Curious Serpens 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

言語

zh	8
ru	4
en	4

国・地域

cn	10
us	4
ru	2

アクター

BianLian	1
Cobalt Strike	1
Raccoon	1
Meduza Stealer	1
Quasar RAT	1

関心

タイプ

Not Defined	10
Bug Tracking Software	2
Versioning Software	2

ベンダー

Not Defined	8
Apache	2
Dialogic	2
Omeka	2

製品

Apache Airflow	2
Z-BlogPHP	2
Dialogic PowerMedia XMS	2
Omeka Classic	2
GitLab	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	All-in-One WP Migration Plugin class-ai1wm-backups.php ディレクトリトラバーサル	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00097	0.07	CVE-2022-1476
2	SonicWALL SMA1000 HTTP Connection 特権昇格	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00238	0.00	CVE-2022-22282
3	Omeka Classic クロスサイトスクリプティング	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00110	0.00	CVE-2021-26799
4	AgileConfig JWT Secret 弱い暗号化	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00329	0.00	CVE-2022-35540
5	Apache Airflow UI 特権昇格	7.1	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.46431	0.02	CVE-2022-40127
6	Support Board Plugin SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00211	0.05	CVE-2021-24741
7	GitLab Project Import 特権昇格	8.7	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.49688	0.04	CVE-2022-2185
8	GitLab Community Edition/Enterprise Edition Runner Registration Token 情報の漏洩	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03278	0.05	CVE-2022-0735
9	Git Plugin Build 特権昇格	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01156	0.00	CVE-2022-36883
10	Z-BlogPHP action_crawler.php 特権昇格	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00319	0.05	CVE-2022-40357
11	Dialogic PowerMedia XMS Administrative Console default.db Password 特権昇格	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.06	CVE-2018-11634
12	Extreme EXOS File 情報の漏洩	3.4	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.04	CVE-2017-14327
13	Plesk Onyx Reflected クロスサイトスクリプティング	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00151	0.04	CVE-2020-11584
14	Twothink App.php 特権昇格	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00639	0.04	CVE-2020-17952

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	64.52.80.30		Curious Serpens		2024年04月02日	verified	高

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
8	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/var/www/xms/xmsdb/default.db	predictive	高
2	File	zb_users/plugin/UEditor/php/action_crawler.php	predictive	高
3	Library	/xxxxxxx/xxxxx/xxx.xxx	predictive	高
4	Library	~/xxx/xxxxx/xxxxx-xxxxx-xxxxxxx.xxx	predictive	高
5	Argument	xxx_xx	predictive	低
6	Argument	xxxxxx	predictive	低
7	Argument	xxxxxx_xxxx/xxxxxxxxxx/xxxx_xx/xxxxxxxxxxxx_xx/xxxxxxxxxxxx_xxxxxx_xxxx/xxxxxxxxx_xx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!