BundleBot 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (44)

言語

en	44

国・地域

us	40
cn	2

アクター

BundleBot	2

関心

タイプ

Not Defined	14
Hardware Driver Software	6
Smartphone Operating System	6
Web Server	2
Content Management System	2

ベンダー

Not Defined	18
NVIDIA	6
Apple	6
Extreme Networks	2
Microsoft	2

製品

NVIDIA Windows GPU Display Driver	6
Apple iOS	6
Apple iPadOS	4
Microweber	2
Extreme Networks Extreme Management Center	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	AnyMacro AnyMacro Mail System ディレクトリトラバーサル	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00179	0.02	CVE-2011-2468
2	Microsoft Windows KernelStream 情報の漏洩	5.1	4.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00043	0.00	CVE-2020-16889
3	Apple iOS/iPadOS WebKit 特権昇格	7.5	7.2	$100k 以上	$5k-$25k	Not Defined	Official Fix	0.02108	0.00	CVE-2020-3897
4	Liferay Portal JSONWS 特権昇格	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.97470	0.00	CVE-2020-7961
5	Liferay Portal 特権昇格	9.8	8.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00578	0.00	CVE-2011-1571
6	CKFinder File Name 特権昇格	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00155	0.04	CVE-2019-15862
7	CKeditor Paste クロスサイトスクリプティング	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00123	0.00	CVE-2018-17960
8	Juniper Junos Veriexec 特権昇格	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.02	CVE-2019-0071
9	JunosOS J-Web 特権昇格	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00275	0.02	CVE-2022-22241
10	phpMyAdmin tbl_export.php クロスサイトスクリプティング	4.3	4.1	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00220	0.03	CVE-2007-4306
11	Microweber Backup/Restore 特権昇格	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2022-0921
12	GitLab Community Edition/Enterprise Edition GitHub API Endpoint 特権昇格	8.1	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00620	0.02	CVE-2022-2884
13	Apple iOS/iPadOS Kernel 特権昇格	7.8	7.5	$25k-$100k	$5k-$25k	High	Official Fix	0.00192	0.00	CVE-2020-27932
14	Apple watchOS Kernel 特権昇格	7.8	7.5	$0-$5k	$0-$5k	High	Official Fix	0.00192	0.00	CVE-2020-27932
15	Apple iOS Photos ディレクトリトラバーサル	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00176	0.03	CVE-2015-7037
16	NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape 特権昇格	6.2	6.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2019-5687
17	NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape サービス拒否	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2019-5691
18	NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape サービス拒否	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.02	CVE-2020-5966
19	NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys メモリ破損	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2019-5677
20	NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys Local Privilege Escalation	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2019-5675

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	51.79.180.158	ip158.ip-51-79-180.net	BundleBot	2023年07月19日	verified	高
2	XX.XXX.XXX.XX	xx-xx-xxx-xxx-xx.xxxxxx.xxxxxxx.xxx	Xxxxxxxxx	2023年07月19日	verified	高
3	XXX.XX.XX.XXX	xxxxx.xx-xxx-xx-xx.xxx	Xxxxxxxxx	2023年07月19日	verified	高
4	XXX.XX.XX.XXX	xxxxx.xx-xxx-xx-xx.xxx	Xxxxxxxxx	2023年07月19日	verified	高

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	高
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
5	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
7	TXXXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	tbl_export.php	predictive	高
2	File	ViewLog.asp	predictive	中
3	Library	/_xxx_xxx/xxxxx.xxx	predictive	高
4	Library	xxxxxxxx.xxx	predictive	中
5	Library	xxxxxx/xxxxxxxxx/xxxxx.xxx	predictive	高
6	Argument	xxxxx->xxxx	predictive	中
7	Argument	xxxxxx_xxxx	predictive	中
8	Argument	xxx_xxxxx	predictive	中
9	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!