Boostwrite and RDFSniffer 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

言語

en	18
sv	4

国・地域

us	18
ru	2
cn	2

アクター

IcedID	1
Gootkit	1
ISFB	1
Gozi	1
SharkBot	1

関心

タイプ

Not Defined	14
Peer-to-Peer Software	2
Web Server	2
Groupware Software	2
Network Camera Software	2

ベンダー

Microsoft	4
Shenzhen Hichip Vision Technology	2
CeNova/Night OWL/Novo/Pulnix/QSee/Securus	2
Delta Electronics	2
Dahua	2

製品

Shenzhen Hichip Vision Technology V6	2
Shenzhen Hichip Vision Technology V7	2
Shenzhen Hichip Vision Technology V8	2
Shenzhen Hichip Vision Technology V9	2
Shenzhen Hichip Vision Technology V10	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Microsoft Exchange Server Mail メモリ破損	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.38328	0.00	CVE-2018-8302
2	Delta Electronics ASDA-Soft Project File メモリ破損	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00069	0.00	CVE-2022-1403
3	Fujitsu ETERNUS CentricStor CS8000 grel.php grel_finfo 特権昇格	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00731	0.00	CVE-2022-31795
4	Oracle WebLogic Server Web Container 情報の漏洩	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.96287	0.02	CVE-2022-21371
5	Palo Alto PAN-OS Web Interface 特権昇格	8.0	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00128	0.05	CVE-2021-3058
6	Schneider Electric EcoStruxure Building Operation WebStation Web Page Generation クロスサイトスクリプティング	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.00	CVE-2020-28210
7	Tiandy IP Cameras Service Port 3001 情報の漏洩	6.4	5.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00581	0.02	CVE-2017-15236
8	Shenzhen Hichip Vision Technology V20 P2P Service メモリ破損	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00627	0.04	CVE-2020-9527
9	Shenzhen Hichip Vision Technology V20 特権昇格	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00171	0.03	CVE-2020-9529
10	ANNKE SP1 HD Wireless Camera SSID クロスサイトスクリプティング	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.02	CVE-2017-18483
11	Mobotix IP Network Camera クロスサイトスクリプティング	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
12	CeNova/Night OWL/Novo/Pulnix/QSee/Securus DVR download.rsp Credentials 特権昇格	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Workaround	0.00551	0.00	CVE-2018-10676
13	Dahua Web P2P Key 情報の漏洩	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.04	CVE-2020-9501
14	AVTECH IP Camera/NVR/DVR PwdGrp.cgi 特権昇格	9.8	9.2	$5k-$25k	$0-$5k	High	Unavailable	0.00000	0.04
15	Microsoft Exchange Server 特権昇格	8.0	7.9	$5k-$25k	$0-$5k	High	Official Fix	0.97151	0.06	CVE-2020-0688
16	Apple iCloud Foundation 特権昇格	4.4	4.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2020-10002
17	Go Doc Dot Org Package ディレクトリトラバーサル	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01326	0.03	CVE-2018-12976
18	Symantec Messaging Gateway 特権昇格	7.3	7.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00083	0.00	CVE-2019-18379
19	Cisco Embedded Device X.509 Certificate 弱い認証	5.7	5.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00338	0.00	CVE-2015-6358
20	Orpak SiteOmat OrCU 特権昇格	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00571	0.02	CVE-2017-14853

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	109.230.199.227	reserved07.theonlygreeting.com	Boostwrite and RDFSniffer		2019年10月10日	verified	高

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
7	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/cgi-bin/supervisor/PwdGrp.cgi	predictive	高
2	File	download.rsp	predictive	中
3	File	xxxx.xxx	predictive	中
4	Argument	xxx_xxxxx_xxxx_xxxxxxx	predictive	高
5	Argument	xxxx/xx/xxxx	predictive	中

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!