BEAR 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (88)

タイムライン

言語

en72
ru10
de2
es2
fr2

国・地域

us28
ee28
ru16
nl4
ua4

アクター

RedLine Stealer2
BEAR2
Grizzly Steppe1
QakBot1
SideWinder1

アクティビティ

関心

タイムライン

タイプ

Not Defined38
Content Management System8
Operating System4
SSH Server Software4
Web Server4

ベンダー

Not Defined28
Microsoft6
IBM4
Apache4
Joomla2

製品

Joomla CMS2
IBM Security Verify Information Queue2
Microsoft Windows2
ThinkPHP2
GitLab2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2Huawei SmartCare Dashboard Stored クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2017-15312
3Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.00CVE-2017-0055
4IBM Security AppScan Enterprise Enterprise Source Database 弱い暗号化9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.000820.00CVE-2013-3989
5raspap-webgui activate_ovpncfg.php 特権昇格8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.880690.00CVE-2022-39986
6PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.00CVE-2022-24663
7Forumer / IPB Board Show Topic index.php SQLインジェクション7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.03
8WordPress Metadata 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018290.00CVE-2018-20148
9Add Link to Facebook Plugin profile.php クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000570.03CVE-2018-5214
10MailCleaner Email 特権昇格9.89.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.07CVE-2024-3191
11SeedProd Website Builder Plugin seedprod_lite_new_lpage 特権昇格7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000570.04CVE-2024-1072
12Patreon Plugin 未知の脆弱性5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2023-41129
13Database Administrator Plugin SQLインジェクション4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.005300.07CVE-2023-3211
14Telegram Web クロスサイトスクリプティング4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000830.04CVE-2022-43363
15User Post Gallery Plugin 特権昇格8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.051920.00CVE-2022-4060
16eSST Monitoring 特権昇格7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2023-41631
17Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.001620.00CVE-2023-36434
18Boa Web Server HEAD Method 特権昇格6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.001190.07CVE-2022-45956
19GitLab Privilege Escalation5.15.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001180.03CVE-2021-22263
20ThinkPHP 特権昇格7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2022-44289

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.149.248.67mx1-mail.comBEAR2020年12月23日verified
25.149.248.193BEAR2020年12月23日verified
3X.XXX.XXX.XXXXxxx2020年12月23日verified
4X.XXX.XXX.XXXxxxxx.xxxxxxxxxxxxxxxx.xxxxXxxx2020年12月23日verified
5XX.XXX.XX.XXxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxx2020年12月23日verified
6XXX.XXX.XX.XXXXxxx2020年12月23日verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
3T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
4TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
8TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/ajax/openvpn/activate_ovpncfg.phppredictive
2File/cgi-bin/wlogin.cgipredictive
3File/index.phppredictive
4File/uncpath/predictive
5Filexxx_xxxxxxx.xxxpredictive
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
7Filexxxxxxxx.xxxpredictive
8Filexxxxxx.xxxxpredictive
9Filexxxxxx.xxxpredictive
10Filexxxxx.xxxpredictive
11Filexxxxxxx.xxxpredictive
12Filexxxxx-xxxxxxx.xxxpredictive
13Filexxxxxxxx.xxpredictive
14Filexxxxx.xxxxxxx.xxpredictive
15Filexxxxxxxxx/xxxxx/xxxxxx.xxxxpredictive
16Filexx-xxxxx/xxxxxxx.xxxpredictive
17Libraryxxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxx.xxxpredictive
18Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictive
19Argument-xpredictive
20Argumentxx/xxpredictive
21Argumentxxxxx_xxxxxxxx/xxxxx_xxxxxxxxpredictive
22Argumentxxxxx_xxxxxxxx_xxpredictive
23Argumentxxxxxpredictive
24Argumentxxx_xxpredictive
25Argumentxxpredictive
26Argumentxxxxxpredictive
27Argumentxxxxxxxxxpredictive
28Argumentx[]predictive
29Argumentxxx_xxpredictive
30Argumentxxxxx_xxxpredictive
31Argumentxxxxpredictive
32Argumentxxxxxxxx/xxxxpredictive
33Argument_xxxxpredictive
34Input Valuexxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!