/releases/tag/ghidra_10.3_build
Details Url 1 
https://github.com/awslabs/snapchange
Details Url 1 
https://github.com/xyrem/hyperdeceit
Details Url 1 
https://reversing.info/posts/hyperdeceit
Details Url 1 
https://github.com/alukym/vmprotect-source