Butterfly 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (413)

タイムライン

言語

en356
de28
es14
fr8
jp4

国・地域

nl232
us112
de22
gb8
se8

アクター

Butterfly4
Charming Kitten1
Mylobot1
Dorkbot1
APT281

アクティビティ

関心

タイムライン

タイプ

Not Defined118
Content Management System40
Web Server28
Operating System20
WordPress Plugin12

ベンダー

Not Defined156
Microsoft40
Apache22
QNAP8
Cisco6

製品

WordPress18
Apache HTTP Server16
Microsoft Windows14
Microsoft IIS10
OpenSSL8

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.78CVE-2020-12440
2Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055
3MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013021.06CVE-2007-0354
4Vunet VU Web Visitor Analyst redir.asp SQLインジェクション7.37.1$0-$5k$0-$5kHighWorkaround0.001190.03CVE-2010-2338
5LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000006.14
6Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.06CVE-2014-4078
7Apache HTTP Server mod_rewrite Redirect6.76.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002580.13CVE-2020-1927
8MidiCart PHP Shopping Cart item_show.php SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
9ProFTPD mod_sftp/mod_sftp_pam kbdint.c resp_count サービス拒否7.57.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.019800.05CVE-2013-4359
10MikroTik RouterOS SMB メモリ破損8.58.4$0-$5k$0-$5kHighOfficial Fix0.880650.05CVE-2018-7445
11DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.12CVE-2010-0966
12nginx HTTP/2 サービス拒否6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.025420.04CVE-2018-16844
13Hospital Management System search.php SQLインジェクション7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001400.00CVE-2022-48120
14CKFinder File Name 特権昇格7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.04CVE-2019-15862
15sitepress-multilingual-cms Plugin class-wp-installer.php 未知の脆弱性6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005790.04CVE-2020-10568
16WordPress SQLインジェクション6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
17Apache Tomcat JSP File 特権昇格7.77.5$5k-$25k$0-$5kHighOfficial Fix0.975010.07CVE-2017-12617
18Apache Tomcat CORS Filter Cache Poisoning 弱い認証5.85.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2017-7674
19Omron PLC CS/PLC CJ/PLC NJ Brute Force 情報の漏洩6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.002130.04CVE-2019-18261
20Pegasus Imaging ImagXpress ActiveX Control pegasusimaging.activex.thumnailxpress1.dll compactfile ディレクトリトラバーサル4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.830350.00CVE-2007-5320

