每周高级威胁情报解读(2023.09.22~09.28)
Tags
country: Egypt China
attack-pattern: Powershell - T1059.001 Ssh - T1021.004 Web Shell - T1505.003 Powershell - T1086 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID 8b88dd0f-a8b4-435d-9d4c-91134b6186c2
Fingerprint e10e37355eae3c46
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 22, 2023, midnight
Added to db Nov. 20, 2023, 12:37 a.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline 每周高级威胁情报解读(2023.09.22~09.28)
Title 每周高级威胁情报解读(2023.09.22~09.28)
Detected Hints/Tags/Attributes 72/2/44
Source URLs
Redirection Url
Details Source https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247508243&idx=1&sn=6d8c7b470562939926625c9b5b1b215b&chksm=ea665664dd11df720a373d3aa275cf98d07c57254269779e18c72c1f6fe694b363dbe7d9e1f7&scene=58&subscene=0#rd
URL Provider
Details Provider Source level domain
Details qq.com mp.weixin.qq.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 267 奇安信威胁情报中心 https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 22 
cve-2023-41991
Details CVE 25 
cve-2023-41992
Details CVE 38 
cve-2023-41993
Details Domain 208 
mp.weixin.qq.com
Details Domain 224 
unit42.paloaltonetworks.com
Details Domain 469 
www.cisa.gov
Details Domain 31 
blog.morphisec.com
Details Domain 98 
www.secureworks.com
Details Domain 83 
checkmarx.com
Details Domain 2 
send.wagateway.pro
Details Domain 101 
www.group-ib.com
Details Domain 17 
www.threatfabric.com
Details Domain 74 
thedfirreport.com
Details Domain 25 
cyble.com
Details Domain 144 
www.fortinet.com
Details Domain 21 
news.drweb.com
Details File 7 
2023.docm
Details File 1 
它将自身呈现为microsoft帮助文件或.chm
Details File 1 
混淆的powershell单行代码就会通过windows二进制文件hh.exe
Details File 367 
readme.txt
Details File 1 
assembly.jar
Details Threat Actor Identifier - APT 277 
APT37
Details Threat Actor Identifier by Unit 42 4 
CL-STA-0046
Details Url 1 
https://mp.weixin.qq.com/s/t_syldyfzhitkheyshzjyg
Details Url 2 
https://www.welivesecurity.com/en/eset-research/stealth-falcon-preying-middle-eastern-skies-deadglyph
Details Url 4 
https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia
Details Url 2 
https://mp.weixin.qq.com/s/hwveqib68aadnpqvrknaeq
Details Url 2 
https://www.welivesecurity.com/en/eset-research/oilrigs-outer-space-juicy-mix-same-ol-rig-new-drill-pipes
Details Url 3 
https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit
Details Url 2 
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a
Details Url 2 
https://www.securonix.com/blog/threat-labs-security-advisory-new-starkvortex-attack-campaign-threat-actors-use-drone-manual-lures-to-deliver-merlinagent-payloads
Details Url 2 
https://blog.morphisec.com/mgm-resorts-alphv-spider-ransomware-attack
Details Url 1 
https://mp.weixin.qq.com/s/9kgdnei8jsoqki44mdos7a
Details Url 1 
https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker
Details Url 1 
https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions
Details Url 1 
https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code
Details Url 2 
https://send.wagateway.pro/webhook
Details Url 2 
https://www.group-ib.com/blog/shadowsyndicate-raas
Details Url 1 
https://www.threatfabric.com/blogs/xenomorph#appendix
Details Url 2 
https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours
Details Url 1 
https://cyble.com/blog/indian-taxpayers-face-a-multifaceted-threat-with-drinik-malwares-return
Details Url 1 
https://www.fortinet.com/blog/threat-research/ransomware-roundup-retch-and-sho
Details Url 1 
https://mp.weixin.qq.com/s/w0nrsums97lbdki43p7vqa
Details Url 1 
https://news.drweb.com/show/?i=14756&lng=enu