Bonanza 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (318)

タイムライン

言語

en210
ru54
es12
it12
sv10

国・地域

us294
ru2

アクター

RedLine Stealer6
Cobalt Strike5
Stealc5
Bonanza4
RisePro3

アクティビティ

関心

タイムライン

タイプ

Not Defined104
Content Management System24
Forum Software18
Programming Language Software14
Operating System6

ベンダー

Not Defined80
SourceCodester12
PHPGurukul4
Apple4
Linux4

製品

phpBB8
SPiD4
Zentrack4
Linux Kernel4
PHPGurukul User Registration & Login and User Mana ...2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1SPIP spip.php クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.50CVE-2022-28959
2TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010759.63CVE-2006-6168
3Joomla CMS com_easyblog SQLインジェクション6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.29
4SourceCodester Online Employee Leave Management System addemployee.php 未知の脆弱性5.85.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.04CVE-2022-3121
5OpenBB read.php SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.00CVE-2005-1612
6Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.89CVE-2020-15906
7Apple Mac OS X Server Wiki Server クロスサイトスクリプティング4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.05CVE-2009-2814
8eSyndicat Directory Software suggest-listing.php クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.29
9Vienuke Vieboard viewtopic.asp SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002130.00CVE-2003-1196
10MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013021.09CVE-2007-0354
11Apple Mac OS X Server Wiki Server SQLインジェクション5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003392.81CVE-2015-5911
12Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP 特権昇格10.09.7$25k-$100k$5k-$25kHighOfficial Fix0.975050.04CVE-2022-22947
13MacCMS index.php 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.859250.02CVE-2017-17733
14Advisto Peel SHOPPING caddie_ajout.php 未知の脆弱性6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001180.04CVE-2018-20848
15Promosi-web ardguest ardguest.php クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001340.00CVE-2009-3668
16Haas Controller Ethernet Q Commands Service Remote Code Execution9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.000770.00CVE-2022-2475
17PHPizabi template.class.php assignuser 情報の漏洩4.34.2$0-$5k$0-$5kHighUnavailable0.005070.16CVE-2008-2018
18DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.63CVE-2010-0966
19ESecurityServices GPS Userdata Form allows Persistent クロスサイトスクリプティング5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
185.217.144.143Bonanza2023年11月09日verified
2109.107.182.2hosted-by.yeezyhost.netBonanza2023年11月09日verified
3XXX.XX.XX.XXXXxxxxxx2023年11月09日verified
4XXX.XX.XX.XXXXxxxxxx2023年11月09日verified
5XXX.XX.XX.XXXXxxxxxx2023年11月09日verified
6XXX.XXX.XXX.XXXxxxxxx2023年11月09日verified
7XXX.XXX.XX.XXXxxxxxx2023年11月09日verified
8XXX.XXX.XXX.XXXXxxxxxx2023年11月09日verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXX.XXXCAPEC-CWE-XXXXxxxxxx Xxxxx Xxx Xxxxxxxxxxx Xxxxxxxxxx Xxxxx Xxxxxxx Xxxxxpredictive
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (248)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/?r=email/api/mark&op=delFromSendpredictive
2File/admin/addemployee.phppredictive
3File/advanced-tools/nova/bin/netwatchpredictive
4File/cgi-bin/supervisor/PwdGrp.cgipredictive
5File/film-rating.phppredictive
6File/forum/away.phppredictive
7File/index.phppredictive
8File/librarian/bookdetails.phppredictive
9File/pages/faculty_sched.phppredictive
10File/php_action/createUser.phppredictive
11File/spip.phppredictive
12File/student/bookdetails.phppredictive
13Fileaccount.asppredictive
14Fileaddguest.cgipredictive
15Fileadd_comment.phppredictive
16Fileadmin.phppredictive
17Fileadmin/admin_users.phppredictive
18Fileadmin/conf_users_edit.phppredictive
