每周高级威胁情报解读(2023.02.23~03.02)
Tags
| country: | Colombia |
| attack-pattern: | Data Model Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Mshta - T1170 |
Common Information
| Type | Value |
|---|---|
| UUID | eed5ef1b-fecf-427a-ad9d-24264c6f9da3 |
| Fingerprint | 85baf97dd934eedb |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Feb. 23, 2023, midnight |
| Added to db | April 20, 2023, 12:45 p.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | 每周高级威胁情报解读(2023.02.23~03.02) |
| Title | 每周高级威胁情报解读(2023.02.23~03.02) |
| Detected Hints/Tags/Attributes | 41/2/38 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 53 | blogs.blackberry.com |
|
| Details | Domain | 2 | www.dian.gov.co |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 26 | www.jamf.com |
|
| Details | Domain | 24 | sysdig.com |
|
| Details | Domain | 65 | blog.cyble.com |
|
| Details | Domain | 19 | www.menlosecurity.com |
|
| Details | Domain | 25 | www.cyfirma.com |
|
| Details | File | 3 | winordll64.dll |
|
| Details | File | 1 | 文件名为winorloaderdll64.dll |
|
| Details | File | 7 | 2023.docm |
|
| Details | File | 1 | investigating-the-plugx-trojan-disguised-as-a-legitimate-windows.html |
|
| Details | File | 1 | 研究人员发现使用名为x32dbg.exe |
|
| Details | Threat Actor Identifier - APT-C | 7 | APT-C-61 |
|
| Details | Threat Actor Identifier - APT-C | 83 | APT-C-36 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/s740y3haxbxks5rji9lahq |
|
| Details | Url | 3 | https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal |
|
| Details | Url | 3 | https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/rd03yh2ngrubume80d18uw |
|
| Details | Url | 3 | https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia |
|
| Details | Url | 1 | https://www.dian.gov.co |
|
| Details | Url | 1 | https://asec.ahnlab.com/ko/48416 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/xdbxitnymwrqckogwqscca |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/gy7ck4uaxnvbqjisg28_cq |
|
| Details | Url | 1 | https://www.jamf.com/blog/cryptojacking-macos-malware-discovered-by-jamf-threat-labs |
|
| Details | Url | 1 | https://blog.cyble.com/2023/02/27/growing-data-breaches-illicit-data-lookup-services-exacerbating-privacy-issues |
|
| Details | Url | 1 | https://www.uptycs.com/blog/cryptocurrency-entities-at-risk-threat-actor-uses-parallax-rat-for-infiltration |
|
| Details | Url | 5 | https://sysdig.com/blog/cloud-breach-terraform-data-theft |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/-mzd0ppbeigxotunnfbnrw |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/23/b/investigating-the-plugx-trojan-disguised-as-a-legitimate-windows.html |
|
| Details | Url | 1 | https://blog.cyble.com/2023/02/24/new-whitesnake-stealer-offered-for-sale-via-maas-model |
|
| Details | Url | 2 | https://www.menlosecurity.com/blog/purecrypter-targets-government-entities-through-discord |
|
| Details | Url | 1 | https://blog.cyble.com/2023/02/28/r3nin-sniffer-toolkit-an-evolving-threat-to-e-commerce-consumers |
|
| Details | Url | 2 | https://www.cyfirma.com/outofband/exfiltrator-22-an-emerging-post-exploitation-framework |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/qcxvo1cxqayllxbnheesgg |