奇安信威胁情报中心
Tags
| country: | Syria |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | e7ab1826-4825-4a56-88e2-bc4ce9e3b6b5 |
| Fingerprint | a7c167264b8ecbd0 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 10, 2018, midnight |
| Added to db | Dec. 18, 2024, 10:18 p.m. |
| Last updated | Dec. 23, 2024, 8:08 p.m. |
| Headline | UNKNOWN |
| Title | 奇安信威胁情报中心 |
| Detected Hints/Tags/Attributes | 32/2/131 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://ti.qianxin.com/blog/articles/exploit-kit-with-apt-group/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 5 | cve-2016-6366 |
|
| Details | CVE | 3 | cve-2016-6367 |
|
| Details | CVE | 138 | cve-2017-0144 |
|
| Details | CVE | 51 | cve-2017-0143 |
|
| Details | CVE | 41 | cve-2017-0145 |
|
| Details | CVE | 29 | cve-2017-0146 |
|
| Details | CVE | 22 | cve-2017-0148 |
|
| Details | CVE | 306 | cve-2017-0199 |
|
| Details | CVE | 74 | cve-2017-8570 |
|
| Details | CVE | 144 | cve-2018-0802 |
|
| Details | CVE | 437 | cve-2017-11882 |
|
| Details | CVE | 75 | cve-2018-0798 |
|
| Details | CVE | 50 | cve-2015-1641 |
|
| Details | CVE | 17 | cve-2017-11826 |
|
| Details | CVE | 34 | cve-2015-2545 |
|
| Details | CVE | 22 | cve-2017-0261 |
|
| Details | CVE | 19 | cve-2017-0262 |
|
| Details | CVE | 21 | cve-2017-0263 |
|
| Details | CVE | 8 | cve-2015-2546 |
|
| Details | CVE | 27 | cve-2016-7255 |
|
| Details | CVE | 7 | cve-2017-0001 |
|
| Details | CVE | 27 | cve-2015-5122 |
|
| Details | CVE | 63 | cve-2015-5119 |
|
| Details | CVE | 96 | cve-2018-4878 |
|
| Details | CVE | 17 | cve-2017-11292 |
|
| Details | CVE | 10 | cve-2016-4655 |
|
| Details | CVE | 10 | cve-2016-4656 |
|
| Details | CVE | 11 | cve-2016-4657 |
|
| Details | CVE | 8 | cve-2014-3153 |
|
| Details | CVE | 3 | cve-2011-1202 |
|
| Details | CVE | 2 | cve-2012-2825 |
|
| Details | CVE | 3 | cve-2012-2871 |
|
| Details | CVE | 7 | cve-2013-6282 |
|
| Details | Domain | 43 | blogs.cisco.com |
|
| Details | Domain | 319 | docs.microsoft.com |
|
| Details | Domain | 168 | portal.msrc.microsoft.com |
|
| Details | Domain | 281 | helpx.adobe.com |
|
| Details | Domain | 72 | citizenlab.ca |
|
| Details | Domain | 197 | support.apple.com |
|
| Details | Domain | 9 | info.lookout.com |
|
| Details | Domain | 59 | www.freebuf.com |
|
| Details | Domain | 39 | wikileaks.org |
|
| Details | Domain | 8 | security.tencent.com |
|
| Details | Domain | 200 | www.fireeye.com |
|
| Details | Domain | 25 | www.anquanke.com |
|
| Details | Domain | 101 | ti.qianxin.com |
|
| Details | Domain | 155 | research.checkpoint.com |
|
| Details | Domain | 32 | paper.seebug.org |
|
| Details | Domain | 4705 | github.com |
|
| Details | Domain | 5 | embedi.com |
|
| Details | Domain | 12 | bbs.pediy.com |
|
| Details | Domain | 2 | www.venustech.com.cn |
|
| Details | Domain | 1 | rtf2latex2e.sourceforge.net |
|
| Details | Domain | 5 | bobao.360.cn |
|
| Details | Domain | 182 | blog.trendmicro.com |
|
| Details | File | 125 | nuxt.js |
|
| Details | File | 1 | 最终调用mshta.exe |
|
| Details | File | 61 | eqnedt32.exe |
|
| Details | File | 1 | 并且由于eqnedt32.exe |
|
| Details | File | 1 | 该文章就eqnedt32.exe |
|
| Details | File | 1 | cve-2018-0798两个eqnedt32.exe |
|
| Details | File | 7 | s_attack_on_syria_english.docx |
|
| Details | File | 1 | 2010及其高版本上的eps脚本过滤器进程fltldr.exe |
|
| Details | File | 1 | 所以我们选择win32k.sys |
|
| Details | File | 3 | apsb18-03.html |
|
| Details | File | 2 | apsb17-32.html |
|
| Details | File | 1 | lookout-pegasus-technical-analysis.pdf |
|
| Details | File | 1 | 78594.html |
|
| Details | File | 1 | 84720.html |
|
| Details | File | 1311 | index.php |
|
| Details | File | 1 | page_11629096.html |
|
| Details | File | 2 | page_13205587.html |
|
| Details | File | 3 | eps-processing-zero-days.html |
|
| Details | File | 1 | thread-221995.htm |
|
| Details | File | 1 | 46670.html |
|
| Details | File | 1 | 81868.html |
|
| Details | File | 1 | 162629.html |
|
| Details | File | 1 | 112589.html |
|
