Domestic Kitten 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

en852
zh64
ar16
ru14
fr12

国・地域

nl876
ir54
us38
cn24
ca2

アクター

Domestic Kitten8
RedLine Stealer6
Dorkbot4
Mylobot3
Ursnif2

アクティビティ

関心

タイムライン

タイプ

Not Defined220
Operating System132
Content Management System52
Firewall Software42
WordPress Plugin32

ベンダー

Not Defined236
Microsoft140
Cisco32
Linux30
Google28

製品

Microsoft Windows92
Linux Kernel30
WordPress18
Google Android18
F5 BIG-IP18

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.29CVE-2020-12440
2Huawei ACXXXX/SXXXX SSH Packet 特権昇格7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.00CVE-2014-8572
3Microsoft Windows WPAD 特権昇格8.07.9$25k-$100k$0-$5kHighOfficial Fix0.909620.03CVE-2016-3213
4Apache HTTP Server mod_rewrite Redirect6.76.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002580.29CVE-2020-1927
5Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.040800.00CVE-2021-34530
6Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.03CVE-2021-34487
7Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.00CVE-2017-0055
8Cisco Secure Email and Web Manager Web-based Management Interface 弱い認証9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003630.04CVE-2022-20798
9nginx Log File 特権昇格7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000920.05CVE-2016-1247
10Undertow HTTP Request 1.x 特権昇格5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000900.04CVE-2021-20220
11Microsoft .NET Core/Visual Studio サービス拒否6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.001920.09CVE-2021-26423
12Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k 以上$5k-$25kUnprovenOfficial Fix0.021830.04CVE-2021-26424
13Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k 以上$5k-$25kUnprovenOfficial Fix0.000680.04CVE-2021-26425
14Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k 以上$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34537
15Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.007360.00CVE-2021-34524
16Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.04CVE-2021-34536
17Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.040800.03CVE-2021-34533
18Microsoft Windows Services for NFS ONCRPC XDR Driver 情報の漏洩6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.013260.03CVE-2021-36926
19Microsoft ASP.NET Core/Visual Studio 情報の漏洩4.94.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000430.00CVE-2021-34532
20Microsoft Windows Services for NFS ONCRPC XDR Driver 情報の漏洩6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.013260.00CVE-2021-36933

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
146.4.143.130dns.belogy.deDomestic Kitten2022年03月04日verified
262.112.8.37customer.worldstream.nlDomestic Kitten2022年03月04日verified
362.112.8.174customer.worldstream.nlDomestic Kitten2022年03月04日verified
489.38.98.4989-38-98-49.hosted-by-worldstream.netDomestic Kitten2022年02月12日verified
5XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxxxxx Xxxxxx2022年03月04日verified
6XXX.XXX.XXX.XXXXxxxxxxx Xxxxxx2022年02月12日verified
7XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxxxxx Xxxxxx2022年03月04日verified
8XXX.XXX.XXX.XXXXxxxxxxx Xxxxxx2022年03月04日verified
9XXX.XXX.XXX.XXXXxxxxxxx Xxxxxx2022年03月04日verified
10XXX.XX.XX.XXXxxxxxxx Xxxxxx2022年03月04日verified
11XXX.XX.XX.XXXxxxxxxx Xxxxxx2022年03月04日verified
12XXX.XX.XX.XXXxxxxxxx Xxxxxx2022年03月04日verified
13XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxx Xxxxxx2022年02月12日verified
14XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxx Xxxxxx2022年02月12日verified
15XXX.XXX.XXX.XXXxxxxxxx Xxxxxx2022年03月04日verified
16XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx Xxxxxx2022年03月04日verified
17XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxx Xxxxxx2022年03月04日verified

