Amnesia 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

言語

en	16

国・地域

gb	8
ir	2
us	2
ru	2
in	2

アクター

Amnesia	1
GoGoogle	1

関心

タイプ

Not Defined	4
Network Management Software	2
Network Attached Storage Software	2
Forum Software	2
Asset Management Software	2

ベンダー

Not Defined	12
Crocoblock	2
QNAP	2

製品

Crocoblock JetEngine	2
PRTG Network Monitor	2
QNAP NAS	2
vBulletin	2
GLPI	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	WordPress Post press-this.php 特権昇格	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.03	CVE-2011-1762
2	Elementor Website Builder Plugin AJAX Action module.php 特権昇格	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.96168	0.02	CVE-2022-1329
3	Crocoblock JetEngine Form Data Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00201	0.00	CVE-2021-41844
4	Crocoblock JetEngine Custom Forms クロスサイトスクリプティング	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00066	0.00	CVE-2021-38607
5	WPBakery XSS Protection Mechanism kses_remove_filters 特権昇格	5.9	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00058	0.03	CVE-2020-28650
6	Yoast SEO Plugin Term Description 特権昇格	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00244	0.04	CVE-2019-13478
7	Rocket.Chat Server NoSQL SQLインジェクション	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00369	0.04	CVE-2017-1000493
8	vBulletin moderation.php SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00284	0.00	CVE-2016-6195
9	PRTG Network Monitor addusers 特権昇格	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.00	CVE-2018-19411
10	PRTG Network Monitor login.htm 特権昇格	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00288	0.04	CVE-2018-19410
11	Samba smbd _netr_ServerPasswordSet 未知の脆弱性	6.5	5.7	$0-$5k	$0-$5k	High	Official Fix	0.97400	0.00	CVE-2015-0240
12	OpenSSH Authentication Username 情報の漏洩	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.31	CVE-2016-6210
13	QNAP Music Station 特権昇格	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00274	0.00	CVE-2017-13069
14	QNAP NAS cgi.cgi メモリ破損	5.9	5.4	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.00
15	Download Manager Redirect	6.2	5.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00233	0.00	CVE-2017-2217
16	GLPI 情報の漏洩	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00703	0.00	CVE-2011-2720

キャンペーン (1)

These are the campaigns that can be associated with the actor:

TVT Digital DVR Devices

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	93.174.95.38		Amnesia	TVT Digital DVR Devices	2021年08月30日	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	高
2	T1068	CAPEC-19	CWE-264, CWE-284	Execution with Unnecessary Privileges	predictive	高
3	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
4	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/api/addusers	predictive	高
2	File	/home/httpd/cgi-bin/cgi.cgi	predictive	高
3	File	/xxxxxx/xxxxx.xxx	predictive	高
4	File	xxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxx	predictive	高
5	File	xx-xxxxx/xxxxx-xxxx.xxx	predictive	高
6	File	~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxx	predictive	高
7	Argument	xxxxxxxx	predictive	中
8	Argument	xxxxxxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!