Andromeda 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

タイムライン

言語

en14
es2
de2

国・地域

us8
gb6
ru2
de2

アクター

Patchwork1
TA4061
IcedID1
DanaBot1
Hackers-for-Hire1

アクティビティ

関心

タイムライン

タイプ

Not Defined6
Content Management System4
Photo Gallery Software4

ベンダー

Not Defined4
ESMI2
Joomla2
Huawei2
Gallarific2

製品

ESMI PayPal Storefront2
Joomla CMS2
Huawei iBMC2
Host2
Gallarific PHP Photo Gallery script2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Secomea GateManager 特権昇格5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.04CVE-2022-25782
2sitepress-multilingual-cms Plugin class-wp-installer.php 未知の脆弱性6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005790.04CVE-2020-10568
3php-fusion downloads.php クロスサイトスクリプティング5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001590.00CVE-2020-12708
4Gallarific PHP Photo Gallery script gallery.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001360.05CVE-2011-0519
5Gallery My Photo Gallery image.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
6Host Web Server phpinfo.php phpinfo 情報の漏洩5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000000.05
7ESMI PayPal Storefront products1h.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.054680.00CVE-2005-0936
8Ecommerce Online Store Kit shop.php SQLインジェクション9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.08CVE-2004-0300
9Simple Real Estate Portal System SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001720.00CVE-2022-28410
10Microsoft Windows Win32k 特権昇格7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-1709
11Google Android Widevine QSEE TrustZone Application 特権昇格7.87.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003200.00CVE-2015-6639
12Joomla CMS InputFilter Upload 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.014270.03CVE-2018-15882
13Huawei iBMC Intelligent Baseboard Management Controller 弱い認証7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.002640.03CVE-2018-7942
14Liferay Portal 特権昇格9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006940.00CVE-2011-1571

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
135.205.61.6767.61.205.35.bc.googleusercontent.comAndromeda2023年01月16日verified
2XXX.XXX.XX.XXXxxxxxxxx2023年01月16日verified

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
2TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
3TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
4TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/my_photo_gallery/image.phppredictive
2File/reps/classes/Users.php?f=delete_agentpredictive
3Filexxxxxxxxx/xxxxxxxxx.xxxpredictive
4Filexxxxxxx.xxxpredictive
5Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
6Filexxxxxxx.xxxpredictive
7Filexxxxxxxxxx.xxxpredictive
8Filexxxx.xxxpredictive
9Argumentxxx_xxpredictive
10Argumentxxpredictive
11Argumentxxxxxpredictive
12Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!