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
146.165.237.75Butterfly2020年12月24日verified
2XX.XXX.XXX.XXXxxxxxx.xxxxxxxxxx.xxxXxxxxxxxx2020年12月24日verified
3XXX.XXX.XXX.XXxxxxxxxx2020年12月24日verified
4XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxxx2020年12月24日verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
19TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (183)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/broadcast.phppredictive
2File/admin/sysmon.phppredictive
3File/cgi-bin/webviewer_login_pagepredictive
4File/ecrirepredictive
5File/forum/away.phppredictive
6File/getcfg.phppredictive
7File/MicroStrategyWS/happyaxis.jsppredictive
8File/owa/auth/logon.aspxpredictive
9File/proc/ioportspredictive
10File/search.phppredictive
11File/services/details.asppredictive
12File/tmppredictive
13File/uncpath/predictive
14File/Upload.ashxpredictive
15File/usr/sbin/suexecpredictive
16File/var/tmp/sess_*predictive
17File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictive
18Fileactivateuser.aspxpredictive
19Fileadclick.phppredictive
20Fileadmin/killsourcepredictive
21Fileadmin/orion.extfeedbackform_efbf_forms.phppredictive
22Filexxxx-xxxx.xpredictive
23Filexxx/xxx/xxxxxxx.xpredictive
24Filexxxxx.xxxpredictive
25Filexxxx.xxxpredictive
26Filexxxxxxxxxx.xxxpredictive
27Filexxxxxx.xxxpredictive
28Filexxxxxx/xxxx/x_xxx.xpredictive
29Filexxxx/xxxxxxx/xxxxxxxxpredictive
30Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
31Filexxxxxxx.xxxpredictive
32Filexxxxxxxxx.xxxpredictive
33Filexxxxxxxx.xxxpredictive
34Filexxx/xxx/xxxxxpredictive
35Filexxxxx.xxxpredictive
36Filexxxx.xxxpredictive
37Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictive
38Filexxxxxxx.xxxpredictive
39Filexxx_xxxx.xpredictive
40Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictive
41Filexx/xxxxx/xxxxxx.xpredictive
42Filexxx/xxxxxxxx.xxxpredictive
43Filexxx/xxxxxx.xxxpredictive
44Filexxxxxxx/xxxxx/xxx_xxxx.xpredictive
45Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
46Filexxxxx.xxxpredictive
47Filexxxxxxxxx/xxxxx/xxx_xxx/xxxx.xxxpredictive
48Filexxxxx.xxxxxxx.xxxpredictive
49Filexxxx_xxxx.xxxpredictive
50Filexxxxxxxx/xxxxxxxxxpredictive
51Filexxx?xxxx.xxxpredictive
52Filexxxxxx.xpredictive
53Filexxxxxx-xxx.xxpredictive
54Filexxxxx.xxxpredictive
55Filexxxxx.xxxpredictive
56Filexxxxxxxx.xxxpredictive
57Filexxx_xxx_xxxxxx.xpredictive
58Filexxx_xxxxx_xxxx.xpredictive
59Filexxxxxxpredictive
60Filexxxxxxxx_xxxxxx.xxxpredictive
61Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictive
62Filexxxxxxxx.xxxpredictive
63Filexxx.xxxpredictive
64Filexxxxxxx.xxxpredictive
65Filexxxxx.xxxpredictive
66Filexxxxxxxxxx.xxxpredictive
67Filexxx_xxxxxx/xxxxxx/xxxxxxxxxxxxpredictive
68Filexxxxxxx.xxxpredictive
69Filexxxxx.xxxpredictive
70Filexxxxxxxxxx.xxxpredictive
71Filexxxx.xxxpredictive
72Filexxx.xpredictive
73Filexxxxxxxx/xxxxxxxx/xxxxx.xxxpredictive
74Filexxxxxxxx.xxxpredictive
75Filexxxx-xxxxxx.xpredictive
76Filexxxx.xxxpredictive
77Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
78Filexxxxxxxxxxxxxxxxxxxx.xxxpredictive
79Filexxxxx-xxxx.xxxpredictive
80Filexxxxxxxxxxxxxxx.xxxpredictive
81Filexxxxxxxxx.xxxpredictive
82Filexx.xxxpredictive
83Filexxxxxx.xxxpredictive
84Filexxxxxxxx.xxxpredictive
85Filexxxx/xxxxxxxxx.xpredictive
86Filexxx/xxx/xxx-xxx/xxxx.xxxpredictive
87Filexxxxxxxxxxxxxxxxx.xxxpredictive
88Filexxxx-xxx-xxxxx-xxxxx.xxxpredictive
89Filexxxx.xxxpredictive
90Filexxxxxxxxx-xxxpredictive
91Filexxxxxx/xxxxxxxxxxxxx.xxxpredictive
92Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
93Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-xpredictive
94Filexx-xxxxxxx/xxxxxxxpredictive
95Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictive
96Filexxxxxxxxx.xxxpredictive
97Filexxxxxx.xxxpredictive
98Filexxxx/xxxx_xxx_xxxxxx.xpredictive
99File_xxxxxx.xxxpredictive
100Libraryxxxxxxxx.xxxpredictive
101Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictive
102Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictive
103Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictive
104Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictive
105Libraryxxxxxxx.xxxpredictive
106Argument-xpredictive
107Argumentxxx_xxxxpredictive
108Argumentxxxxxxxxxxxpredictive
109Argumentxxxxxxxxxxxxxxpredictive
110Argumentxxxxxxxxpredictive
111Argumentxxxxxxpredictive
112Argumentxxxpredictive
113Argumentxxx_xxpredictive
114Argumentxxxxxxxpredictive
115Argumentxxxpredictive
116Argumentxxxpredictive
117Argumentxxxx_xxpredictive
118Argumentxxxxxxx/xxxxxxpredictive
119Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictive
120Argumentxxxxxpredictive
121Argumentxxxxxxxxxxpredictive
122Argumentxxxxxxpredictive
123Argumentxxxxpredictive
124Argumentxxxxx_xxxpredictive
125Argumentxxxxxxpredictive
126Argumentxxxxxxxxx->xxxxxxxxxpredictive
127Argumentxxxxpredictive
128Argumentxxxxxxxxxpredictive
129Argumentxxxxpredictive
130Argumentxxpredictive
131Argumentxxxxxxxpredictive
132Argumentxxxxxxpredictive
133Argumentxxxx_xxpredictive
134Argumentxxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxxpredictive
135Argumentxxxx_xxxx/xxxxxpredictive
136Argumentxxxxxpredictive
137Argumentxxxpredictive
138Argumentxx[xxxx]predictive
139Argumentxxxxpredictive
140Argumentxxpredictive
141Argumentxxxxx/xxpredictive
142Argumentxxxxx/xxxxxxpredictive
143Argumentxxxxxxxpredictive
144Argumentxxxxpredictive
145Argumentxxxxxxxxpredictive
146Argumentxxxxxxxxpredictive
147Argumentxxxxxxpredictive
148Argumentxxxxpredictive
149Argumentxxxxpredictive
150Argumentxxxxxxpredictive
151Argumentxxxxxxpredictive
152Argumentxxxxxxxxpredictive
153Argumentxxxxxxx_xxpredictive
154Argumentxxxxxxpredictive
155Argumentxxxpredictive
156Argumentxxpredictive
157Argumentxxxxxxxxxpredictive
158Argumentxxxxxxxxxpredictive
159Argumentxxxxpredictive
160Argumentxxxx_xxpredictive
161Argumentxxxpredictive
162Argumentxxxxxxxxpredictive
163Argumentxxxxxxxx/xxxxxxxxpredictive
164Argumentx-xxxxxxxxx-xxxpredictive
165Argumentx-xxxxxxxxx-xxxxpredictive
166Input Value%xxx%xxxxxxxxx%xxxxxxx(x)>%xxpredictive
167Input Value.%xx.../.%xx.../predictive
168Input Value..\..\xxx.xxxxxxpredictive
169Input Value/xxxx.xxxpredictive
170Input Valuexxxxpredictive
171Input Value</xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictive
172Input Valuexxxxxpredictive
173Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
174Input Valuexxxxxxxxx' xxx 'x'='xpredictive
175Input Valuexxx?xxxx.xxxpredictive
176Input Valuexxxx:xxxxxxpredictive
177Input Value\xpredictive
178Patternxxxxxxx-xxxxxxxxxxx|xx| xxxx-xxxxpredictive
179Network Portxx xxxxxxx xxx.xx.xx.xxpredictive
180Network Portxxxx xxxxpredictive
181Network Portxxx/xx (xxx)predictive
182Network Portxxx/xxxxpredictive
183Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!