每周高级威胁情报解读(2023.06.22~06.29)
Tags
| country: | Pakistan Ukraine |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Ssh - T1021.004 Rootkit - T1014 Rootkit |
Common Information
| Type | Value |
|---|---|
| UUID | d823db5e-565d-4255-888c-353e03cc366b |
| Fingerprint | a6fedb1e5c738a6b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 22, 2023, midnight |
| Added to db | July 1, 2023, 6:31 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | 每周高级威胁情报解读(2023.06.22~06.29) |
| Title | 每周高级威胁情报解读(2023.06.22~06.29) |
| Detected Hints/Tags/Attributes | 73/3/54 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 117 | cve-2023-2868 |
|
| Details | CVE | 48 | cve-2020-35730 |
|
| Details | CVE | 24 | cve-2021-44026 |
|
| Details | CVE | 91 | cve-2021-34527 |
|
| Details | CVE | 172 | cve-2022-30190 |
|
| Details | CVE | 6 | cve-2022-31696 |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 83 | cert.gov.ua |
|
| Details | Domain | 65 | blog.cyble.com |
|
| Details | Domain | 101 | www.elastic.co |
|
| Details | Domain | 17 | www.threatfabric.com |
|
| Details | Domain | 37 | blogs.vmware.com |
|
| Details | Domain | 13 | www.reliaquest.com |
|
| Details | Domain | 144 | www.fortinet.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | 4 | ukraine_news@meta.ua |
||
| Details | File | 1 | 攻击者使用mshta.exe |
|
| Details | File | 5 | q.js |
|
| Details | File | 7 | e.js |
|
| Details | File | 15 | sh.py |
|
| Details | File | 4 | 8base-ransomware-a-heavy-hitting-player.html |
|
| Details | File | 3 | bild.exe |
|
| Details | Threat Actor Identifier - APT-C | 30 | APT-C-26 |
|
| Details | Threat Actor Identifier - APT-C | 102 | APT-C-35 |
|
| Details | Threat Actor Identifier - APT-C | 17 | APT-C-17 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier by Tencent | 27 | T-APT-04 |
|
| Details | Url | 1 | https://www.rewterz.com/rewterz-news/rewterz-threat-alert-apt-c-35-aka-donot-team-active-iocs-14 |
|
| Details | Url | 4 | https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119 |
|
| Details | Url | 1 | https://www.rewterz.com/rewterz-news/rewterz-threat-alert-sidewinder-apt-group-launches-cyber-espionage-campaign-against-pakistan-government-active-iocs |
|
| Details | Url | 1 | https://www.volexity.com/blog/2023/06/28/charming-kitten-updates-powerstar-with-an-interplanetary-twist |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/mlkyhlzkamygcf4czw0vag |
|
| Details | Url | 6 | https://cert.gov.ua/article/4905829 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/fqa8jhnpljlamhbdeyutxq |
|
| Details | Url | 1 | https://blog.cyble.com/2023/06/28/akira-ransomware-extends-reach-to-linux-platform |
|
| Details | Url | 2 | https://www.sentinelone.com/blog/jokerspy-unknown-adversary-targeting-organizations-with-multi-stage-macos-malware |
|
| Details | Url | 1 | https://blog.cyble.com/2023/06/27/unveiling-wagner-groups-cyber-recruitment |
|
| Details | Url | 1 | https://www.securonix.com/securonix-threat-labs-security-advisory-multistorm-leverages-python-based-loader-as-onedrive-utilities-to-drop-rat-payloads |
|
| Details | Url | 1 | https://www.elastic.co/cn/security-labs/inital-research-of-jokerspy |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/dpa1rxlfzjvqkj1dtqmzda |
|
| Details | Url | 1 | https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign |
|
| Details | Url | 1 | https://www.microsoft.com/en-us/security/blog/2023/06/22/iot-devices-and-linux-based-systems-targeted-by-openssh-trojan-campaign |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/qghcs2x1ebs6f44jzr2nmw |
|
| Details | Url | 4 | https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html |
|
| Details | Url | 1 | https://www.reliaquest.com/blog/gootloader-infection-credential-access |
|
| Details | Url | 1 | https://www.fortinet.com/blog/threat-research/ransomware-roundup-black-basta |
|
| Details | Url | 4 | https://unit42.paloaltonetworks.com/mirai-variant-targets-iot-exploits |
|
| Details | Url | 1 | https://asec.ahnlab.com/ko/54767 |
|
| Details | Url | 1 | https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid |
|
| Details | Url | 1 | https://blog.cyble.com/2023/06/22/mallox-ransomware-implements-new-infection-strategy |
|
| Details | Url | 1 | https://cybergeeks.tech/a-technical-analysis-of-the-saltwater-backdoor-used-in-barracuda-0-day-vulnerability-cve-2023-2868-exploitation |
|
| Details | Url | 1 | https://www.zerodayinitiative.com/blog/2023/6/21/cve-2022-31696-an-analysis-of-a-vmware-esxi-tcp-socket-keepalive-type-confusion-lpe |