每周高级威胁情报解读(2023.11.10~11.16)
Tags
Common Information
| Type | Value |
|---|---|
| UUID | e75d483c-fd02-445d-872d-4bf65f2bf5f0 |
| Fingerprint | 82fbae3297174882 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 10, 2023, midnight |
| Added to db | Nov. 20, 2023, 12:36 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | 每周高级威胁情报解读(2023.11.10~11.16) |
| Title | 每周高级威胁情报解读(2023.11.10~11.16) |
| Detected Hints/Tags/Attributes | 69/2/62 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 31 | cve-2023-47246 |
|
| Details | CVE | 70 | cve-2023-22518 |
|
| Details | CVE | 133 | cve-2023-38831 |
|
| Details | CVE | 18 | cve-2023-36038 |
|
| Details | CVE | 24 | cve-2023-36036 |
|
| Details | CVE | 28 | cve-2023-36033 |
|
| Details | CVE | 45 | cve-2023-36025 |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 8 | www.rnbo.gov.ua |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 3 | dracoon.team |
|
| Details | Domain | 15 | open.spotify.com |
|
| Details | Domain | 20 | research.nccgroup.com |
|
| Details | Domain | 100 | cert.360.cn |
|
| Details | Domain | 452 | msrc.microsoft.com |
|
| Details | Domain | 397 | asp.net |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | File | 9 | scilc.exe |
|
| Details | File | 17 | en.pdf |
|
| Details | File | 1 | 在chm文档中有存在一个test.html |
|
| Details | File | 2 | threat-actors-leverage-file-sharing-service-and-reverse-proxies.html |
|
| Details | File | 3 | shell.pl |
|
| Details | File | 1 | c3rb3r勒索信名为read-me3.txt |
|
| Details | File | 1 | rhysida-ransomware-intrusion.pdf |
|
| Details | File | 1 | a-closer-look-at-chatgpt-s-role-in-automated-malware-creation.html |
|
| Details | File | 1 | cerber-ransomware-exploits-cve-2023-22518.html |
|
| Details | Mandiant Uncategorized Groups | 6 | UNC3810 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 39 | DEV-0950 |
|
| Details | Threat Actor Identifier - APT-C | 7 | APT-C-52 |
|
| Details | Threat Actor Identifier - APT-C | 17 | APT-C-17 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Threat Actor Identifier by Tencent | 27 | T-APT-04 |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/mhyglpqothzg-h2rveobaw |
|
| Details | Url | 4 | https://mp.weixin.qq.com/s/crx7nlpe4zzgwheowe8_ba |
|
| Details | Url | 6 | https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology |
|
| Details | Url | 3 | https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government |
|
| Details | Url | 1 | https://www.crowdstrike.com/blog/imperial-kitten-deploys-novel-malware-families |
|
| Details | Url | 4 | https://asec.ahnlab.com/ko/58215 |
|
| Details | Url | 3 | https://www.rnbo.gov.ua/files/2023_year/cybercenter/november/apt29 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/b3hxrn9mlfct9qnxagdoza |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/bqt5ivcpkocjt7liyn2_la |
|
| Details | Url | 3 | https://securelist.com/ducktail-fashion-week/111017 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/ighp3zlvtc8dox16qdlrlq |
|
| Details | Url | 1 | https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/onogl5rung5uzafyb7s5vg |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/meet-the-unique-new-hacking-group-alphalock |
|
| Details | Url | 1 | https://asec.ahnlab.com/en/58878 |
|
| Details | Url | 2 | https://www.trendmicro.com/en_us/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html |
|
| Details | Url | 1 | https://www.sentinelone.com/blog/c3rb3r-ransomware-ongoing-exploitation-of-cve-2023-22518-targets-unpatched-confluence-servers |
|
| Details | Url | 1 | https://open.spotify.com/queue |
|
| Details | Url | 1 | https://research.nccgroup.com/2023/11/13/dont-throw-a-hissy-fit-defend-against-medusa |
|
| Details | Url | 1 | https://blogs.blackberry.com/en/2023/11/bibi-wiper-used-in-the-israel-hamas-war-now-runs-on-windows |
|
| Details | Url | 1 | https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/rhysida-ransomware-intrusion.pdf?utm_source=blog&utm_medium=blog&utm_campaign=rhysida |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/23/k/a-closer-look-at-chatgpt-s-role-in-automated-malware-creation.html |
|
| Details | Url | 1 | https://cert.360.cn/report/detail?id=654c976eea0822e915605f1e |
|
| Details | Url | 3 | https://msrc.microsoft.com/update-guide/releasenote/2023-nov |
|
| Details | Url | 1 | https://www.zscaler.com/blogs/security-research/coverage-advisory-cve-2023-47246-sysaid-zero-day-vulnerability |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cve-2023-22518.html |