ioc[.]one - OSINT Cyber Threat Intelligence Database

每周高级威胁情报解读(2023.09.08~09.14)

Tags

country:	Cuba
maec-delivery-vectors:	Watering Hole
attack-pattern:	Botnet - T1583.005 Botnet - T1584.005 Cron - T1053.003 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Whois - T1596.002 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	d9ffe1e7-2f73-45ff-bfcf-75a718262488
Fingerprint	dcdcbce6f92570f5
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 8, 2023, midnight
Added to db	Nov. 20, 2023, 12:37 a.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	每周高级威胁情报解读(2023.09.08~09.14)
Title	每周高级威胁情报解读(2023.09.08~09.14)
Detected Hints/Tags/Attributes	57/3/56

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247508162&idx=1&sn=4eb5dd169233852dead0ad2a3365d9a8&chksm=ea6657b5dd11dea396a46dd2522d5032a47c34a2d695d564568e7a1b4948766de8a2aaef32a0&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	267	✔	奇安信威胁情报中心	https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	10	cve-2022-26501
Details	CVE	6	cve-2022-26504
Details	CVE	21	cve-2023-36802
Details	CVE	13	cve-2023-36761
Details	CVE	8	cve-2023-38148
Details	CVE	3	cve-2023-36793
Details	Domain	208	mp.weixin.qq.com
Details	Domain	84	www.zscaler.com
Details	Domain	14	www.silentpush.com
Details	Domain	2	encyclopedia83.samiseto.ru
Details	Domain	5	samiseto.ru
Details	Domain	101	www.group-ib.com
Details	Domain	604	www.trendmicro.com
Details	Domain	144	www.fortinet.com
Details	Domain	403	securelist.com
Details	Domain	4	deb.fdmpkg.org
Details	Domain	261	blog.talosintelligence.com
Details	Domain	452	msrc.microsoft.com
Details	File	1	redline-vidar-first-abuses-ev-certificates.html
Details	File	2	officers.rar
Details	File	2	groups.pdf
Details	File	29	report.pdf
Details	File	5	office.doc
Details	File	3	ic.exe
Details	File	6	power.exe
Details	File	2	power.xml
Details	File	2	seagnt.exe
Details	IPv4	2	185.225.68.37
Details	Threat Actor Identifier - APT-C	30	APT-C-26
Details	Threat Actor Identifier - APT	121	APT36
Details	Threat Actor Identifier - APT	194	APT35
Details	Threat Actor Identifier - APT	121	APT42
Details	Threat Actor Identifier - APT	277	APT37
Details	Url	3	https://mp.weixin.qq.com/s/nmtqww-jhkdkbwfpydfpra
Details	Url	2	https://www.welivesecurity.com/en/eset-research/sponsor-batch-filed-whiskers-ballistic-bobcats-scan-strike-backdoor
Details	Url	5	https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal
Details	Url	2	https://mp.weixin.qq.com/s/iobcv0huvjfurebbynrw-w
Details	Url	2	https://mp.weixin.qq.com/s/pzfbhtrz6jelwibujrzcyw
Details	Url	3	https://mp.weixin.qq.com/s/qr8ljrz9d7rgj9xh9vpctg
Details	Url	3	https://www.silentpush.com/blog/from-russia-with-a-71
Details	Url	1	https://research.checkpoint.com/2023/guarding-against-the-unseen-investigating-a-stealthy-remcos-malware-attack-on-colombian-firms
Details	Url	1	https://mp.weixin.qq.com/s/mx0ceqfrptw6k-wtngbkfw
Details	Url	1	https://mp.weixin.qq.com/s/sf6xncmuazgwwt-hcawugq
Details	Url	1	https://mp.weixin.qq.com/s/hc_zhebytdovdzpgxqaxlw
Details	Url	1	https://labs.guard.io/mrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d
Details	Url	1	https://mp.weixin.qq.com/s/4kqcuozcw3frqhuwkdsawg
Details	Url	2	https://www.group-ib.com/media-center/press-releases/w3ll-phishing-report
Details	Url	1	https://www.trendmicro.com/en_us/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Url	1	https://www.fortinet.com/blog/threat-research/originbotnet-spreads-via-malicious-word-document
Details	Url	1	https://securelist.com/backdoored-free-download-manager-linux-malware/110465
Details	Url	4	https://deb.fdmpkg.org/freedownloadmanager.deb
Details	Url	1	https://www.fortinet.com/blog/threat-research/new-midgedropper-variant
Details	Url	1	https://securelist.com/cuba-ransomware/110533
Details	Url	5	https://www.zscaler.com/blogs/security-research/technical-analysis-hijackloader
Details	Url	1	https://blog.talosintelligence.com/cybercriminals-target-graphic-designers-with-gpu-miners
Details	Url	2	https://msrc.microsoft.com/update-guide/releasenote/2023-sep