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-137CWE-88, CWE-94Argument Injectionpredictive
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXX.XXXCAPEC-CWE-XXXXxx-xxx Xxxx Xxxxxxx Xxxxpredictive
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
12TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCAPEC-459CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
19TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
20TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
22TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (231)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.travis.ymlpredictive
2File/.envpredictive
3File/admin.phppredictive
4File/admin/subnets/ripe-query.phppredictive
5File/appliance/users?action=editpredictive
6File/apply.cgipredictive
7File/cgi-bin/nas_sharing.cgipredictive
8File/core/conditions/AbstractWrapper.javapredictive
9File/debug/pprofpredictive
10File/exportpredictive
11File/file?action=download&filepredictive
12File/hardwarepredictive
13File/hub/api/userpredictive
14File/librarian/bookdetails.phppredictive
15File/medical/inventories.phppredictive
16File/monitoringpredictive
17File/opt/zimbra/jetty/webapps/zimbra/publicpredictive
18File/plugin/LiveChat/getChat.json.phppredictive
19File/plugins/servlet/audit/resourcepredictive
20File/plugins/servlet/project-config/PROJECT/rolespredictive
21File/replicationpredictive
22File/RestAPIpredictive
23File/tmp/zarafa-vacation-*predictive
24File/uncpath/predictive
25File/uploadpredictive
26File/user/loader.php?api=1predictive
27File/xxx/xxx/xxxxxpredictive
28File/xxx/xxx/xxxxxxxx.xxxpredictive
29File/xxxxxx/xxxxxx.xxxxpredictive
30File/xxx-xxx/xxx.xxxpredictive
31File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictive
32Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
33Filexxxxxxx.xxxpredictive
34Filexxxxxx.xxpredictive
35Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictive
36Filexxxxxxx.xxxpredictive
37Filexxxxxxx.xxxpredictive
38Filexxx/xxx/xxxx-xxxpredictive
39Filexxxxxxxxxxxxxxxxxx-xxxxxx-xxxxxxxx.xxxpredictive
40Filexxxxx.xxxpredictive
41Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
42Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictive
43Filexxxx-xxxx.xpredictive
44Filexxxx/xxxxxxx.xxxpredictive
45Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictive
46Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictive
47Filexxx-xxx/xx.xxxpredictive
48Filexxx/xxxxxxx.xxpredictive
49Filexxxxx.xxxpredictive
50Filexxxxxx.xxxpredictive
51Filexxx_xxxxxx.xxxpredictive
52Filexxx.xxxpredictive
53Filexxxxxx.xxxpredictive
54Filexxxxxxxx.xxpredictive
55Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictive
56Filex_xxxxxxpredictive
57Filexxxxxxx.xxxpredictive
58Filexxxxxxx/xxxxx/xxxxxx.xpredictive
59Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictive
60Filexxxx_xxxxx.xxxpredictive
61Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictive
62Filexxxxxxxx.xpredictive
63Filexx/xxxxxxxxx.xpredictive
64Filexx/xxxxx.xpredictive
65Filexx/xxxxx/xxxxxxx.xpredictive
66Filexxxxx.xxxpredictive
67Filexxxxxxx/xxxx/xx/xx/xxxxxx.xxxpredictive
68Filexxxxxxxxxx.xxpredictive
69Filexxxxxxxxx.xxxpredictive
70Filexxxx/x.xpredictive
71Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
72Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictive
73Filexxxxx-xxxxx.xpredictive
74Filexxxxxx_xxxxx_xxxxxxx.xpredictive
75Filexxxxx-xxxxxxxxxx.xpredictive
76Filexxx/xxxxxx.xxxpredictive
77Filexxxxx.xxxpredictive
78Filexxxxx.xxx?xx=xxxxxxxx.xxxxxxpredictive
79Filexxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxxpredictive
80Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictive
81Filexxxx_xxxxxx.xxpredictive
82Filexxxxxx/xxx/xxxxxxxx.xpredictive
83Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xpredictive
84Filexxxxxxxxxxx/xxx.xpredictive
85Filexxxxxxx/xx_xxx.xpredictive
86Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictive
87Filexxxx.xxxpredictive
88Filexxxxx.xxxpredictive
89Filexxxxx.xxxpredictive
90Filexxxxxxxxxx/xxx.xpredictive
91Filexxxx.xpredictive
92Filexxxx.xxxpredictive
93Filexxxxxx_xxxxx_xxxxxxx.xpredictive
94Filexxxxxxxxxxxxxxxx.xpredictive
95Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictive
96Filexxx/xxxxxxxxx/x_xxxxxx.xpredictive
97Filexxx/xxx_xxxxx/xx_xxxxx.xpredictive
98Filexxxx.xxxpredictive
99Filexxx_xxxxxxx.xpredictive
100Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
101Filexxx_xx.xpredictive
102Filexxxxxxxxxxxxxxxxx.xxxpredictive
103Filexxxxxxxxpredictive
