ioc[.]one - OSINT Cyber Threat Intelligence Database

Bluepurple Pulse: week ending September 3rd

Tags

country:	Malaysia China North Korea Germany Iran Israel Japan South Korea Lithuania Philippines South Africa Russia Taiwan Ukraine United States Of America U.S. Virgin Islands
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Artificial Intelligence - T1588.007 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Hybrid Identity - T1556.007 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Seo Poisoning - T1608.006 Server - T1583.004 Server - T1584.004 Sms Messages - T1636.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	8b09b26f-332f-412c-baeb-52ce64855c84
Fingerprint	a59119dd0f339789
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 1, 2023, midnight
Added to db	Aug. 31, 2024, 1:25 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Cyber Defence Analysis for Blue & Purple Teams
Title	Bluepurple Pulse: week ending September 3rd
Detected Hints/Tags/Attributes	219/3/76

Source URLs

	Redirection	Url
Details	Source	https://bluepurple.binaryfirefly.com/p/bluepurple-pulse-week-ending-september-ca2

URL Provider

Details	Provider	Source level domain
Details	binaryfirefly.com	bluepurple.binaryfirefly.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	76	✔	Cyber Defence Analysis for Blue & Purple Teams	https://bluepurple.binaryfirefly.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	133	cve-2023-38831
Details	CVE	76	cve-2022-47966
Details	CVE	117	cve-2023-2868
Details	CVE	12	cve-2023-36844
Details	CVE	12	cve-2023-36845
Details	CVE	11	cve-2023-36846
Details	CVE	11	cve-2023-36847
Details	Domain	98	www.ncsc.gov.uk
Details	Domain	14	ssu.gov.ua
Details	Domain	8	www.rnbo.gov.ua
Details	Domain	83	cert.gov.ua
Details	Domain	189	asec.ahnlab.com
Details	Domain	261	blog.talosintelligence.com
Details	Domain	45	www.reversinglabs.com
Details	Domain	167	www.ic3.gov
Details	Domain	34	file.io
Details	Domain	47	go.recordedfuture.com
Details	Domain	262	www.welivesecurity.com
Details	Domain	20	labs.withsecure.com
Details	Domain	98	www.secureworks.com
Details	Domain	2	crestresearch.ac.uk
Details	Domain	434	medium.com
Details	Domain	4	loldrivers.io
Details	Domain	4127	github.com
Details	Domain	8	blog.chromium.org
Details	Domain	15	www.hexacorn.com
Details	Domain	5	labs.watchtowr.com
Details	Domain	3	patchstack.com
Details	Domain	12	www.mdsec.co.uk
Details	Domain	101	www.group-ib.com
Details	File	2	technical-report.pdf
Details	File	1	6587.html
Details	File	3	230823.pdf
Details	File	1	cta-2023-0830.pdf
Details	File	1	withsecure-meet-the-ducks.pdf
Details	File	1	towards-https-by-default.html
Details	File	2	host.json
Details	Github username	2	trailofbits
Details	Github username	1	tactikoolsec
Details	Github username	3	xpn
Details	Github username	3	tccontre
Details	Github username	1	b1tg
Details	Github username	3	watchtowrlabs
Details	Github username	1	airbus-cyber
Details	Github username	1	8051enthusiast
Details	md5	1	18dad19e267de8bb4a2158cdcc6b3b4a
Details	Threat Actor Identifier - APT	277	APT37
Details	Url	1	https://www.ncsc.gov.uk/news/uk-allies-support-ukraine-calling-out-russia-gru-malware-campaign
Details	Url	2	https://ssu.gov.ua/uploads/files/dkib/technical-report.pdf
Details	Url	1	https://www.rnbo.gov.ua/ua/diialnist/6587.html
Details	Url	1	https://cert.gov.ua/article/5661411
Details	Url	3	https://asec.ahnlab.com/en/56405
Details	Url	4	https://blog.talosintelligence.com/lazarus-quiterat
Details	Url	5	https://blog.talosintelligence.com/lazarus-collectionrat
Details	Url	4	https://www.reversinglabs.com/blog/vmconnect-supply-chain-campaign-continues
Details	Url	3	https://www.ic3.gov/media/news/2023/230823.pdf
Details	Url	1	https://go.recordedfuture.com/hubfs/reports/cta-2023-0830.pdf
Details	Url	2	https://www.welivesecurity.com/en/eset-research/telekopye-hunting-mammoths-using-telegram-bot
Details	Url	1	https://labs.withsecure.com/content/dam/labs/docs/withsecure-meet-the-ducks.pdf
Details	Url	1	https://www.secureworks.com/blog/law-enforcement-takes-down-qakbot
Details	Url	1	https://crestresearch.ac.uk/resources/detecting-hybrid-social-identities-report
Details	Url	252	https://medium.com
Details	Url	1	https://github.com/trailofbits/hvci-loldrivers-check
Details	Url	1	https://blog.chromium.org/2023/08/towards-https-by-default.html
Details	Url	1	https://www.hexacorn.com/blog/2023/08/26/writing-better-yara-rules-in-2023
Details	Url	1	https://github.com/tactikoolsec/mft-detect-response
Details	Url	1	https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls
Details	Url	1	https://patchstack.com/articles/the-wordpress-zombie-plugins-pandemic-affects-1-6-million-websites
Details	Url	1	https://www.mdsec.co.uk/2023/08/leveraging-vscode-extensions-for-initial-access
Details	Url	1	https://github.com/xpn/randomtsscripts/tree/master/apppoolcreddecrypt
Details	Url	1	https://github.com/tccontre/reg-restore-persistence-mole
Details	Url	4	https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day
Details	Url	1	https://github.com/b1tg/cve-2023-38831-winrar-exploit
Details	Url	1	https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844
Details	Url	1	https://github.com/airbus-cyber/ghidralligator
Details	Url	1	https://github.com/8051enthusiast/biodiff