ioc[.]one - OSINT Cyber Threat Intelligence Database

每周高级威胁情报解读(2023.06.01~06.08)

Tags

country:	Chad Vietnam
attack-pattern:	Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 Windows Management Instrumentation - T1047

Show in Graph

Common Information

Type	Value
UUID	b10c8e4b-8cf6-405a-b74e-4f3281dc9ecb
Fingerprint	907beff6d8ed6f61
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 1, 2023, midnight
Added to db	June 11, 2023, 2:44 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	每周高级威胁情报解读(2023.06.01~06.08)
Title	每周高级威胁情报解读(2023.06.01~06.08)
Detected Hints/Tags/Attributes	67/2/50

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247506646&idx=1&sn=580335e923ea0296d90f4b870a7a7529&chksm=ea662da1dd11a4b731942ec024db57ea972efd685bb3dcf57fe8fbc325979976075d0bb93c73&scene=58&subscene=0#rd
Details	Source	https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247506764&idx=2&sn=a237450ca5db1a51f3ec3660e72008d0&chksm=ea662c3bdd11a52d77804bfa0ec840e0277e616d1c9c6bcdfbc9e0d1236360a654e6aee4240f&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	267	✔	奇安信威胁情报中心	https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	29	cve-2022-31199
Details	Domain	189	asec.ahnlab.com
Details	Domain	208	mp.weixin.qq.com
Details	Domain	546	www.recordedfuture.com
Details	Domain	403	securelist.com
Details	Domain	27	www.uptycs.com
Details	Domain	604	www.trendmicro.com
Details	Domain	37	blogs.vmware.com
Details	Domain	35	www.akamai.com
Details	Domain	65	blog.cyble.com
Details	Domain	261	blog.talosintelligence.com
Details	Domain	84	www.zscaler.com
Details	Domain	6	vulcan.io
Details	File	1	column.exe
Details	File	816	index.html
Details	File	9	timeline.csv
Details	File	1	impulse-team-massive-cryptocurrency-scam.html
Details	File	1	carbon-blacks-truebot-detection.html
Details	File	1	攻击链始于从chrome下载可执行文件update.exe
Details	File	1	它会检索并下载第二阶段可执行文件3ujwy2rz7v.exe
Details	File	1	由cmd.exe
Details	File	1	xollam-the-latest-face-of-targetcompany.html
Details	Threat Actor Identifier - APT-C	15	APT-C-55
Details	Threat Actor Identifier - APT	277	APT37
Details	Threat Actor Identifier - APT	144	APT38
Details	Threat Actor Identifier by Recorded Future	9	TAG-71
Details	Url	1	https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence
Details	Url	3	https://asec.ahnlab.com/en/53377
Details	Url	1	https://mp.weixin.qq.com/template/article/1686032491/index.html
Details	Url	1	https://www.nsa.gov/press-room/press-releases-statements/press-release-view/article/3413621/us-rok-agencies-alert-dprk-cyber-actors-impersonating-targets-to-collect-intell
Details	Url	1	https://threatmon.io/reverse-engineering-rokrat-a-closer-look-at-apt37s-onedrive-based-attack-vector
Details	Url	2	https://mp.weixin.qq.com/s/mzadlpxbpcfqav41rtvm3a
Details	Url	2	https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions
Details	Url	4	https://securelist.com/operation-triangulation/109842
Details	Url	2	https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo
Details	Url	1	https://www.trendmicro.com/en_us/research/23/f/impulse-team-massive-cryptocurrency-scam.html
Details	Url	1	https://www.bitdefender.com/blog/labs/tens-of-thousands-of-compromised-android-apps-found-by-bitdefender-anomaly-detection-technology
Details	Url	1	https://blogs.vmware.com/security/2023/06/carbon-blacks-truebot-detection.html
Details	Url	1	https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
Details	Url	1	https://mp.weixin.qq.com/s/avrm6llwks6primnghpyow
Details	Url	1	https://blog.cyble.com/2023/06/02/moveit-transfer-vulnerability-actively-exploited
Details	Url	1	https://blog.talosintelligence.com/new-horabot-targets-americas
Details	Url	1	https://www.trendmicro.com/en_us/research/23/f/xollam-the-latest-face-of-targetcompany.html
Details	Url	2	https://blog.cyble.com/2023/06/06/lockbit-ransomware-2-0-resurfaces
Details	Url	1	https://adlumin.com/post/powerdrop-a-new-insidious-powershell-script-for-command-and-control-attacks-targets-u-s-aerospace-defense-industry
Details	Url	2	https://securelist.com/satacom-delivers-cryptocurrency-stealing-browser-extension/109807
Details	Url	1	https://blog.cyble.com/2023/06/05/helloteacher-new-android-malware-targeting-banking-users-in-vietnam
Details	Url	1	https://www.zscaler.com/blogs/security-research/technical-analysis-bandit-stealer
Details	Url	3	https://vulcan.io/blog/ai-hallucinations-package-risk
Details	Url	1	https://mp.weixin.qq.com/s/oojqo-ifd_j8blykf5gdwa