Alchimist 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (48)

タイムライン

言語

en44
zh4

国・地域

cn28
us8

アクター

Alchimist5
Cobalt Strike2
Meterpreter1
SystemBC1

アクティビティ

関心

タイムライン

タイプ

Not Defined16
Vehicle Software4
SCADA Software2
Web Browser2
Database Software2

ベンダー

Lenovo6
Not Defined6
Daimler4
Siemens2
Mozilla2

製品

Lenovo Smart Camera X34
Lenovo Smart Camera X54
Lenovo Smart Camera C2E4
Siemens SIMATIC HMI panel2
Mozilla Firefox2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1jforum User 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.08CVE-2019-7550
2Siemens SIMATIC HMI panel miniweb.exe ディレクトリトラバーサル7.57.2$5k-$25k$0-$5kHighOfficial Fix0.010590.00CVE-2011-4878
3NCH Axon PBX クロスサイトスクリプティング3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000580.00CVE-2021-37456
4Apache Tomcat HTTP/2 Execution サービス拒否6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.726650.05CVE-2019-0199
5Daimler Mercedes Me App Certificate Pinning 情報の漏洩6.05.9$0-$5k$0-$5kHighOfficial Fix0.002680.05CVE-2018-18071
6Daimler Mercedes Comand Navigation Route Calculation サービス拒否6.26.2$0-$5k$0-$5kFunctionalUnavailable0.000630.04CVE-2018-18070
7laravel-jqgrid EloquentRepositoryAbstract.php getRows SQLインジェクション6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.04CVE-2021-4262
8ThinkPHP Driver.class.php parseOrder SQLインジェクション8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001840.05CVE-2018-18546
9SourceCodester Game Result Matrix System GET Parameter athlete-profile.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000690.00CVE-2023-3383
10Oracle MySQL Server Packaging メモリ破損9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.039920.03CVE-2016-0705
11react-native-reanimated Parser Colors.js 特権昇格6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001740.00CVE-2022-24373
12Splunk Enterprise Forwarder Bundle 弱い認証6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001380.00CVE-2022-32157
13Oracle MySQL Workbench 特権昇格9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.106490.00CVE-2022-1292
14Itech News Portal information.php SQLインジェクション6.35.5$0-$5k$0-$5kProof-of-ConceptUnavailable0.004590.00CVE-2017-20131
15Realtek SDK miniigd SOAP Service 特権昇格7.37.3$0-$5k$0-$5kHighNot Defined0.967970.00CVE-2014-8361
16Mozilla Firefox Browser Engine メモリ破損7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.064470.00CVE-2015-4501
17Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E 特権昇格7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001710.00CVE-2021-3616
18Lenovo ThinkPad SMM BIOS Write Protection 特権昇格3.23.2$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2020-8341
19Ivanti Pulse Connect Secure File Resource Profiles メモリ破損8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.677010.00CVE-2021-22908
20Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E SD Card 特権昇格4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002270.00CVE-2021-3615

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
13.86.255.8ec2-3-86-255-8.compute-1.amazonaws.comAlchimist2024年03月27日verified
23.86.255.88ec2-3-86-255-88.compute-1.amazonaws.comAlchimist2023年01月06日verified
3XX.XX.XXX.XXXXxxxxxxxx2022年12月21日verified
4XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx2023年01月06日verified
5XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx2022年12月21日verified
6XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx2022年12月21日verified
7XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx2022年12月21日verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
9TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/dipam/athlete-profile.phppredictive
2File/news-portal-script/information.phppredictive
3File/uncpath/predictive
4Filexxxxxx.xxpredictive
5Filexxxxxxxxxx.xxxpredictive
6Filexxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictive
7Filexxxxxxxxxxxxxxxxxxx.xxxxpredictive
8Filexxxxxxxx.xpredictive
9Filexxxxxxx/xxxxx/xx/xxxxxx.xxxxx.xxxpredictive
10Filexxxxxxx.xxxpredictive
11Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
12Filexxxxxxxxxxxx.xxxpredictive
13Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
14Filexxxxxx.xxxpredictive
15Libraryxxxxpredictive
16Argumentxxxxxxxxx xx xxxxxxxpredictive
17Argumentxxxpredictive
18Argumentxxpredictive
19Argumentxxxpredictive
20Argumentxxxpredictive
21Input Value::$xxxxx_xxxxxxxxxxpredictive
22Network Portxxx xxxxxx xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!