每周高级威胁情报解读(2023.04.06~04.13)
Tags
| country: | Portugal |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 93eb43c0-6eee-4aae-8f3f-ae1bc045713c |
| Fingerprint | 90d6fb7abb7470f6 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 6, 2023, midnight |
| Added to db | June 5, 2023, 2:22 p.m. |
| Last updated | Nov. 17, 2024, 5:56 p.m. |
| Headline | 每周高级威胁情报解读(2023.04.06~04.13) |
| Title | 每周高级威胁情报解读(2023.04.06~04.13) |
| Detected Hints/Tags/Attributes | 43/2/52 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 19 | cve-2021-27876 |
|
| Details | CVE | 16 | cve-2021-27877 |
|
| Details | CVE | 73 | cve-2023-28252 |
|
| Details | CVE | 7 | cve-2023-28218 |
|
| Details | CVE | 46 | cve-2023-21554 |
|
| Details | CVE | 11 | cve-2023-28219 |
|
| Details | CVE | 10 | cve-2023-28220 |
|
| Details | CVE | 6 | cve-2023-28227 |
|
| Details | CVE | 24 | cve-2023-28231 |
|
| Details | CVE | 5 | cve-2023-28266 |
|
| Details | CVE | 5 | cve-2023-28274 |
|
| Details | CVE | 5 | cve-2023-28234 |
|
| Details | CVE | 5 | cve-2023-28233 |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 25 | www.cyfirma.com |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 67 | citizenlab.ca |
|
| Details | Domain | 20 | insight-jp.nttsecurity.com |
|
| Details | Domain | 6 | blog.sygnia.co |
|
| Details | Domain | 65 | blog.cyble.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | File | 4 | dn.dll |
|
| Details | File | 4 | dn64.dll |
|
| Details | File | 1 | 奇安信威胁情报中心及奇安信网络安全部通过日常监测发现navicat.exe |
|
| Details | File | 2 | balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html |
|
| Details | Mandiant Uncategorized Groups | 11 | UNC4466 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 25 | DEV-1084 |
|
| Details | Threat Actor Identifier - APT-C | 15 | APT-C-28 |
|
| Details | Threat Actor Identifier - APT-C | 79 | APT-C-23 |
|
| Details | Threat Actor Identifier - APT-LY | 2 | APT-LY-1006 |
|
| Details | Threat Actor Identifier - APT | 115 | APT43 |
|
| Details | Url | 1 | https://blog.google/threat-analysis-group/how-were-protecting-users-from-government-backed-attacks-from-north-korea |
|
| Details | Url | 1 | https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment |
|
| Details | Url | 3 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mantis-palestinian-attacks |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/tbpfybetqchm1h23ssuunq |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/rhbsclzahlp0zggc3n5ppq |
|
| Details | Url | 5 | https://securelist.com/the-lazarus-group-deathnote-campaign/109490 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/nlx-b4_-psrr51fu_mx7ha |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/e2x_qqbkz6kbsgmgz108tg |
|
| Details | Url | 3 | https://www.cyfirma.com/outofband/ares-leaks-emerging-cyber-crime-cartel |
|
| Details | Url | 2 | https://blog.sucuri.net/2023/04/balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html |
|
| Details | Url | 4 | https://www.mandiant.com/resources/blog/alphv-ransomware-backup |
|
| Details | Url | 1 | https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers |
|
| Details | Url | 1 | https://insight-jp.nttsecurity.com/post/102ic6o/webgoogle-chrome |
|
| Details | Url | 1 | https://blog.sygnia.co/threat-actor-spotlight-ragnarlocker-ransomware |
|
| Details | Url | 1 | https://blog.cyble.com/2023/04/07/new-cylance-ransomware-with-power-packed-commandline-options |
|
| Details | Url | 1 | https://blog.checkpoint.com/research/what-do-the-inkblots-tell-you-check-point-researchers-unveil-rorschach-previously-unseen-fastest-ever-ransomware |
|
| Details | Url | 2 | https://blog.cyble.com/2023/04/06/demystifying-money-message-ransomware |
|
| Details | Url | 1 | https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rilide-a-new-malicious-browser-extension-for-stealing-cryptocurrencies |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/crypto-clipper-targets-portuguese-speakers |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/qysbypz6p6cpsxwzuwccpa |