UNKNOWN
Common Information
Type Value
UUID a96d8bf4-19ae-4157-b3a1-d4eb6099fdd3
Fingerprint 7d251cc37fe01c5c
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published None
Added to db Dec. 20, 2024, 12:02 a.m.
Last updated Dec. 23, 2024, 2:25 a.m.
Headline UNKNOWN
Title UNKNOWN
Detected Hints/Tags/Attributes 48/2/54
Source URLs
Attributes
Details Type #Events CTI Value
Details CVE 10
cve-2017-12824
Details CVE 115
cve-2018-8174
Details CVE 7
cve-2007-5633
Details CVE 5
cve-2010-1592
Details CVE 5
cve-2009-0824
Details CVE 74
cve-2017-8570
Details CVE 33
cve-2018-8373
Details Domain 195
www.securityweek.com
Details Domain 127
www.justice.gov
Details Domain 71
www.cyberscoop.com
Details Domain 263
unit42.paloaltonetworks.com
Details Domain 1490
twitter.com
Details Domain 22
ti.360.net
Details Domain 95
securityaffairs.co
Details Domain 462
securelist.com
Details Domain 285
blog.talosintelligence.com
Details Domain 6752
163.com
Details File 14
msfte.dll
Details File 6
ntwdblib.dll
Details File 1
初始loader程序将合法的windows库'scesrv.dll
Details File 2
overruled-containing-a-potentially-destructive-adversary.html
Details File 3
apt38-details-on-new-north-korean-regime-backed-threat-group.html
Details File 1
5fc9c36b4cb81d4281599f0d3416931a.pdf
Details File 1
vpnfilter-botnet-doj.html
Details File 8
vpnfilter.html
Details md5 1
5fc9c36b4cb81d4281599f0d3416931a
Details Threat Actor Identifier - APT-C 28
APT-C-06
Details Threat Actor Identifier - APT-C 15
APT-C-12
Details Threat Actor Identifier - APT 915
APT28
Details Threat Actor Identifier - APT 178
APT38
Details Url 2
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group
Details Url 2
https://www.securityweek.com/russia-hacked-olympics-computers-turned-blame-north-korea-report
Details Url 7
https://www.justice.gov/opa/press-release/file/1092091/download
Details Url 2
https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html
Details Url 2
https://www.fireeye.com/blog/threat-research/2018/10/apt38-details-on-new-north-korean-regime-backed-threat-group.html
Details Url 3
https://www.cyberscoop.com/kaspersky-slingshot-isis-operation-socom-five-eyes
Details Url 1
https://www.bleepingcomputer.com/news/security/ukraine-says-it-stopped-a-vpnfilter-attack-on-a-chlorine-distillation-station
Details Url 3
https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign
Details Url 1
https://twitter.com/360tic/status/1078908533125443584
Details Url 1
https://ti.360.net/uploads/2018/07/05/5fc9c36b4cb81d4281599f0d3416931a.pdf
Details Url 1
https://ti.360.net/blog/articles/oceanlotus-with-cve-2017-8570
Details Url 4
https://ti.360.net/blog/articles/oceanlotus-targets-chinese-university
Details Url 1
https://ti.360.net/blog/articles/latest-sample-and-c2-mechanism-of-apt-c-12
Details Url 3
https://ti.360.net/blog/articles/details-of-apt-c-12-of-operation-nuclearcrisis
Details Url 3
https://ti.360.net/blog/articles/analyzing-attack-of-cve-2018-8373-and-darkhotel
Details Url 1
https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups
Details Url 1
https://ti.360.net/blog/articles/analysis-of-darkhotel
Details Url 2
https://ti.360.net/blog/articles/analysis-of-apt-campaign-bitter
Details Url 1
https://securityaffairs.co/wordpress/72851/apt/vpnfilter-botnet-doj.html
Details Url 1
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems
Details Url 1
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/malicious-document-targets-pyeongchang-olympics
Details Url 1
https://securelist.com/threats-in-the-netherlands/88185
Details Url 5
https://securelist.com/apt-slingshot/84312
Details Url 8
https://blog.talosintelligence.com/2018/05/vpnfilter.html