Diicot 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (37)

タイムライン

言語

en22
es10
fr2
pt2
ru2

国・地域

us38

アクター

STRRAT1
AsyncRAT1
Mirai1
Stealc1
Ave Maria1

アクティビティ

関心

タイムライン

タイプ

Not Defined16
Content Management System6
Photo Gallery Software4
Log Management Software2
Programming Language Software2

ベンダー

Not Defined14
Joomla4
PhotoPost4
TOTOLINK2
HTMLJunction2

製品

Joomla CMS4
TOTOLINK T82
HTMLJunction EZGuestbook2
Cacti2
Jetbox CMS2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DUware DUpaypal detail.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.004210.02CVE-2006-6365
2TOTOLINK T8 Telnet Service product.ini 弱い認証6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.010380.00CVE-2023-24155
3NAVER Whale Browser Mobile App Incognito Mode 特権昇格5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2020-9754
4Sophos Web Appliance Change Password Dialog Box index.php 特権昇格7.56.5$0-$5k$0-$5kHighOfficial Fix0.178010.00CVE-2014-2849
5Dell EMC PowerScale OneFS master.passwd 未知の脆弱性4.14.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.03CVE-2022-22563
6phpBB posting.php Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002320.00CVE-2010-1630
7myPHPNuke links.php クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.004780.02CVE-2003-1372
8cmsimple index.php ディレクトリトラバーサル7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.063440.08CVE-2008-2650
9Mariovaldez Simple Text-File Login Script slogin_lib.inc.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.007880.02CVE-2008-5763
10Cacti graphs.php SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007680.01CVE-2015-4634
11AWStats awstats.pl ディレクトリトラバーサル5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.004990.05CVE-2020-35176
12PhotoPost PhotoPost vBGallery File Upload upload.php 特権昇格6.35.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.005460.04CVE-2008-7088
13RapidShare Database default.asp クロスサイトスクリプティング4.34.3$0-$5k$0-$5kHighUnavailable0.001840.00CVE-2007-6674
14HP Integrated Lights-Out 特権昇格8.17.1$5k-$25k$0-$5kUnprovenOfficial Fix0.050390.02CVE-2014-7876
15Joomla CMS File Upload media.php 特権昇格6.36.0$5k-$25k$0-$5kHighOfficial Fix0.784710.04CVE-2013-5576
16PHP strspn Remote Code Execution7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.258250.00CVE-2007-2872
17Dmasoftlab Radius Manager admin.php クロスサイトスクリプティング3.53.5$0-$5k$0-$5kHighUnavailable0.001020.03CVE-2010-4275
18Dcscripts Dcshop HTTP GET Request auth_user_file.txt Password 情報の漏洩5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.007550.02CVE-2001-0821
19Joomla CMS index.php 特権昇格7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.029580.00CVE-2012-1563
20PhotoPost PHP Pro showproduct.php SQLインジェクション9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2004-0250

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.88.67.94Diicot2023年06月16日verified
2XX.XX.XX.XXXXxxxxx2023年06月16日verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/etc/master.passwdpredictive
2File/index.phppredictive
3File/web_cste/cgi-bin/product.inipredictive
4Fileadmin.phppredictive
5Fileadmin/scripts/FileUploader/php.phppredictive
6Fileadministrator/components/com_media/helpers/media.phppredictive
7Filexxx-xxx/xxxxxxx.xxpredictive
8Filexxxxxxx.xxxpredictive
9Filexxxxxx.xxxpredictive
10Filexxxxxx.xxxpredictive
11Filexxxx_xxxxxx.xxxpredictive
12Filexxxxxx-xxxxxxxxxx-xxxxxx.xxxpredictive
13Filexxxxx.xxxpredictive
14Filexxxxxxxxxx/xxxxx.xxpredictive
15Filexxxxx.xxxpredictive
16Filexxxxxxxx.xxxpredictive
17Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictive
18Filexxxxxxx.xxxpredictive
19Filexxxxx.xxxpredictive
20Filexxxx.xxxpredictive
21Filexxxxxxxxxxxxxxxx.xxxpredictive
22Filexxxxxxxxxxx.xxxpredictive
23Filexxxxxx.xxxpredictive
24Libraryxxxxxx_xxx.xxx.xxxpredictive
25Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictive
26Argumentxxxxxxxxpredictive
27Argumentxxxpredictive
28Argumentxxxxxxxpredictive
29Argumentxxxxxxpredictive
30Argumentxxxxxpredictive
31Argumentxxxxxpredictive
32Argumentxxxxpredictive
33Argumentxxxxx[xxxxxx]predictive
34Argumentxxxxx_xxxxx_xxpredictive
35Argumentxxxxxpredictive
36Argumentxxx_xxpredictive
37Argumentxxxxxxpredictive
38Argumentxxxxpredictive
39Argumentxxxxxxxxpredictive
40Argumentxxxxxxx/xxxxxpredictive
41Argumentxxpredictive
42Argumentxxxxxx_xxxxpredictive
43Argumentxxxxxxpredictive
44Input Valuexxxxxx_xxxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!