ioc[.]one - OSINT Cyber Threat Intelligence Database

Bluepurple Pulse: week ending September 31st

Tags

cmtmf-attack-pattern:	Masquerading
country:	Argentina Australia Bolivia Canada China North Korea El Salvador Germany France Iran Israel Japan Saudi Arabia Spain Singapore Taiwan Ukraine United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Artificial Intelligence - T1588.007 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Hardware - T1592.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Web Shell - T1505.003 Windows Credential Manager - T1555.004 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Masquerading - T1036 Web Shell - T1100 Masquerading

Show in Graph

Common Information

Type	Value
UUID	99f4e50e-2a23-4420-abbe-37ffe5e2ffdc
Fingerprint	27d1919f8421b349
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 29, 2023, midnight
Added to db	Aug. 31, 2024, 1:23 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Cyber Defence Analysis for Blue & Purple Teams
Title	Bluepurple Pulse: week ending September 31st
Detected Hints/Tags/Attributes	226/4/62

Source URLs

	Redirection	Url
Details	Source	https://bluepurple.binaryfirefly.com/p/bluepurple-pulse-week-ending-september-cd9

URL Provider

Details	Provider	Source level domain
Details	binaryfirefly.com	bluepurple.binaryfirefly.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	76	✔	Cyber Defence Analysis for Blue & Purple Teams	https://bluepurple.binaryfirefly.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	74	thedfirreport.com
Details	Domain	1	blog.washi.dev
Details	Domain	4	people.redhat.com
Details	Domain	3	gpu.zip
Details	Domain	3	www.hertzbleed.com
Details	Domain	1	internal.properties
Details	Domain	14	attackerkb.com
Details	Domain	1	blog.foxio.io
Details	Domain	2	httptoolkit.com
Details	File	1	csa_blacktech_hide_in_routers_tlp-clear.pdf
Details	File	5	30.dll
Details	File	1	malice.pdf
Details	File	1	apts.pdf
Details	File	2	document8765.exe
Details	File	1	marvin-attack-paper.pdf
Details	File	4	gpu.zip
Details	File	1	gpu-zip.pdf
Details	File	1	network.pdf
Details	File	1	c:\teamcity\logs\teamcity-server.log
Details	Github username	1	g-les
Details	Github username	3	a13xp0p0v
Details	Github username	4	gtworek
Details	Github username	1	h311d1n3r
Details	Github username	30	google
Details	Threat Actor Identifier - APT-C	79	APT-C-23
Details	Threat Actor Identifier - APT	144	APT38
Details	Threat Actor Identifier - APT	297	APT27
Details	Threat Actor Identifier by Unit 42	4	CL-STA-0046
Details	Url	1	https://www.npr.org/2023/09/06/1196975759/ukraine-cyber-war-russia-sbu-illia-vitiuk
Details	Url	1	https://www.21.co/research/on-chain-insights-10-crypto-holdings-of-lazarus-group
Details	Url	1	https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover
Details	Url	1	https://media.defense.gov/2023/sep/27/2003309107/-1/-1/0/csa_blacktech_hide_in_routers_tlp-clear.pdf
Details	Url	2	https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign
Details	Url	2	https://unit42.paloaltonetworks.com/stately-taurus-attacks-se-asian-government
Details	Url	2	https://unit42.paloaltonetworks.com/alloy-taurus-targets-se-asian-government
Details	Url	4	https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia
Details	Url	1	https://hitcon.org/2023/cmt/slide/groundpeony_crawling
Details	Url	1	https://hitcon.org/2023/cmt/slide/why
Details	Url	3	https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit
Details	Url	1	https://github.com/g-les/macho_similarity
Details	Url	1	https://github.com/a13xp0p0v/kernel-hardening-checker
Details	Url	2	https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours
Details	Url	1	https://blog.washi.dev/posts/popping-calcs-in-dnspy
Details	Url	1	https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf
Details	Url	1	https://www.hertzbleed.com/gpu.zip/gpu-zip.pdf
Details	Url	1	https://github.com/gtworek/psbits/tree/master/projfs
Details	Url	1	https://hitcon.org/2023/cmt/slide/how
Details	Url	1	https://attackerkb.com/topics/1xeeekghzt/cve-2023-42793/rapid7-analysis
Details	Url	1	https://blog.foxio.io/ja4-network-fingerprinting-9376fe9ca637
Details	Url	1	https://httptoolkit.com/blog/android-14-install-system-ca-certificate
Details	Url	1	https://github.com/h311d1n3r/cerberus
Details	Url	1	https://github.com/google/bindiff
Details	CVE	53	cve-2023-42793
Details	Domain	3	1health.io
Details	Domain	17	www.npr.org
Details	Domain	16	stake.com
Details	Domain	1	www.21.co
Details	Domain	124	www.sentinelone.com
Details	Domain	36	www.volexity.com
Details	Domain	224	unit42.paloaltonetworks.com
Details	Domain	13	hitcon.org
Details	Domain	4127	github.com