Bluepurple Pulse: week ending September 24th
Tags
country: Armenia Egypt Australia Canada China North Korea India Iran Pakistan Israel Japan South Korea Mali Russia Ukraine United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Models Artificial Intelligence - T1588.007 Cloud Services - T1021.007 Dll Search Order Hijacking - T1574.001 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Password Managers - T1555.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Connection Proxy - T1090 Dll Search Order Hijacking - T1038 Hypervisor - T1062 Powershell - T1086 Remote Access Tools - T1219
Show in Graph
Common Information
Type Value
UUID 9883790b-5563-4d7d-97bd-875ddd135f08
Fingerprint 2500981d8327bee1
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 22, 2023, midnight
Added to db Aug. 31, 2024, 1:23 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Cyber Defence Analysis for Blue & Purple Teams
Title Bluepurple Pulse: week ending September 24th
Detected Hints/Tags/Attributes 211/3/70
Attributes
Details Type #Events CTI Value
Details CVE 133 
cve-2023-38831
Details CVE 2 
cve-2023-4039
Details CVE 20 
cve-2023-0266
Details CVE 26 
cve-2023-26083
Details CVE 34 
cve-2022-4262
Details CVE 21 
cve-2022-3038
Details CVE 20 
cve-2022-22706
Details Domain 16 
stake.com
Details Domain 182 
www.mandiant.com
Details Domain 23 
paper.seebug.org
Details Domain 3 
paper-seebug-org.translate.goog
Details Domain 47 
go.recordedfuture.com
Details Domain 604 
www.trendmicro.com
Details Domain 261 
blog.talosintelligence.com
Details Domain 12 
www.lookout.com
Details Domain 23 
permiso.io
Details Domain 84 
www.zscaler.com
Details Domain 101 
www.elastic.co
Details Domain 4127 
github.com
Details Domain 2 
ipfyx.fr
Details Domain 2 
retool.com
Details Domain 4 
rtx.meta.security
Details Domain 3 
pushsecurity.com
Details Domain 19 
www.trustedsec.com
Details Domain 3 
cybercx.com.au
Details Domain 84 
www.mozilla.org
Details Domain 36 
googleprojectzero.blogspot.com
Details Domain 13 
hex-rays.com
Details File 2 
cta-2023-0919.pdf
Details File 3 
earth-lusca-employs-new-linux-backdoor.html
Details File 2 
cve-2023-4039.html
Details File 2 
analyzing-modern-in-wild-android-exploit.html
Details Github username 4 
specterops
Details Github username 7 
volexity
Details Github username 2 
malcomvetter
Details Github username 5 
p0dalirius
Details Github username 3 
intel
Details Mandiant Uncategorized Groups 111 
UNC3944
Details Microsoft Threat Actor Naming Taxonomy (Groups in development) 3 
STORM-0875
Details Microsoft Threat Actor Naming Taxonomy (Groups in development) 79 
Storm-0978
Details Threat Actor Identifier - APT 665 
APT29
Details Threat Actor Identifier - APT 277 
APT37
Details Threat Actor Identifier - APT 522 
APT41
Details Threat Actor Identifier - APT 121 
APT36
Details Threat Actor Identifier by Recorded Future 4 
TAG-74
Details Url 3 
https://www.mandiant.com/resources/blog/apt29-evolving-diplomatic-phishing
Details Url 2 
https://paper.seebug.org/3031
Details Url 2 
https://paper-seebug-org.translate.goog/3032/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
Details Url 2 
https://go.recordedfuture.com/hubfs/reports/cta-2023-0919.pdf
Details Url 3 
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details Url 4 
https://blog.talosintelligence.com/introducing-shrouded-snooper
Details Url 3 
https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41
Details Url 2 
https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud
Details Url 5 
https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal
Details Url 4 
https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware
Details Url 3 
https://www.elastic.co/security-labs/peeling-back-the-curtain-with-call-stacks
Details Url 2 
https://github.com/specterops/tierzerotable
Details Url 2 
https://github.com/volexity/donut-decryptor
Details Url 2 
https://ipfyx.fr/post/visual-studio-code-tunnel
Details Url 2 
https://retool.com/blog/mfa-isnt-mfa
Details Url 2 
https://rtx.meta.security/mitigation/2023/09/12/cve-2023-4039.html
Details Url 2 
https://github.com/malcomvetter/periscope
Details Url 2 
https://github.com/p0dalirius/extractbitlockerkeys
Details Url 2 
https://pushsecurity.com/blog/nearly-invisible-attack-chain
Details Url 2 
https://www.trustedsec.com/blog/okta-for-red-teamers
Details Url 2 
https://cybercx.com.au/blog/akira-ransomware
Details Url 5 
https://www.mozilla.org/en-us/security/advisories/mfsa2023-40
Details Url 2 
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
Details Url 2 
https://github.com/intel/tsffs
Details Url 2 
https://hex-rays.com/contests_details/contest2023