Bluepurple Pulse: week ending September 17th
Tags
cmtmf-attack-pattern: Code Injection Geofencing
country: Australia United Arab Emirates Belgium Brazil China North Korea Netherlands Estonia Germany Nigeria India Iran Israel Japan Saudi Arabia Lithuania Poland Singapore South Africa Turkey Russia Ukraine United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Models Artificial Intelligence - T1588.007 Code Injection - T1540 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Geofencing - T1627.001 Geofencing - T1581 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110
Show in Graph
Common Information
Type Value
UUID dcb757c4-d562-4f9e-9b50-1ee594ad356e
Fingerprint a481991d83368bc5
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 13, 2023, midnight
Added to db Aug. 31, 2024, 1:23 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Cyber Defence Analysis for Blue & Purple Teams
Title Bluepurple Pulse: week ending September 17th
Detected Hints/Tags/Attributes 190/4/43
Attributes
Details Type #Events CTI Value
Details CVE 3 
cve-2023-4809
Details CVE 17 
cve-2023-26369
Details Domain 13 
mockbin.org
Details Domain 6 
photo.zip
Details Domain 83 
cert.gov.ua
Details Domain 16 
stake.com
Details Domain 189 
asec.ahnlab.com
Details Domain 2 
www.alethea.com
Details Domain 84 
www.zscaler.com
Details Domain 31 
dl.acm.org
Details Domain 4 
rtx.meta.security
Details Domain 154 
arxiv.org
Details Domain 61 
seclists.org
Details Domain 2 
www.enricobassetti.it
Details Domain 7 
ssd-disclosure.com
Details Domain 10 
blog.quarkslab.com
Details File 6 
photo.zip
Details File 5 
yara32.exe
Details File 2 
sandboxing-imageio-in-macos.html
Details File 2 
fhsvc.dll
Details File 2 
fhcfg.dll
Details File 10 
securekernel.exe
Details File 7 
vmsp.exe
Details File 2 
tpmengum.dll
Details File 2 
debugging-windows-isolated-user-mode-ium-processes.html
Details Microsoft Threat Actor Naming Taxonomy (Groups in development) 12 
Storm-0324
Details Threat Actor Identifier - APT-C 30 
APT-C-26
Details Threat Actor Identifier - APT 783 
APT28
Details Threat Actor Identifier - APT 144 
APT38
Details Threat Actor Identifier - APT 194 
APT35
Details Url 7 
https://cert.gov.ua/article/5702579
Details Url 2 
https://asec.ahnlab.com/en/56981
Details Url 2 
https://www.alethea.com/post/chinese-influence-operation-spreads-to-american-alt-platforms
Details Url 5 
https://www.zscaler.com/blogs/security-research/technical-analysis-hijackloader
Details Url 4 
https://www.zscaler.com/blogs/security-research/steal-it-campaign
Details Url 2 
https://dl.acm.org/doi/10.1145/3603269.3604840
Details Url 2 
https://rtx.meta.security/mitigation/2023/09/11/sandboxing-imageio-in-macos.html
Details Url 2 
https://arxiv.org/abs/2309.00614
Details Url 2 
https://seclists.org/oss-sec/2023/q3/168
Details Url 2 
https://www.enricobassetti.it/2023/09/cve-2023-4809-freebsd-pf-bypass-when-using-ipv6
Details Url 2 
https://arxiv.org/abs/2309.02926
Details Url 2 
https://ssd-disclosure.com/ssd-advisory-file-history-service-fhsvc-dll-elevation-of-privilege
Details Url 2 
https://blog.quarkslab.com/debugging-windows-isolated-user-mode-ium-processes.html