19FileAdmin/edit-admin.phppredictive
20Fileadmin/establishment/manage.phppredictive
21Fileadmin/inquiries/view_details.phppredictive
22Fileadmin/skins.phppredictive
23Fileadmin/versions.htmlpredictive
24Fileadmindocumentworker.jsppredictive
25Fileadmin_feature.phppredictive
26Filealbum_portal.phppredictive
27Fileannounce.phppredictive
28Fileapply.cgipredictive
29Fileardguest.phppredictive
30Filebb_usage_stats.phppredictive
31Filebwdates-report-result.phppredictive
32Filexxxxxxxx.xxxpredictive
33Filexxxxxxxx_xxxx.xxxpredictive
34Filexxx-xxx/xxxxx_xxx_xxxpredictive
35Filexxx-xxx/xxxxx_xxxx.xxx?xxxxxx=xxxxxxxpredictive
36Filexxxxx.xxxxx.xxxpredictive
37Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
38Filexxxxxx.xxxpredictive
39Filexxxxxx.xxx.xxxpredictive
40Filexxx.xxxpredictive
41Filexxxxxxx.xxxpredictive
42Filexxxxxx.xxxpredictive
43Filexxxxxxxxxxxxxxx.xxxpredictive
44Filexxxxxxxx.xxxpredictive
45Filexxxxxxxxx/xxxxxxxxx.xxxpredictive
46Filexxxxxxx/xxx/x_xxxxx.xpredictive
47Filexxxxxxx/xxxxx/xxxxx/xxxxxx-xxx.xpredictive
48Filexxxx-xxxxxxx.xxxpredictive
49Filexxxxx.xxxpredictive
50Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictive
51Filexx_xxx.xxxpredictive
52Filexxxxx.xxxpredictive
53Filexx/xxxx/xxxxxxx.xpredictive
54Filexxxxxxx.xxxpredictive
55Filexxxxxxxxxxxx_xxxx.xxxpredictive
56Filexxxxx.xxxpredictive
57Filexxxx_xxxxxxx.xxx.xxxpredictive
58Filexxxxxx.xxxpredictive
59Filexxxx.xxxpredictive
60Filexx-xxx/xxxx.xxxpredictive
61Filexxxxx_xxxxxx.xxxpredictive
62Filexxx/xxxxxx.xxxpredictive
63Filexxx/xxxxxxxxx.xxx.xxxpredictive
64Filexxxxxxx.xxxpredictive
65Filexxxxx.xxxpredictive
66Filexxxxx.xxxxpredictive
67Filexxxxx.xxxpredictive
68Filexxxxxxx/xxxxxx.xxxpredictive
69Filexxxx_xxxx.xxxpredictive
70Filexxxx.xxxpredictive
71Filexxxxx.xxxpredictive
72Filexxxxx.xx/xxxxxxxxxxx.xxx/xxxxx.xxxpredictive
73Filexxxxxxxxx.xxxpredictive
74Filexxxxxxxxxxxx.xxxpredictive
75Filexxx/xxxx_xxx.xxxpredictive
76Filexxxx/xxxxxxx_xxxx.xpredictive
77Filexxx/xxx.xxxpredictive
78Filexxxxxxx/xxx_xxxxxxxx.xxxpredictive
79Filexxx_xxxxxxxx.xxxpredictive
80Filexxxxxxxx.xxxpredictive
81Filexxxx-xxxxxx.xxxpredictive
82Filexxxxxxxx.xxxpredictive
83Filexxx_xxxx.xxxpredictive
84Filexxxxxxx_xxxx.xxxpredictive
85Filexxxxx.xxxpredictive
86Filexxxxxpredictive
87Filexxxxxxxx.xxxpredictive
88Filexxxxx/xxxxxxx.xxxpredictive
89Filexxxxx-xxx.xpredictive
90Filexxxxx.xxxpredictive
91Filexxxxx/xxxxxxxxxxx/xxxxx.xxxpredictive
92Filexxxx.xxxpredictive
93Filexxxxxxxxxxxxxx.xxxpredictive
94Filexxxx.xxxpredictive
95Filexxxxxxxx-x.xxpredictive
96Filexxxxxxxx.xxxpredictive
97Filexxxxxxxxxxx-xxxxxxx.xxxpredictive
98Filexxxx/xxx/xxx_xxxx.xpredictive
99Filexxxx_xxxx_xxxxxx.xxxpredictive
100Filexxxxxx.xxxpredictive
101Filexxxxxx.xxxpredictive
102Filexxxxxxxx.xxxpredictive
103Filexxxxxx_xxx_xxxxxx.xxxpredictive
104Filexxxxx.xxxpredictive
105Filexxxxxxx/xxxxxx.xxxpredictive
106Filexxxxxxx.xxxpredictive
107Filexxxx_xxxxx.xxxxpredictive
108Filexxxxx.xxxpredictive
109Filexxxxx_xxxxx.xxxpredictive
110Filexxxxx.xxxpredictive
111Filexxxxxxx-xxxxxxxx.xxxpredictive
112Filexxxxxxx-xxxxxxx.xxxpredictive
113Filexxxxxxx_xxxxxxxx.xxxpredictive
114Filexxxxxxxx.xxxxx.xxxpredictive
115Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictive
116Filexxxxxxxxxxxxxxxxxxx.xxx/xxxxxxxx_xxxxx_xxxx_xxxxxxxx_xxxxxxxxxx.xxxpredictive
117Filexxxxx-xxxx.xxxpredictive
118Filexxxx-xxxxx.xxxpredictive
119Filexxxx-xxxxxxxx.xxxpredictive
120Filexxxx.xxxpredictive
121Filexxx.xxxpredictive
122Filexxxxxxx-x-x-x.xxxpredictive
123Filexxxxxx.xxxpredictive
124Filexxxxxx_xxxxxxxx.xxxpredictive
125Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
126Filexxxx.xxxpredictive
127Filexxxx/xxxxxxxxxxxx.xxxpredictive
128Filexxxxxxxxx.xxxpredictive
129Filexxxx_xxxx.xxxpredictive
130Filexxxx_xxxxxxx.xxxpredictive
131Filexxxxxxxxxxxxx.xxxpredictive
132Filexxx/xxxxxxx.xxxpredictive
