Djvu 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (330)

タイムライン

言語

en320
es8
fr2

国・地域

us324
ar2

アクター

Rhadamanthys2
Djvu2
AgentTesla1

アクティビティ

関心

タイムライン

タイプ

Not Defined78
Operating System52
Web Browser20
Firewall Software12
Image Processing Software10

ベンダー

Not Defined72
Microsoft58
Cisco26
Linux24
IBM22

製品

Microsoft Windows26
Linux Kernel24
Microsoft Internet Explorer10
F5 BIG-IP8
ImageMagick8

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Microsoft .NET Framework Code Access Security 弱い暗号化9.89.8$5k-$25k$0-$5kNot DefinedNot Defined0.001630.03CVE-2008-5100
2Microsoft .NET Framework Username Parser 特権昇格8.87.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.964180.15CVE-2011-3416
3Cisco Wireless LAN Controller IPv6 UDP Ingress 特権昇格6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.003560.00CVE-2016-9219
4Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Packet サービス拒否4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.06CVE-2016-9220
5Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Connection Authentication サービス拒否4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000550.02CVE-2016-9221
6Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.10CVE-2017-0055
7Google Chrome Index DB メモリ破損6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002380.00CVE-2022-1853
8Microsoft Windows Malware Protection Service メモリ破損8.87.9$100k 以上$0-$5kProof-of-ConceptOfficial Fix0.945260.00CVE-2017-0290
9PHP unserialize メモリ破損7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.000000.02
10Linux Kernel UDP Packet udp.c 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.048370.03CVE-2016-10229
11WordPress WP_Query class-wp-query.php SQLインジェクション8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
12Mozilla Focus Javascript URI クロスサイトスクリプティング4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.06CVE-2024-1563
13Exim Configuration File 特権昇格8.48.0$0-$5k$0-$5kHighOfficial Fix0.001210.02CVE-2010-4345
14nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.69CVE-2020-12440
15AngularJS merge 特権昇格7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.04CVE-2019-10768
16Icewarp WebMail Server Object Note クロスサイトスクリプティング4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.04CVE-2019-19266
17AXIS IP Camera Access Control 特権昇格8.58.2$0-$5k$0-$5kHighOfficial Fix0.105400.05CVE-2018-10661
18Samsung Galaxy OMACP Message Config 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001150.00CVE-2016-7991
19Apache CXF Fediz Plugins 未知の脆弱性6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001450.00CVE-2017-7661
20Cisco Snort++ Protocol Decoder サービス拒否7.16.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001180.02CVE-2017-6657

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
12.180.10.7Djvu2023年05月30日verified
249.12.115.154static.154.115.12.49.clients.your-server.deDjvu2023年05月30日verified
358.235.189.192Djvu2023年05月30日verified
495.158.162.200Djvu2023年05月30日verified
5116.202.7.239static.239.7.202.116.clients.your-server.deDjvu2023年05月30日verified
6XXX.XXX.XXX.XXXXxxx2023年05月30日verified
7XXX.XXX.XXX.XXXxxx2023年05月30日verified
8XXX.X.XXX.XXXxxxxxxxxxxx-xxx.xxxxxxxx.xxx-xxxxxxx.xxxXxxx2023年05月30日verified
9XXX.XXX.XX.XXXXxxx2023年05月30日verified
10XXX.XXX.XXX.XXxxx2023年05月30日verified
11XXX.XXX.XXX.XXXxxx2023年05月30日verified
12XXX.XXX.XX.XXXxxx2023年05月30日verified
13XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xxXxxx2023年05月30日verified
14XXX.XXX.XX.XXxxx2023年05月30日verified
15XXX.XXX.XXX.XXXxxx-xxxxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxx2023年05月30日verified
16XXX.XXX.XX.Xxxxxx.xxx-xxx-xx.xxxxxxx.xxx.xxXxxx2023年05月30日verified
17XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xxXxxx2023年05月30日verified
18XXX.XXX.XX.XXXxxx2023年05月30日verified
19XXX.XX.XX.XXXXxxx2023年05月30日verified
20XXX.XX.XX.XXXxxx2023年05月30日verified
21XXX.XXX.XX.XXXXxxx2023年05月30日verified
22XXX.XXX.XXX.XXXXxxx2023年05月30日verified

