ioc[.]one - OSINT Cyber Threat Intelligence Database

Bluepurple Pulse: week ending October 15th

Tags

cmtmf-attack-pattern:	Supply Chain Compromise
country:	Egypt China North Korea France Iran Pakistan Kazakhstan Saudi Arabia Qatar Uzbekistan Russia Vietnam Taiwan
attack-pattern:	Data Model Models Artificial Intelligence - T1588.007 Confluence - T1213.001 Dll Side-Loading - T1574.002 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Supply Chain Compromise - T1474 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Dll Side-Loading - T1073 Supply Chain Compromise - T1195 Web Shell - T1100 Denial Of Service Supply Chain Compromise

Show in Graph

Common Information

Type	Value
UUID	ce36f081-f461-4cce-a550-aae6589b0e4e
Fingerprint	b510111d8e278e99
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 12, 2023, midnight
Added to db	Aug. 31, 2024, 1:23 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Cyber Defence Analysis for Blue & Purple Teams
Title	Bluepurple Pulse: week ending October 15th
Detected Hints/Tags/Attributes	204/3/57

Attributes

Details	Type	#Events	Value
Details	Url	2	https://www.bitsight.com/blog/bitsight-identifies-nearly-100000-exposed-industrial-control-systems
Details	Url	2	https://projectblack.io/blog/turn-off-this-watchguard-feature-guardlapse
Details	Url	4	https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641
Details	Url	2	https://securityintelligence.com/x-force/reflective-call-stack-detections-evasions
Details	Url	2	https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/expose
Details	Url	2	https://github.com/cr4sh/smmbackdoorng
Details	Url	2	https://research.checkpoint.com/2023/r2r-stomping-are-you-ready-to-run
Details	Url	2	https://github.com/rapierxbox/esp32-sour-apple
Details	Url	2	https://github.com/br0kej/faser
Details	Url	2	https://people.cs.umass.edu/~brun/pubs/pubs/agrawal23icse-demo.pdf
Details	CVE	133	cve-2023-38831
Details	CVE	102	cve-2023-22515
Details	CVE	6	cve-2022-23748
Details	CVE	10	cve-2023-43641
Details	CVE	152	cve-2023-3519
Details	CVE	68	cve-2020-14882
Details	CVE	27	cve-2020-14750
Details	Domain	182	www.mandiant.com
Details	Domain	2	www.0x0v1.com
Details	Domain	1373	twitter.com
Details	Domain	8	www.humansecurity.com
Details	Domain	35	www.akamai.com
Details	Domain	4	embee-research.ghost.io
Details	Domain	4127	github.com
Details	Domain	5	eclecticlight.co
Details	Domain	2	campbell.scot
Details	Domain	4	eurepoc.eu
Details	Domain	14	www.bitsight.com
Details	Domain	2	projectblack.io
Details	Domain	15	github.blog
Details	Domain	88	securityintelligence.com
Details	Domain	207	learn.microsoft.com
Details	Domain	141	research.checkpoint.com
Details	Domain	2	people.cs.umass.edu
Details	File	6	dal_keepalives.dll
Details	File	3	human_report_badbox-and-peachpit.pdf
Details	File	7	people.cs
Details	File	2	agrawal23icse-demo.pdf
Details	Github username	3	paranoidninja
Details	Github username	10	datadog
Details	Github username	2	erikwynter
Details	Github username	4	cr4sh
Details	Github username	2	rapierxbox
Details	Github username	3	br0kej
Details	Microsoft Threat Actor Naming Taxonomy (Groups in development)	23	Storm-0062
Details	Url	4	https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023
Details	Url	2	https://www.0x0v1.com/the-evolution-of-apt37s-rokrat-rambleon-android-spyware
Details	Url	3	https://twitter.com/msftsecintel/status/1711871732644970856
Details	Url	3	https://www.humansecurity.com/hubfs/human_report_badbox-and-peachpit.pdf
Details	Url	5	https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer
Details	Url	2	https://embee-research.ghost.io/yara-rule-development-il-instructions-in-redline-malware
Details	Url	2	https://github.com/paranoidninja/cobaltstrike-detection/blob/main/cs49.yara
Details	Url	2	https://github.com/datadog/kubehound
Details	Url	2	https://eclecticlight.co/2023/10/07/sonomas-log-gets-briefer-and-more-secretive
Details	Url	2	https://github.com/erikwynter/cve-2023-22515-scan
Details	Url	2	https://campbell.scot/conditional-access-common-microsoft-365-security-mistakes-series
Details	Url	2	https://eurepoc.eu/publication/major-cyber-incident-ka-sat-9a