133Filexxxxxxx.xxxxpredictive
134Filexxxxxxxxxx.xxxxpredictive
135Filexxxxxx.xxxpredictive
136Library/xxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictive
137Libraryxxxxxx[xxxxxx_xxxxpredictive
138Libraryxxxxxxxx.xxxpredictive
139Libraryxxxxxxxxxxx.xxxpredictive
140Libraryxxxxxxx_xxxxxx_xxxxxxxpredictive
141Argument$_xxxxxx['xxxxx_xxxxxx']predictive
142Argumentxxxxxxpredictive
143Argumentxxxxxxxxxxxxpredictive
144Argumentxxxxxxxxpredictive
145Argumentxxxxxxxxpredictive
146Argumentxxxx_xxxpredictive
147Argumentxxx_xxxpredictive
148Argumentxxxpredictive
149Argumentxxx_xxpredictive
150Argumentxxxpredictive
151Argumentxxxx_xxpredictive
152Argumentxxxxxxxpredictive
153Argumentxxxxxxpredictive
154Argumentxxxxxxxxxxpredictive
155Argumentxxxxxx[xxxxxx_xxxx]predictive
156Argumentxxxxxx[xxxx]predictive
157Argumentxxxxxx[xxx_xxxx_xxxx]predictive
158Argumentxxxxxxxxx[x]predictive
159Argumentxxxxxpredictive
160Argumentxxxxxx_xx/xxxx/xxxxxxxpredictive
161Argumentxxxxxxxxxxxpredictive
162Argumentxxxxxxxpredictive
163Argumentxxxxxpredictive
164Argumentxxxxxxxxxxpredictive
165Argumentxxxx_xxxxxxxxpredictive
166Argumentxxxxxpredictive
167Argumentxxxxxxxxpredictive
168Argumentxxxxx_xxxpredictive
169Argumentxxxxxpredictive
170Argumentxxxxxxxpredictive
171Argumentxxxx/xxxxpredictive
172Argumentxx_xxxxpredictive
173Argumentxxxx_xxpredictive
174Argumentxxxxxxxpredictive
175Argumentxxxxx_xxpredictive
176Argumentxxxxxxxxxxpredictive
177Argumentxxxxxxxpredictive
178Argumentxxxxxxxpredictive
179Argumentxxpredictive
180Argumentxxxxxxxxpredictive
181Argumentxxpredictive
182Argumentxxpredictive
183Argumentxx=predictive
184Argumentxxxxx/xxxxpredictive
185Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictive
186Argumentxxxxpredictive
187Argumentxxxxpredictive
188Argumentxxxxxxpredictive
189Argumentxxxxxpredictive
190Argumentxxxxxxxxpredictive
191Argumentxxxxpredictive
192Argumentxxxx_xxxxpredictive
193Argumentxxxx_xxxpredictive
194Argumentxxxxx_xxxxpredictive
195Argumentxxx_xxxxxxx_xxxpredictive
196Argumentxxxxpredictive
197Argumentxxxpredictive
198Argumentxx_xxxxxxxxpredictive
199Argumentxxxxxxxxpredictive
200Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
201Argumentxxxxxpredictive
202Argumentxxxx_xxxxpredictive
203Argumentxxpredictive
204Argumentxxxxxxx xxxxxxpredictive
205Argumentxxxxpredictive
206Argumentxxxxxxpredictive
207Argumentxxxxxxxxpredictive
208Argumentxxxxpredictive
209Argumentxxxx_xx_xx_xxxpredictive
210Argumentxxxxx_xxxx_xxxxpredictive
211Argumentxxxxxpredictive
212Argumentxxxxxxxxpredictive
213Argumentxxxxxxx_xxpredictive
214Argumentxxxxxpredictive
215Argumentxxxxxxxxxpredictive
216Argumentxxxxxxxpredictive
217Argumentxxxxxxpredictive
218Argumentxxxxxxxxpredictive
219Argumentxxxxxxxxxpredictive
220Argumentxxxpredictive
221Argumentxxxpredictive
222Argumentxxxxxxpredictive
223Argumentxxxxxxxxxxpredictive
224Argumentxxxpredictive
225Argumentxxxpredictive
226Argumentxxxxxxxxx_xxxxxx_xxxpredictive
227Argumentxxxxpredictive
228Argumentxxxxpredictive
229Argumentxxxxpredictive
230Argumentxxxxxxxxxxpredictive
231Argumentxxxxpredictive
232Argumentxxxpredictive
233Argumentxxxxxpredictive
234Argumentxxxxxxpredictive
235Argumentxxxpredictive
236Argumentxxxxpredictive
237Argumentxxxxxxxxpredictive
238Argumentxxxxxxxxpredictive
239Argumentxxxxxxxx/xxxxxxxxpredictive
240Argumentxxpredictive
241Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
242Input Value'xx''='predictive
243Input Value' xx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxx xxxxx xx x)x)-- xxxxpredictive
244Input Value-xpredictive
245Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>predictive
246Input Valuexxxx<xxx xxx="" xxxxxxx=xxxxx(x)>predictive
247Input Value\xxx../../../../xxx/xxxxxxpredictive
248Network Portxxx/xx (xxx xxxxxxxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!