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCWE-XXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
13TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (119)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/kerbynetpredictive
2File/cgi-bin/supervisor/CloudSetup.cgipredictive
3File/domain/addpredictive
4File/etc/sudoerspredictive
5File/index.php/weblinks-categoriespredictive
6File/plainpredictive
7File/show_group_members.phppredictive
8File/uncpath/predictive
9File/web/google_analytics.phppredictive
10Filearchive_endian.hpredictive
11Filebmp.cpredictive
12Filecgi-bin/jc.cgipredictive
13Filechecklogin.phppredictive
14Filexxx.xxxpredictive
15Filexxxxxx/xxx.xpredictive
16Filexxxxxx/xxx.xpredictive
17Filexxxxxx\xxxx.xpredictive
18Filexxxx\xxxxxxxxxxxxxxpredictive
19Filexxxxxxxx_xxxxxxxxx_xxxxx.xxxpredictive
20Filexxxxxxx/xxx/xxx/xxxxxx/xxxxxx_xxxxxxx.xpredictive
21Filexxxxxxx/xxx/xxx-xxxxxxx.xpredictive
22Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictive
23Filexxxxxxx/xxx/xxxxxx.xpredictive
24Filexxxxxxx/xxxxxxxxx/xxxx.xpredictive
25Filexxxxxxx.xxxpredictive
26Filexx_xxxxxxx.xpredictive
27Filexxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictive
28Filexxx.xpredictive
29Filexxxx.xpredictive
30Filexx/xxxxxxxx/xxxx.xpredictive
31Filexx/xxxx/xxxxx.xpredictive
32Filexxxxxx.xxxpredictive
33Filexxxx/.xxxxxxxxxxxxxxxpredictive
34Filexxx/xxx/xxx.xxxpredictive
35Filexxxxx.xxxpredictive
36Filexxxxxxx/xxxxx.xxxpredictive
37Filexxxxxxxxx.xxxpredictive
38Filexxxx.xxxx.xxxxx.xxxxxxx.xxxxxxxpredictive
39Filexxx/xxxxxxxxxxxxxxx.xxxpredictive
40Filexxxxxx/xxxxxx/xxxx.xpredictive
41Filexxxx/xxxx/x_xxxxx.xpredictive
42Filexxxxxxxxxxxxxxxxxx.xxxpredictive
43Filexxxxx-xxxxx/xx-xxxxxx.xpredictive
44Filexxxxxxxx/xxxxxxxx.xpredictive
45Filexxx.xpredictive
46Filexxx/xxx_xxxxxx/xxx_xxxxxx_xxxxxx.xpredictive
47Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictive
48Filexxx/xxxx/xxxx.xpredictive
49Filexxx/xxx/xx_xxx.xpredictive
50Filexxx/xxx/xxxxxxx.xpredictive
51Filexxx/xxxxx/xxx_xxx.xpredictive
52Filexxx/xxxxxx/xxx.xpredictive
53Filexxx/xxxxxxx.xpredictive
54Filexxxxxx_xxx.xpredictive
55Filexxxxxxx/xxxx-xxxxxx.xpredictive
56Filexxxxxxx.xxxpredictive
57Filexxxx.xpredictive
58Filexxx/xxxx.xpredictive
59Filexxxxxxxx.xpredictive
60Filexx_xxxx.xpredictive
61Filexxxxxxxx/xxxxxxxx/xxx.xpredictive
62Filexxxx_xxxxxx.xxpredictive
63Filexxx.xpredictive
64Filexxx.xpredictive
65Filexxxxxxxx/xxxxxxx.xpredictive
66Filexxx.xpredictive
67Filexxxxxx.xxxpredictive
68Filexxxxxxxxx.xxxxxpredictive
69Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
70Filexxx_xxxx.xxxpredictive
71Filexxxx/xxxx_xxxxxxxxx.xpredictive
72Filexxxx/xxxx_xxxxxx.xpredictive
73Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxpredictive
74Library/xxx/xxx/xxxx/predictive
75Libraryxxxxxxxxxxxx_xxx.xxxpredictive
76Libraryxxxxxxxx.xxxpredictive
77Libraryxxxxxx.xxxpredictive
78Libraryxxx/xxx_xxxx_xxxxxx.xpredictive
79Libraryxxxxxx.xxxpredictive
80Libraryxxxxxxxx.xxxpredictive
81Libraryxx_xxxx.x/xxx_xxxx.x/xx_xxx.xpredictive
82Libraryxxxxx.xxxpredictive
83Libraryxxxxxx.xxxpredictive
84Argumentxxxxxxxxxxxxxxxpredictive
85Argumentxxxpredictive
86Argumentxxxxx_xxpredictive
87Argumentxxxxxxxxxxpredictive
88Argumentxxxpredictive
89Argumentxxxxxxpredictive
90Argumentxxxxxxxpredictive
91Argumentxxxpredictive
92Argumentxxxxpredictive
93Argumentxxpredictive
94Argumentxxxxxxxpredictive
95Argumentxxxxxxx xxxxpredictive
96Argumentxxxx_xxxxpredictive
97Argumentxxxxpredictive
98Argumentxxxxxxpredictive
99Argumentxxxxxxxxpredictive
100Argumentxxxxxxxxpredictive
101Argumentxxxxxxxxpredictive
102Argumentxxxxxxpredictive
103Argumentxxxxxxxxxxxxxxxpredictive
104Argumentxxpredictive
105Argumentxxxxxxxxxpredictive
106Argumentxxxxxxxxpredictive
107Argumentxxxxxxxxpredictive
108Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictive
109Input Value' xx 'x'='xpredictive
110Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictive
111Input Valuexxxxxxpredictive
112Input Value<xxxxxx>xxxxx(xxxxxxxx. xxxxxx)</xxxxxx>predictive
113Input Valuexxpredictive
114Pattern|xx|xx|xx|predictive
115Network Portxxx/xx (xxxxxx)predictive
116Network Portxxx/xx (xxx xxxxxxxx)predictive
117Network Portxxxpredictive
118Network Portxxx/xxx (xxx)predictive
119Network Portxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!