CloudEyE 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (65)

タイムライン

言語

en24
sv14
fr6
pl6
ar4

国・地域

sv14
us12
fr6
pl6
ar4

アクター

Bashlite2
Mirai2
Stealc2
RedLine Stealer2
AsyncRAT2

アクティビティ

関心

タイムライン

タイプ

Not Defined24
SCADA Software10
Programming Language Software4
Operating System4
Router Operating System2

ベンダー

Not Defined16
Schneider Electric8
Microsoft6
TP-LINK2
Squid2

製品

PHP4
Schneider Electric Andover Continuum4
Cryptocat4
TP-LINK TL-SC31712
Microsoft Windows2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Schneider Electric EcoStruxure Control Expert Modbus 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002010.00CVE-2022-37300
2Schneider Electric Andover Continuum Code Generation 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.023290.03CVE-2020-7480
3Schneider Electric Andover Continuum Web Server クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000780.04CVE-2020-7482
4BigTree CMS File Upload 特権昇格8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002230.00CVE-2017-7695
5Schneider Electric MiCOM S1 Studio Configuration File 特権昇格7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2013-0687
6Alstom MiCOM S1 Studio 特権昇格7.87.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2013-2786
7Lithium CMS Stored ディレクトリトラバーサル6.56.1$0-$5k$0-$5kFunctionalUnavailable0.017180.05CVE-2006-5731
8TOTOLINK EX200 GET Parameter downloadFlile.cgi 特権昇格6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.320890.00CVE-2021-43711
9Enthrallweb eCars types.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003480.00CVE-2006-6803
10Hotjar Plugin クロスサイトスクリプティング2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-1259
11Schneider Electric Modicon MC80 Modbus TCP Protocol メモリ破損7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000860.04CVE-2022-37301
12PHP cgi_main.c 特権昇格7.37.0$25k-$100k$0-$5kHighOfficial Fix0.974420.07CVE-2012-1823
13Intel Ethernet Diagnostic Driver 特権昇格6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-0135
14Schneider Electric EcoStruxure Operator Terminal Expert Project Conversion 特権昇格7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2022-41668
15AVEVA Plant SCADA/Telemetry Server 特権昇格9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001750.00CVE-2023-1256
16PHP strspn Remote Code Execution7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.258250.00CVE-2007-2872
17PDF Viewer Plugin Shortcode クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2023-0033
18Microsoft HEVC Video Extensions Remote Code Execution8.37.3$25k-$100k$0-$5kUnprovenOfficial Fix0.423560.00CVE-2021-41360
19Cisco Web Security Appliance Traffic Monitor 特権昇格7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001430.00CVE-2018-0353
20tinyexr tinyexr.h ReadChannelInfo メモリ破損8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002010.00CVE-2018-12064

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
185.209.176.46CloudEyE2023年12月15日verified
2XX.XXX.X.XXXXxxxxxxx2024年04月26日verified
3XXX.XX.XXX.XXXXxxxxxxx2023年07月03日verified
4XXX.XXX.XX.XXXXxxxxxxx2023年09月21日verified
5XXX.XXX.XXX.XXXxxxxxxx2023年12月22日verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1Fileassetmanager.asppredictive
2Filecryptocat.jspredictive
3FiledownloadFlile.cgipredictive
4Filegames.phppredictive
5Filexxxxx.xxxpredictive
6Filexxxxxxx/xxxxx.xpredictive
7Filexxxxxxxx.xxxpredictive
8Filexxxxxxxx.xpredictive
9Filexxxx/xxx/xxx_xxxx.xpredictive
10Filexxxxxxx.xxpredictive
11Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxxxxxxxxxxxxxxxxxxx.xxxpredictive
12Filexxxxxxx.xpredictive
13Filexxxxx.xxxpredictive
14Libraryxxxxxx.xxxpredictive
15Argument$_xxxxxx['xxxxx_xxxxxx']predictive
16Argument-xpredictive
17Argumentxxxxxpredictive
18Argumentxxxxxxxxxpredictive
19Argumentxxxxx_xxxxxxxxpredictive
20Argumentxxpredictive
21Argumentxxxxxxpredictive
22Argumentxxxxpredictive
23Argumentxxxxxxxpredictive
24Argumentxxxxxxxx[xxxx]predictive
25Argumentxxxxpredictive
26Argumentxxxx_xxpredictive
27Argumentxxxxxpredictive
28Input Value-xpredictive
29Input Valuexxx.xxx[xxxxx]predictive
30Network Portxxx/xx (xxx xxxxxxxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!