DEV-0530 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (166)

タイムライン

言語

en164
pl2

国・地域

us166

アクター

H0lyGh0st1
Remcos1
Cobalt Strike1
NetWire RC1
Nanocore RAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined60
Operating System14
Content Management System10
Programming Language Software8
Cloud Software6

ベンダー

Not Defined58
Microsoft22
Google6
Apache6
LibreHealth4

製品

Microsoft Windows12
Apache Tomcat6
WordPress4
LibreHealth EHR Base4
MariaDB4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1TLS Protocol/SSL Protocol RC4 Encryption Bar Mitzvah Attack 弱い暗号化5.34.7$0-$5k$0-$5kUnprovenWorkaround0.003000.04CVE-2015-2808
2Couchbase Server 情報の漏洩3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001580.00CVE-2022-32192
3OTRS Forwarder 情報の漏洩3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000720.03CVE-2022-32740
4Veritas NetBackup pbx_exchange Process 特権昇格8.36.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003560.04CVE-2017-6407
5Microsoft Azure RTOS USBX ux_device_class_dfu_control_request メモリ破損9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.012350.00CVE-2022-29246
6PHPMailer Phar Deserialization addAttachment 特権昇格5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
7jQuery UI dialog クロスサイトスクリプティング5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004690.04CVE-2016-7103
8Intel Xeon BIOS 情報の漏洩3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-33117
9HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Update メモリ破損9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.002610.02CVE-2022-31481
10Apache Tomcat HTTP Split 特権昇格7.26.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002620.05CVE-2016-6816
11Delta Controls enteliTOUCH HTTP Request Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.001880.00CVE-2022-29735
12Moment.js ディレクトリトラバーサル6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.08CVE-2022-24785
13Laravel PendingBroadcast.php __destruct 特権昇格6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2022-31279
14Piwigo クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2021-40678
15Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr メモリ破損8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.00CVE-2022-32981
16GNU C Library mq_notify メモリ破損5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.013860.00CVE-2021-33574
17Vyper Contract Address 特権昇格7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2022-29255
18Easy Blog 未知の脆弱性4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-27174
19Brocade SANnav REST API 情報の漏洩3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2022-28162
20Python mailcap Module 特権昇格7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.04CVE-2015-20107

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • H0lyGh0st

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1193.56.29.123DEV-0530H0lyGh0st2022年07月15日verified

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
18TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin.php?page=batch_manager&mode=unitpredictive
2File/goform/aspFormpredictive
3File/omps/sellerpredictive
4File/php/passport/index.phppredictive
5File/replicationpredictive
6File/settingspredictive
7File/staff/tools/custom-fieldspredictive
8File/strings/ctype-latin1.cpredictive
9File/xxxxxxx/predictive
10File/xxxxxxx-xxxxxxxxxx/xxxxx/xxxxxx_xxxxxx_xxxxxxx_xxxxxxx.xxx?xxxxxxx_xx=xxpredictive
11Filexxxxx/xxxxxxxxxxxxxxxxx.xxxpredictive
12Filexxxxxxxxxxxxxxxxx.xxxxpredictive
13Filexxxxxxx.xxxxpredictive
14Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictive
15Filexxx-xxx/xxxxxxx.xxpredictive
16Filexxxxxxxxx.xxxpredictive
17Filexxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictive
18Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictive
19Filexxxx/xxxxx/xxx_xxxxx.xxxpredictive
20Filexxxx_xx.xxpredictive
21Filexxx_xxxxxx.xxpredictive
22Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictive
23Filexxxxx.xxxpredictive
24Filexxxxxxxxx/xxxx/xxxxxx/xxxxxx_xxxxxxxxxx.xxxpredictive
25Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictive
26Filexxxxxxxxxx/xxxxxx_xxxxxxxx.xpredictive
27Filexx/xxxxx/xxxxxxx/xxxx.xxpredictive
28Filexxx/xxxx/xxxx.xpredictive
29Filexxxxxx-xxx.xpredictive
30Filexxxxxx.xpredictive
31Filexxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx.xxxxpredictive
32Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
33Filexxxxx.xxxpredictive
34Filexxx/xxxx_xxxxxxx.xxpredictive
35Filexxx/xxxx_xxxx.xxpredictive
36Filexxxxxxx.xpredictive
37Filexxxx_xxx_xxx.xxxpredictive
38Filexxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
39Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
40File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictive
41Libraryxxxxx.xxxpredictive
42Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictive
43Argumentxxxxxxxxpredictive
44Argumentxxpredictive
45Argumentxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictive
46Argumentxxxxxxxpredictive
47Argumentxxxxxxxxxx_xxxxpredictive
48Argumentxxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictive
49Argumentxxxxxxxxxpredictive
50Argumentxxxxxxpredictive
51Argumentxxxxxx/xxxxxxxxxxpredictive
52Argumentxxxxx xxxxpredictive
53Argumentxxpredictive
54Argumentxxxxxxxxx/xxxxxxxxxpredictive
55Argumentxxxxpredictive
56Argumentxxpredictive
57Argumentxxxxpredictive
58Argumentxxxxxxpredictive
59Argumentxxxxxxxxpredictive
60Argumentxxxxxxxxpredictive
61Argumentxxxxxxxpredictive
62Argumentxxxxxpredictive
63Argumentxxxxxx_xxxxpredictive
64Argumentxxxxxxxxxxxxxxxxxxxpredictive
65Argumentxxxpredictive
66Argumentxxxxxxxxpredictive
67Argumentxxxxxpredictive
68Argumentxxxx_xxpredictive
69Argumentx-xxxxxxxxx-xxxpredictive
70Network Portxxx/xxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!