104Filexxxxxxxxx.xxx.xxxpredictive
105Filexxxxxxx.xxxpredictive
106Filexxxxxxxx.xxxxpredictive
107Filexxxxxxxxxxxxx.xxxxpredictive
108Filexxxxxx.xpredictive
109Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
110Filexxxxxxxxxxxxxx.xxxpredictive
111Filexxxxxxxx.xxxpredictive
112Filexxxxxxx.xxxpredictive
113Filexxxxxxxx.xxxpredictive
114Filexxxxx-xxxx/xxxxx-xxxxx-xxxx.xxxpredictive
115Filexxxxxxx.xpredictive
116Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
117Filexxxx_xxx_xx.xpredictive
118Filexx_xxx.xpredictive
119Filexxxxxx.xpredictive
120Filexxxxx.xxxpredictive
121Filexxxx-xxxxxx.xpredictive
122Filexxxxxxx.xpredictive
123Filexxx/xxx_xxxxx.xpredictive
124Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
125Filexxxxxxxxxxxxx.xxpredictive
126Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictive
127Filexxxxxx/xxxxxxxx/xxx/xxxxxxxxx.xxxxxxx.xxxpredictive
128Filexxxx.xxxxxxxxx.xxxpredictive
129Filexxxx_xxxx.xxxpredictive
130Filexxxxxx.xxxpredictive
131Filexxx.xxxpredictive
132Filexxxxxx/xx/xxxx.xxxpredictive
133Filexx-xxxxxx.xxxpredictive
134Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
135Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictive
136Filexx-xxxxxxxx/xxxx.xxxpredictive
137Filexx/xx/xxxxxpredictive
138Filexx_xxxxxxx.xpredictive
139File_xxxxxxxx/xxxxxxxx.xxxpredictive
140File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictive
141File~/xxxxx.xxxpredictive
142Library/_xxx_xxx/xxxxx.xxxpredictive
143Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictive
144Libraryxxxxx.xxxpredictive
145Libraryxxxx.xxxpredictive
146Libraryxxxxxxxxxx/xxxxxxxx.xpredictive
147Libraryxxxxxxxx.xxxpredictive
148Libraryxxxxxxxxx.xxxpredictive
149Libraryxxxxxxxx.xxxpredictive
150Libraryxxxxxx.xxx.xxx.xxxpredictive
151Libraryxxxxxxxx.xxxpredictive
152Libraryxxxxxxxx.xxxpredictive
153Argument-xpredictive
154Argumentxxxxxx_xxxxpredictive
155Argumentxxxxxxxxpredictive
156Argumentxxxpredictive
157Argumentxxxxxpredictive
158Argumentxxx_xxpredictive
159Argumentxxxxxxxxpredictive
160Argumentxxxxxxpredictive
161Argumentxxxxxxxpredictive
162Argumentxxxxxxx xxxxpredictive
163Argumentxxxxxxxxxxpredictive
164Argumentxxxxxxxpredictive
165Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictive
166Argumentxxxxxx_xxxxpredictive
167Argumentxxxxpredictive
168Argumentxxpredictive
169Argumentxxpredictive
170Argumentxxxxxxxxxxxxxxpredictive
171Argumentxxxxxxxpredictive
172Argumentxxxxx[xxxxx][xx]predictive
173Argumentxxxxpredictive
174Argumentxxxx_xxxxxx_xxxxpredictive
175Argumentxxxx x xxxxpredictive
176Argumentxxxxxxxxx/xxxxxxxxxpredictive
177Argumentxxxxxxxxxxxxxxxxxxxxpredictive
178Argumentxxxx_xxxpredictive
179Argumentxxpredictive
180Argumentxxxxxxx/xxxx/xxxxxxxxpredictive
181Argumentxxxxx/xxxxxxpredictive
182Argumentxxxxpredictive
183Argumentxxxxxxxxpredictive
184Argumentxxxxxxxxpredictive
185Argumentxxxxxxxxpredictive
186Argumentxxxxxxxxxpredictive
187Argumentxxx_xxxpredictive
188Argumentxxxxxxpredictive
189Argumentxxxx_xx_xxxpredictive
190Argumentxx_xxxxxxx_xxxxxxxpredictive
191Argumentxxxxxxxxxxxxxpredictive
192Argumentxxxxxpredictive
193Argumentxxxxxxx_xxxpredictive
194Argumentxxxxpredictive
195Argumentxxxxxxxpredictive
196Argumentxxxxxxpredictive
197Argumentxxxxxxxx_xxxxxpredictive
198Argumentxxxxxxxxxxxxpredictive
199Argumentxxxxxxpredictive
200Argumentxxxxxpredictive
201Argumentxxxxxxxxxxxxxpredictive
202Argumentxxxpredictive
203Argumentxxxxxxpredictive
204Argumentxxxpredictive
205Argumentxxxxxxxx-xxxxxxxxpredictive
206Argumentxxxpredictive
207Argumentxxxxpredictive
208Argumentxxxxpredictive
209Argumentxxxxxxxxpredictive
210Argumentxxxxxxxpredictive
211Argumentxxxx->xxxxxxxpredictive
212Argumentx-xxxxxxxxx-xxxpredictive
213Argumentxxxpredictive
214Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictive
215Argument_xxx_xxxxxxxxxxx_predictive
216Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
217Input Value.%xx.../.%xx.../predictive
218Input Value../predictive
219Input Valuexxx xxxxxxxxpredictive
220Input Valuexxxxxxxxpredictive
221Input Valuexxxxxxxxx' xxx 'x'='xpredictive
222Input Valuexxxxxpredictive
223Input Valuexxxxxxxxxxpredictive
224Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictive
225Input Value\xpredictive
226Input Value….//predictive
227Pattern|xx|predictive
228Network Portxxxxxpredictive
229Network Portxx xxxxxxx xxx.xx.xx.xxpredictive
230Network Portxxx/xx (xxxxxx)predictive
231Network Portxxx xxxxxx xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!