| Details | File | 1 | mtef3.html |
|
| Details | File | 1 | 3738.html |
|
| Details | Github username | 1 | f47h3r |
|
| Details | Github username | 7 | worawit |
|
| Details | Threat Actor Identifier - APT-C | 24 | APT-C-09 |
|
| Details | Threat Actor Identifier - APT | 322 | APT37 |
|
| Details | Threat Actor Identifier - APT | 314 | APT34 |
|
| Details | Threat Actor Identifier - APT | 916 | APT28 |
|
| Details | Url | 2 | https://blogs.cisco.com/security/shadow-brokers |
|
| Details | Url | 2 | https://docs.microsoft.com/zh-cn/security-updates/securitybulletins/2017/ms17-010 |
|
| Details | Url | 2 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-0199 |
|
| Details | Url | 2 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8570 |
|
| Details | Url | 2 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory |
|
| Details | Url | 1 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0798 |
|
| Details | Url | 1 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2015-2545 |
|
| Details | Url | 2 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-0261 |
|
| Details | Url | 1 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-0262 |
|
| Details | Url | 1 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2015-2546 |
|
| Details | Url | 1 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2016-7255 |
|
| Details | Url | 1 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-0001 |
|
| Details | Url | 1 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-0263 |
|
| Details | Url | 2 | https://helpx.adobe.com/security/products/flash-player/apsb18-03.html |
|
| Details | Url | 1 | https://helpx.adobe.com/security/products/flash-player/apsb17-32.html |
|
| Details | Url | 2 | https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae |
|
| Details | Url | 1 | https://support.apple.com/zh-cn/ht207107 |
|
| Details | Url | 1 | https://info.lookout.com/rs/051-esq-475/images/lookout-pegasus-technical-analysis.pdf |
|
| Details | Url | 1 | https://github.com/f47h3r/hackingteam_exploits/tree/master/vector-exploit/src/ht-webkit-android4-src |
|
| Details | Url | 1 | http://www.freebuf.com/vuls/78594.html |
|
| Details | Url | 1 | http://www.freebuf.com/vuls/84720.html |
|
| Details | Url | 1 | https://wikileaks.org/hackingteam/emails/emailid/74975 |
|
| Details | Url | 1 | https://wikileaks.org/hackingteam/emails/emailid/631119 |
|
| Details | Url | 2 | https://security.tencent.com/index.php/blog/msg/87 |
|
| Details | Url | 1 | https://wikileaks.org/ciav7p1/cms/page_11629096.html |
|
| Details | Url | 2 | https://wikileaks.org/ciav7p1/cms/page_13205587.html |
|
| Details | Url | 1 | https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.html |
|
| Details | Url | 1 | https://www.anquanke.com/post/id/94841 |
|
| Details | Url | 1 | https://www.anquanke.com/post/id/94210 |
|
| Details | Url | 1 | https://www.anquanke.com/post/id/87311 |
|
| Details | Url | 1 | https://www.anquanke.com/post/id/87122 |
|
| Details | Url | 1 | https://ti.qianxin.com/blog/articles/detailed-analysis-of-eternalblue |
|
| Details | Url | 1 | https://research.checkpoint.com/eternalblue-everything-know |
|
| Details | Url | 1 | https://paper.seebug.org/536 |
|
| Details | Url | 1 | https://paper.seebug.org/351 |
|
| Details | Url | 1 | https://github.com/worawit/ms17-010 |
|
| Details | Url | 3 | https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about |
|
| Details | Url | 1 | https://bbs.pediy.com/thread-221995.htm |
|
| Details | Url | 1 | http://www.venustech.com.cn/newsinfo/4/46670.html |
|
| Details | Url | 1 | http://www.freebuf.com/vuls/81868.html |
|
| Details | Url | 1 | http://www.freebuf.com/vuls/162629.html |
|
| Details | Url | 1 | http://www.freebuf.com/vuls/112589.html |
|
| Details | Url | 1 | http://rtf2latex2e.sourceforge.net/mtef3.html |
|
| Details | Url | 1 | http://bobao.360.cn/learning/detail/3738.html |
|
| Details | Url | 1 | http://blog.trendmicro.com/trendlabs-security-intelligence/ms17-010-eternalblue |