DoppelDridex 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

言語

en	14
fr	8
it	4
sv	2
de	2

国・地域

de	34
us	2

アクター

DoppelDridex	2
Stealc	1

関心

タイプ

Not Defined	10
Application Server Software	8
Programming Tool Software	2
Operating System	2
Anti-Malware Software	2

ベンダー

Not Defined	4
Orion	4
Oracle	4
Pramati	2
Macromedia	2

製品

Orion Application Server	4
Pramati Server	2
rtf2latex2e	2
Macromedia JRun	2
IBM Rational Collaborative Lifecycle Management	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	計算中	High	Workaround	0.02016	0.00	CVE-2007-1192
2	Drupal File Module Upload クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.68230	0.04	CVE-2019-6341
3	ClamAV HFS+ Partition Scanning メモリ破損	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00290	0.04	CVE-2023-20032
4	HAProxy Header Field 特権昇格	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00207	0.04	CVE-2023-25725
5	Frank Mcingvale luxman Libraries メモリ破損	9.3	8.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00042	0.05	CVE-2005-0385
6	rtf2latex2e reader.c readfonttbl メモリ破損	10.0	10.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02216	0.00	CVE-2004-1293
7	Microsoft Skype Remote Code Execution	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
8	VMware Zimbra Collection Suite Web Application 弱い認証	5.4	4.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00157	0.00	CVE-2013-5119
9	Apple Mac OS X Installer 特権昇格	9.8	9.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00309	0.00	CVE-2013-1027
10	Juniper Junos Express Path サービス拒否	6.8	6.8	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00105	0.00	CVE-2017-10619
11	Orion Application Server Error Page クロスサイトスクリプティング	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00131	0.00	CVE-2005-2981
12	Macromedia JRun web-inf 特権昇格	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00207	0.04	CVE-2002-1855
13	Lars Ellingsen Guestserver guestserver.cgi 特権昇格	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00266	0.07	CVE-2001-0180
14	Oracle Application Server web-inf 特権昇格	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00200	0.00	CVE-2002-1858
15	Pramati Server web-inf 特権昇格	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00199	0.00	CVE-2002-1860
16	Jo Webserver web-inf 特権昇格	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00691	0.00	CVE-2002-1857
17	Orion Application Server web-inf 特権昇格	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00489	0.00	CVE-2002-1859
18	Oracle WebLogic Server WLS Security 特権昇格	9.0	8.9	$25k-$100k	$0-$5k	High	Official Fix	0.97426	0.04	CVE-2017-10271
19	PHP unserialize メモリ破損	7.3	6.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.95481	0.00	CVE-2015-0273
20	Microsoft Edge 特権昇格	6.4	6.1	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00125	0.00	CVE-2019-0764

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	45.90.108.123		DoppelDridex	2021年10月13日	verified	高
2	51.178.61.60		DoppelDridex	2021年10月06日	verified	高
3	XXX.XXX.XX.XX	xxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxxxxxxx	2021年10月06日	verified	高
4	XXX.XX.XXX.XXX	xxxxx.xx	Xxxxxxxxxxxx	2021年10月13日	verified	高
5	XXX.XXX.XX.XX		Xxxxxxxxxxxx	2021年10月13日	verified	高
6	XXX.XXX.X.XXX		Xxxxxxxxxxxx	2021年10月06日	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
7	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	data/gbconfiguration.dat	predictive	高
2	File	full-profile.php	predictive	高
3	File	guestserver.cgi	predictive	高
4	File	xxx/xxxxxx.xxx	predictive	高
5	File	xxx_xxxxx_xxxx.x	predictive	高
6	File	xxxxxx.x	predictive	中
7	File	xxx-xxx	predictive	低
8	Argument	xxxxxxxx	predictive	中
9	Argument	xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxx	predictive	高
10	Argument	xxxxx	predictive	低
11	Argument	xx	predictive	低
12	Argument	xxxx	predictive	低
13	Argument	xx_xxxx_xxxxx	predictive	高
14	Input Value	/../	predictive	低

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!