每周高级威胁情报解读(2024.12.13~12.19)
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 965541c2-1d9d-4a7c-85aa-da8368cd0c37 |
| Fingerprint | af52a17bf6a4ecc5 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Dec. 13, 2024, midnight |
| Added to db | Dec. 21, 2024, 3:43 a.m. |
| Last updated | Dec. 23, 2024, 12:11 p.m. |
| Headline | 每周高级威胁情报解读(2024.12.13~12.19) |
| Title | 每周高级威胁情报解读(2024.12.13~12.19) |
| Detected Hints/Tags/Attributes | 42/2/59 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 2 | cve-2023-28905 |
|
| Details | Domain | 463 | securelist.com |
|
| Details | Domain | 9 | jacknwoods.com |
|
| Details | Domain | 297 | mp.weixin.qq.com |
|
| Details | Domain | 9 | ledger.com |
|
| Details | Domain | 5 | ledger-recovery.info |
|
| Details | Domain | 25 | www.wiz.io |
|
| Details | Domain | 139 | trendmicro.com |
|
| Details | Domain | 20 | www.netskope.com |
|
| Details | Domain | 149 | securityaffairs.com |
|
| Details | Domain | 91 | www.zscaler.com |
|
| Details | 4 | support@ledger.com |
||
| Details | File | 2 | worldclient.ini |
|
| Details | File | 9 | hmpalert.sys |
|
| Details | File | 6 | hmpalert.dll |
|
| Details | File | 2335 | cmd.exe |
|
| Details | File | 1 | laboral.xz |
|
| Details | File | 17 | dismcore.dll |
|
| Details | File | 26 | dism.exe |
|
| Details | File | 1 | 该shellcode下载gdfinstall.exe |
|
| Details | File | 3 | 和gameuxinstallhelper.dll |
|
| Details | File | 3 | 白加黑的gameuxinstallhelper.dll |
|
| Details | File | 1 | 该导出函数解密数据后执行updated.ps1 |
|
| Details | File | 2 | updated.ps1 |
|
| Details | File | 1 | 最后下载的dll首先注入svchost.exe |
|
| Details | File | 3 | 并使用schtasks.exe |
|
| Details | File | 1 | darkgate-malware.html |
|
| Details | File | 1 | 攻击者通过cmd.exe |
|
| Details | File | 2 | 调用rundll32.exe |
|
| Details | File | 1 | 加载safestore.dll |
|
| Details | File | 1 | 通过anydesk.exe |
|
| Details | File | 1 | 投放的systemcert.exe |
|
| Details | File | 1 | a3x和autoit3.exe |
|
| Details | File | 39 | autoit3.exe |
|
| Details | File | 2 | 美国司法部.pdf |
|
| Details | File | 1 | 美国政府请求在刑事问题上进行国际合作.docx |
|
| Details | File | 5 | idrinit.exe |
|
| Details | File | 5 | productstatistics3.dll |
|
| Details | File | 1 | pumakit-sophisticated-rootkit.html |
|
| Details | File | 9 | 1.bin |
|
| Details | File | 1 | volkswagen-group-infotainment-unit-flaws.html |
|
| Details | Threat Actor Identifier - APT-C | 103 | APT-C-36 |
|
| Details | Url | 1 | https://securelist.com/careto-is-back/114942 |
|
| Details | Url | 1 | https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/wlduwr3wvuo37eaorxs8ag |
|
| Details | Url | 2 | https://security.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/new-fake-ledger-data-breach-emails-try-to-steal-crypto-wallets |
|
| Details | Url | 1 | https://www.securonix.com/blog/analyzing-fluxconsole-using-tax-themed-lures-threat-actors-exploit-windows-management-console-to-deliver-backdoor-payloads |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/aqmjt3vzwh3qf0ozxt2roq |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/fzs-0mvk15cime6ikysyvw |
|
| Details | Url | 2 | https://www.wiz.io/blog/diicot-threat-group-malware-campaign |
|
| Details | Url | 1 | https://trendmicro.com/en_us/research/24/l/darkgate-malware.html |
|
| Details | Url | 1 | https://www.netskope.com/blog/new-yokai-side-loaded-backdoor-targets-thai-officials |
|
| Details | Url | 1 | https://securityaffairs.com/172016/malware/pumakit-sophisticated-rootkit.html |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/cxzbppktm3tti53hyh8jmg |
|
| Details | Url | 3 | https://pypi.org |
|
| Details | Url | 2 | https://www.zscaler.com/blogs/security-research/inside-zloader-s-latest-trick-dns-tunneling |
|
| Details | Url | 1 | https://securityaffairs.com/172024/hacking/volkswagen-group-infotainment-unit-flaws.html |
|
| Details | Url | 1 | https://www.securityweek.com/critical-vulnerabilities-found-in-ruijie-reyee-cloud-management-platform |