每周高级威胁情报解读(2024.10.18~10.24)
Tags
| country: | U.S. Virgin Islands |
| attack-pattern: | Credentials - T1589.001 Javascript - T1059.007 Powershell - T1059.001 Web Services - T1583.006 Web Services - T1584.006 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | b34135c8-bcd3-470a-9aa2-c354a93a8e63 |
| Fingerprint | 9523022e1968d67 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 18, 2024, midnight |
| Added to db | Oct. 25, 2024, 1:35 p.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | 每周高级威胁情报解读(2024.10.18~10.24) |
| Title | 每周高级威胁情报解读(2024.10.18~10.24) |
| Detected Hints/Tags/Attributes | 57/2/40 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 29 | cve-2024-4947 |
|
| Details | CVE | 17 | cve-2024-38816 |
|
| Details | CVE | 13 | cve-2020-11899 |
|
| Details | CVE | 87 | cve-2024-47575 |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 15 | detankzone.com |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 25 | cyble.com |
|
| Details | Domain | 101 | www.elastic.co |
|
| Details | Domain | 138 | www.securityweek.com |
|
| Details | File | 2 | 同一特性的还有.url |
|
| Details | File | 2 | winlst.dll |
|
| Details | File | 29 | jscript9.dll |
|
| Details | File | 2 | 谷歌安装包_15_97316.msi |
|
| Details | File | 18 | chromesetup.exe |
|
| Details | File | 9 | setup.dll |
|
| Details | File | 2 | k3.bin |
|
| Details | File | 1 | fake-lockbit-real-damage-ransomware-samples-abuse-aws-s3-to-stea.html |
|
| Details | IPv4 | 7 | 6.0.1.66 |
|
| Details | Threat Actor Identifier - APT-C | 22 | APT-C-08 |
|
| Details | Threat Actor Identifier - APT-C | 102 | APT-C-35 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/kkl0jh14m9dtdgtsgq4gag |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/qccuu0e6d84tdq1r2dcsja |
|
| Details | Url | 2 | https://blog.talosintelligence.com/uat-5647-romcom |
|
| Details | Url | 1 | https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282 |
|
| Details | Url | 1 | https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217 |
|
| Details | Url | 1 | https://asec.ahnlab.com/en/83877 |
|
| Details | Url | 1 | https://cyble.com/blog/vietnamese-threat-actors-multi-layered-strategy-on-digital-marketing-professionals |
|
| Details | Url | 1 | https://cyble.com/blog/cyble-sensors-detect-attacks-on-java-framework-iot-devices |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/42samc3j-rljigynnsxlxq |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/mtddrj3rrm6xspb_usg3ug |
|
| Details | Url | 1 | https://www.security.com/threat-intelligence/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps |
|
| Details | Url | 1 | https://www.elastic.co/security-labs/tricks-and-treats |
|
| Details | Url | 1 | https://blog.talosintelligence.com/warmcookie-analysis |
|
| Details | Url | 2 | https://securelist.com/grandoreiro-banking-trojan/114257 |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/24/j/fake-lockbit-real-damage-ransomware-samples-abuse-aws-s3-to-stea.html |
|
| Details | Url | 1 | https://www.securityweek.com/fortinet-confirms-zero-day-exploit-targeting-fortimanager-systems |