DEV-0322 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (87)

言語

en	62
zh	10
pl	6
fr	4
sv	2

国・地域

us	54
cn	32

アクター

DEV-0322	9
Cobalt Strike	5
APT41	1

関心

タイプ

Not Defined	44
Operating System	6
File Transfer Software	4
Mail Server Software	4
WordPress Plugin	2

ベンダー

Not Defined	26
Adobe	8
VMware	4
Microsoft	4
MailEnable	4

製品

Adobe Magento Commerce	8
MailEnable Enterprise Premium	4
Yoast SEO Plugin	2
Combodo iTop	2
Swagger UI	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	MGB OpenSource Guestbook email.php SQLインジェクション	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	1.37	CVE-2007-0354
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	計算中	High	Workaround	0.02016	0.02	CVE-2007-1192
3	VMware Horizon Client/Horizon Message Framework Library 情報の漏洩	6.4	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00379	0.03	CVE-2018-6970
4	D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi 特権昇格	7.3	6.7	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.83361	0.26	CVE-2024-3273
5	Sustainsys.Saml2 未知の脆弱性	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.05	CVE-2023-41890
6	WeiYe-Jing datax-web HTTP POST Request killJob 特権昇格	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00256	0.00	CVE-2023-7116
7	cskefu 特権昇格	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00084	0.02	CVE-2022-36521
8	Apple macOS AppleMobileFileIntegrity 情報の漏洩	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00060	0.05	CVE-2023-23499
9	Tesla Model 3 Mobile App Phone Key Authentication 弱い認証	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00047	0.05	CVE-2022-37709
10	SSH SSH-1 Protocol 弱い暗号化	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00258	0.06	CVE-2001-1473
11	Laravel PendingBroadcast.php __destruct 特権昇格	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.00	CVE-2022-31279
12	EmdedThis GoAhead 特権昇格	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03418	0.00	CVE-2021-42342
13	Next.js URL サービス拒否	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00374	0.04	CVE-2021-43803
14	Next.js _error.js Redirect	5.0	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00066	0.00	CVE-2021-37699
15	Swagger UI CSS 特権昇格	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01741	0.03	CVE-2019-17495
16	OpenSSL c_rehash 特権昇格	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.10649	0.04	CVE-2022-1292
17	Hikvision Product Message 特権昇格	5.5	5.5	$0-$5k	$0-$5k	High	Not Defined	0.97485	0.04	CVE-2021-36260
18	HD-Network Real-time Monitoring System Parameter lang ディレクトリトラバーサル	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05404	0.02	CVE-2021-45043
19	CodeIgniter HTTP Request 特権昇格	8.3	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00195	0.02	CVE-2022-24711
20	jwt-go Access Restriction 特権昇格	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00193	0.01	CVE-2020-26160

キャンペーン (2)

These are the campaigns that can be associated with the actor:

CVE-2021-35211
Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	24.64.36.238	mail.target-realty.com	DEV-0322	ManageEngine ADSelfService Plus	2021年11月11日	verified	高
2	45.63.62.109	45.63.62.109.vultr.com	DEV-0322	ManageEngine ADSelfService Plus	2021年11月11日	verified	中
3	45.76.173.103	45.76.173.103.vultr.com	DEV-0322	ManageEngine ADSelfService Plus	2021年11月11日	verified	中
4	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxx.xxx	Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021年11月11日	verified	中
5	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxx.xxx	Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021年11月11日	verified	中
6	XX.XXX.XXX.XX	xxxxxxx-xxx-xxx-xx-xxx-xxx-xx.xxxxxx.xx	Xxx-xxxx	Xxx-xxxx-xxxxx	2021年07月14日	verified	高
7	XX.XX.XX.XX	xxxx-xx-xx-xx-xx.xx.xxx.xx.xxx	Xxx-xxxx	Xxx-xxxx-xxxxx	2021年07月14日	verified	高
8	XX.XXX.XXX.XX	xxxx-xxx-xxx-xx.xx.xx.xxx.xxx	Xxx-xxxx	Xxx-xxxx-xxxxx	2021年07月14日	verified	高
9	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxx.xxx	Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021年11月11日	verified	中
10	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxxxxx.xxx	Xxx-xxxx	Xxx-xxxx-xxxxx	2021年07月14日	verified	高
11	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxx.xxx	Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021年11月11日	verified	中
12	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxx.xxx	Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021年11月11日	verified	中
13	XXX.XXX.XX.XXX		Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021年11月11日	verified	高
14	XXX.XXX.XX.XX	xx.xx.xxx.xxx.xxxxxx.xxxx.xxxxx.xx	Xxx-xxxx	Xxx-xxxx-xxxxx	2021年07月14日	verified	高

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-21, CWE-22, CWE-23	Path Traversal	predictive	高
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
11	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	高
12	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
13	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
14	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/api/log/killJob	predictive	高
2	File	/cgi-bin/nas_sharing.cgi	predictive	高
3	File	/language/lang	predictive	高
4	File	admin/conf_users_edit.php	predictive	高
5	File	c_rehash	predictive	中
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
7	File	xxxxx.xxx	predictive	中
8	File	xxxx.xxx	predictive	中
9	File	xxxxxx/xxxxxxxxxxxx	predictive	高
10	File	xxxxxxxxxxxxxxxxxxx.xxxx	predictive	高
11	File	xxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxx	predictive	高
12	File	xxxxx_xxxxxxx.xxx	predictive	高
13	File	xxxxxxx.x	predictive	中
14	File	xxxxxxx.xxx	predictive	中
15	File	xxxxx/_xxxxx.xx	predictive	高
16	File	xxxxx.xxx	predictive	中
17	File	xxxxxxxx.xxx	predictive	中
18	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	高
19	File	xxxxxxxx_xxxx.xxx	predictive	高
20	File	xxxxxxxxxxxxxxxxxxxxxxxxx.xx	predictive	高
21	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	高
22	File	xx/xxxxxxxxx/xx	predictive	高
23	File	xxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	高
24	File	xxx/xxx-xxxxxxxxxx/xxxx-xxxxxx/xxxxxx.xxx	predictive	高
25	File	xx-xxxxx.xxx	predictive	中
26	File	xx/xx/xxxxx	predictive	中
27	Argument	--xxxxxx/--xxxxxxxx	predictive	高
28	Argument	xxxxxxxxxx	predictive	中
29	Argument	xxxxx_xxxxxx	predictive	中
30	Argument	xx	predictive	低
31	Argument	xx	predictive	低
32	Argument	xxxxx	predictive	低
33	Argument	xxxxxxx_xxx	predictive	中
34	Argument	xxxxxxxxx	predictive	中
35	Argument	xxxxxx_xxx	predictive	中
36	Argument	xxxxxx	predictive	低
37	Argument	x_xxxxxxxx	predictive	中
38	Argument	xxxxxxx.xx-xxxxx-xxxx	predictive	高
39	Input Value	/../	predictive	低
40	Input Value	[]xxxxxx{}/x["xxx"]	predictive	高
41	Pattern	xxxxxxxxxxx	predictive	中
42	Network Port	xxx/xxxx	predictive	中

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!