每周高级威胁情报解读(2023.06.15~06.22)
Tags
| country: | Romania Ukraine |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Ssh - T1021.004 |
Common Information
| Type | Value |
|---|---|
| UUID | dacb9f75-64ee-4540-bf63-247d3fe3b657 |
| Fingerprint | c13c7193fb3c7063 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 15, 2023, midnight |
| Added to db | June 23, 2023, 3:31 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | 每周高级威胁情报解读(2023.06.15~06.22) |
| Title | 每周高级威胁情报解读(2023.06.15~06.22) |
| Detected Hints/Tags/Attributes | 65/3/51 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT Ukraine | 14 | UAC-0057 |
|
| Details | CVE | 48 | cve-2020-35730 |
|
| Details | CVE | 48 | cve-2023-32439 |
|
| Details | CVE | 61 | cve-2023-32434 |
|
| Details | Domain | 49 | ukr.net |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 22 | www.genians.co.kr |
|
| Details | Domain | 83 | cert.gov.ua |
|
| Details | Domain | 65 | blog.cyble.com |
|
| Details | Domain | 18 | www.cadosecurity.com |
|
| Details | Domain | 14 | threatresearch.ext.hp.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 25 | www.cyfirma.com |
|
| Details | Domain | 11 | blog.virustotal.com |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | File | 2 | daewdfq342r.ppt |
|
| Details | File | 2 | glkgh90kjykjkl650kj0.dll |
|
| Details | File | 1 | photometadatahandler.dll |
|
| Details | File | 1 | 研究人员发现的恶意文件分别是一个通用的python后门shared.dat |
|
| Details | File | 1 | 一个强大的后门sh.py |
|
| Details | File | 1 | 安全警告.pdf |
|
| Details | File | 1 | inside-of-wasps-nest-deep-dive-into.html |
|
| Details | IPv4 | 2 | 6.0.3.4 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Url | 3 | https://asec.ahnlab.com/en/54349 |
|
| Details | Url | 1 | https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-uncovering-a-new-activity-group-targeting-governments-in-the-middle-east-and-africa |
|
| Details | Url | 2 | https://www.recordedfuture.com/bluedelta-exploits-ukrainian-government-roundcube-mail-servers |
|
| Details | Url | 1 | https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store |
|
| Details | Url | 1 | https://www.seqrite.com/blog/double-action-triple-infection-and-a-new-rat-sidecopys-persistent-targeting-of-indian-defence |
|
| Details | Url | 1 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-russia-ukraine-military |
|
| Details | Url | 3 | https://www.genians.co.kr/blog/threat_intelligence_report_macos |
|
| Details | Url | 3 | https://cert.gov.ua/article/4905718 |
|
| Details | Url | 1 | https://blog.cyble.com/2023/06/16/new-malware-campaign-targets-letsvpn-users |
|
| Details | Url | 1 | https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers |
|
| Details | Url | 3 | https://www.cadosecurity.com/tracking-diicot-an-emerging-romanian-threat-actor |
|
| Details | Url | 2 | https://www.bitdefender.com/blog/labs/fragments-of-cross-platform-backdoor-hint-at-larger-mac-os-attack |
|
| Details | Url | 1 | https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign |
|
| Details | Url | 2 | https://cert.gov.ua/article/4928679 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/4rmt16xpqw8j11ufr6z3lw |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/kjp6ooqpzfofyri7hw9l-q |
|
| Details | Url | 1 | https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse |
|
| Details | Url | 1 | https://www.zscaler.com/blogs/security-research/ransomware-redefined-redenergy-stealer-ransomware-attacks |
|
| Details | Url | 2 | https://securelist.com/triangledb-triangulation-implant/110050 |
|
| Details | Url | 2 | https://asec.ahnlab.com/en/54647 |
|
| Details | Url | 3 | https://www.cyfirma.com/outofband/mystic-stealer-evolving-stealth-malware |
|
| Details | Url | 1 | https://blog.virustotal.com/2023/06/inside-of-wasps-nest-deep-dive-into.html |
|
| Details | Url | 2 | https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/tcmzaukconrvx6xua4rd0q |