Balada 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (233)

タイムライン

言語

en182
zh40
ru8
pl2
de2

国・地域

la220
us8
vn2
ru2
gb2

アクター

Cobalt Strike11
Ave Maria8
RedLine Stealer6
AsyncRAT5
Balada4

アクティビティ

関心

タイムライン

タイプ

Not Defined88
Content Management System22
WordPress Plugin10
Operating System8
Router Operating System6

ベンダー

Not Defined96
Microsoft14
Apache6
Sophos6
HPE4

製品

Microsoft Windows6
Apache Tomcat4
DedeCMS4
Microsoft Exchange Server4
mysql24

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010757.97CVE-2006-6168
2Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009361.71CVE-2020-15906
3DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.54CVE-2010-0966
4nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.71CVE-2020-12440
5Drupal Sanitization API クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
6LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.49
7LiteSpeed Cache Plugin Shortcode クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
8WebTitan Appliance Extensions Persistent クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
9ipTIME NAS-I Bulletin Manage 特権昇格7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.05CVE-2020-7847
10request-baskets API Request {name} 特権昇格6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.04CVE-2023-27163
11PHP phpinfo クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.05CVE-2007-1287
12Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.330480.00CVE-2021-34480
13DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd 特権昇格4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.08CVE-2022-41479
14Basilix Webmail login.php3 特権昇格7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07
15JoomlaTune Com Jcomments admin.jcomments.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.00CVE-2010-5048
16Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001820.00CVE-2023-21735
17Alt-N MDaemon Worldclient 特権昇格4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.04CVE-2021-27182
18CouchCMS mysql2i.func.php Path 情報の漏洩3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
19Esri ArcGIS Server SQLインジェクション8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.05CVE-2021-29114
20Hikvision Tablet DS-D5B86RB Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2023-33806

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
12.59.222.121Balada2024年04月25日verified
280.66.79.253Balada2024年04月25日verified
3XX.XXX.XXX.XXXXxxxxx2024年04月25日verified
4XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxxxx2024年04月25日verified
5XXX.X.X.XXxxxxx2024年04月25日verified
6XXX.XX.XXX.XXXXxxxxx2024年04月25日verified
7XXX.XX.XXX.XXXXxxxxx2024年04月25日verified

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
17TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/dl_sendmail.phppredictive
2File/adminPage/conf/reloadpredictive
3File/api/baskets/{name}predictive
4File/api/v2/cli/commandspredictive
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictive
6File/DXR.axdpredictive
7File/forum/away.phppredictive
8File/mfsNotice/pagepredictive
9File/novel/bookSetting/listpredictive
10File/novel/userFeedback/listpredictive
11File/owa/auth/logon.aspxpredictive
12File/spip.phppredictive
13File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictive
14File/zm/index.phppredictive
15Filexxxxxxx.xxxpredictive
16Filexxxxx.xxxxxxxxx.xxxpredictive
17Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictive
18Filexxxxx.xxxpredictive
19Filexxxx/xxxxxxxxxxxx.xxxpredictive
20Filexxxx.xxxpredictive
21Filexx_xxxx_xx_xxxx_xxxx.xxxpredictive
22Filexxxx_xxxxxxx.xxxpredictive
23Filexxxxx.xxxpredictive
24Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictive
25Filexxxxx-xxxxxxx.xxxpredictive
26Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictive
27Filexxxxxxxxxx\xxxx.xxxpredictive
28Filexxxxxxxxxxx.xxxpredictive
29Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
30Filexxxx-xxxxxx.xxxpredictive
31Filexxxxxxxxxxx.xxxxx.xxxpredictive
32Filexxxx.xxxpredictive
33Filexxxxx_xxxx.xxxpredictive
34Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictive
35Filexxx/xxxxxx.xxxpredictive
36Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictive
37Filexxxxx.xxxxpredictive
38Filexxxxx.xxxpredictive
39Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictive
40Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictive
41Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictive
42Filexxxx_xxxxxxx.xxxpredictive
43Filexxxxx.xxxxpredictive
44Filexxxxx.xxxpredictive
45Filexxxx.xxxxpredictive
46Filexx_xxxx.xpredictive
47Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictive
48Filexxxxxxx_xxxx.xxxpredictive
49Filexxxxxxxxxxxxxxxxx.xxxpredictive
50Filexxxxxxx.xxxpredictive
51Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictive
52Filexxxx_xxxx_xxxxxx.xxxpredictive
53Filexxxx_xxxxx.xxxxpredictive
54Filexxxxxxxxxx_xxxx.xxxpredictive
55Filexxx/xxxx/xxxxpredictive
56Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictive
57Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
58Filexxxxxxxxx/xxxxxxxx.xxxpredictive
59Filexxxx_xxxxxx.xxpredictive
60Filexxxx-xxxxx.xxxpredictive
61Filexxxx-xxxxxxxx.xxxpredictive
62Filexx.xxxpredictive
63Filexxxxxx_xxxxx.xxxpredictive
64Filexxxxxx.xxxpredictive
65Filexxxxxxx-xxxxx.xxxpredictive
66Filexxxx_xxxxx.xxxpredictive
67Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
68Filexxxx.xxxpredictive
69Filexx-xxxxx-xxxxxx.xxxpredictive
70Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictive
71Filexxxx.xxxpredictive
72File~/xxx/xxxx-xxxxxxxxx.xxxpredictive
73File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictive
74Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictive
75Argumentxxx_xxxpredictive
76Argumentxxxxpredictive
77Argumentxxxxxxxxxpredictive
78Argumentxxxxxxxxpredictive
79Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictive
80Argumentxxxxx_xxxxpredictive
81Argumentxxxx_xxx_xxxxpredictive
82Argumentxxxxxxxxxxpredictive
83Argumentxxxpredictive
84Argumentxxxxxxxxxxxxxxxpredictive
85Argumentxxxxpredictive
86Argumentxxxxxxxxx_xxxxxxpredictive
87Argumentxxxxxxxxxpredictive
88Argumentxx_xxxxxxxpredictive
89Argumentxxxxpredictive
90Argumentxxxxxxxxpredictive
91Argumentxxxxxpredictive
92Argumentxxxxxx_xxxxxpredictive
93Argumentxx_xxpredictive
94Argumentxxxxxxx[xxxxxxx]predictive
95Argumentxxxxxxxpredictive
96Argumentxxxxxxpredictive
97Argumentxxxxxpredictive
98Argumentxxpredictive
99Argumentxxxpredictive
100Argumentxxxxpredictive
101Argumentxxxxpredictive
102Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictive
103Argumentxxxxxxxxpredictive
104Argumentxxxxxx/xxxxx/xxxxpredictive
105Argumentxxxxxxxpredictive
106Argumentxxxxpredictive
107Argumentxxxxxx_xxxxxxpredictive
108Argumentxxxxxxxx_xxpredictive
109Argumentxxxxxx_xxxxxpredictive
110Argumentxxxx_xxxxpredictive
111Argumentxxxxpredictive
112Argumentxxxxxxpredictive
113Argumentxxxxxxxpredictive
114Argumentxxxpredictive
115Argumentxxxxxpredictive
116Argumentxx_xxxxxxxxpredictive
117Argumentxxxpredictive
118Argumentxxxxxxxxpredictive
119Argument_xxx_xxxxxxxxxxx_predictive
120Input Valuexxxxxxxxx' xxx 'x'='xpredictive
121Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictive
122Pattern|xx xx xx xx|predictive
123Network Portxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!