Drinik 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (313)

タイムライン

言語

en246
pl18
it16
de14
es8

国・地域

us226
es74
pl2
cn2
it2

アクター

Drinik4
Cobalt Strike2
FunnySwitch1
TAG-531
TrickBot1

アクティビティ

関心

タイムライン

タイプ

Not Defined64
Content Management System18
SCADA Software14
Programming Language Software8
Office Suite Software6

ベンダー

Not Defined42
Microsoft16
Siemens14
Tiki4
SourceCodester4

製品

Siemens SPPA-T3000 MS3000 Migration Server14
Microsoft Windows6
Microsoft Office4
MKCMS2
Dreaxteam Xt-News2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.50CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3Tiki Wiki CMS Groupware tiki-edit_wiki_section.php クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001100.00CVE-2010-4240
4Pligg cloud.php SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.27
5Tiki TikiWiki tiki-editpage.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011940.03CVE-2004-1386
6JForum jforum.page 未知の脆弱性4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001730.02CVE-2022-26173
7Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.69CVE-2020-15906
8HP Storage Data Protector メモリ破損10.010.0$25k-$100k$0-$5kHighNot Defined0.521780.06CVE-2014-2623
9AlstraSoft AskMe Pro register.php クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
10Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 メモリ破損6.46.3$5k-$25k$5k-$25kNot DefinedWorkaround0.002750.04CVE-2019-18304
11Siemens SPPA-T3000 MS3000 Migration Server Service Port 7061 メモリ破損6.46.3$5k-$25k$0-$5kNot DefinedWorkaround0.000970.04CVE-2019-18310
12Microsoft Windows OpenType Font Parser メモリ破損7.67.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040460.04CVE-2019-1456
13Microsoft Windows Win32k 情報の漏洩4.94.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.000490.00CVE-2019-1440
14Microsoft Windows GDI 情報の漏洩4.94.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.024810.00CVE-2019-1439
15Expinion.net News Manager Lite comment_add.asp クロスサイトスクリプティング4.33.8$0-$5k$0-$5kUnprovenOfficial Fix0.006070.02CVE-2004-1845
16TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.38CVE-2006-6168
17My Link Trader out.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.13
18Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.24CVE-2007-2046
19WordPress wp-register.php クロスサイトスクリプティング4.34.2$5k-$25k$0-$5kHighUnavailable0.005330.04CVE-2007-5106
20PHPizabi template.class.php assignuser 情報の漏洩4.34.2$0-$5k$0-$5kHighUnavailable0.005070.05CVE-2008-2018

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
178.110.116.8278.110.116.82.asiatech.cloudDrinik2024年04月03日verified
2XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxx2024年04月03日verified
3XXX.X.XXX.XXxxx-x-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxx2024年04月03日verified
4XXX.XX.XXX.XXxxx-xx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxx2024年04月02日verified
5XXX.XX.XXX.XXXxxx-xx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxx2024年04月03日verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (96)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/forum/away.phppredictive
2File/out.phppredictive
3File/php-sms/classes/Master.phppredictive
4Fileadclick.phppredictive
5Fileadd.php/del.phppredictive
6Fileaddentry.phppredictive
7Fileadd_comment.phppredictive
8Fileadmin.phppredictive
9Fileadmin/index.phppredictive
10Fileadmin/scripts/FileUploader/php.phppredictive
11Filecase.filemanager.phppredictive
12Filecashconfirm.phppredictive
13Filechannels/chan_skinny.cpredictive
14Filecloud.phppredictive
15Filexxxxxxxx.xxxpredictive
16Filexxxxxxx_xxx.xxxpredictive
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
18Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictive
19Filexxxx.xxxpredictive
20Filexxxx.xxxpredictive
21Filexxxxxxxxx.xxxpredictive
22Filexxx/xxxxxx.xxxpredictive
23Filexxxxx.xxxxpredictive
24Filexxxxx.xxxpredictive
25Filexxxxxx.xxxxpredictive
26Filexxxx.xxxpredictive
27Filexxxxxxx/xxx.xxxpredictive
28Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictive
29Filexxxxxxxxx.xxxpredictive
30Filexxx_xxxx.xxxpredictive
31Filexxxx.xxxpredictive
32Filexxxxx.xxxpredictive
33Filexxxxxxxx.xxpredictive
34Filexxxxxxxx.xxxpredictive
35Filexxxxxxxxxx.xxxpredictive
36Filexxxxxxxx.xxxpredictive
37Filexxxxxxxx.xxxpredictive
38Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictive
39Filexxxxxx.xxxpredictive
40Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
41Filexxxxxxx-xxxxxxx.xxxpredictive
42Filexxxxxxxx.xxxxx.xxxpredictive
43Filexxxx-xxxxxxxx.xxxpredictive
44Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictive
45Filexxxx-xxxxx.xxxpredictive
46Filexxxx-xxxxxxxx.xxxpredictive
47Filexxxxxxx/xxxxxxxx.xxxpredictive
48Filexxx.xxxpredictive
49Filexxxx/xxxxxxxx.xxxpredictive
50Filexxxxx.xxxpredictive
51Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictive
52Filexx-xxxxxxxx.xxxpredictive
53Libraryxxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxxpredictive
54Libraryxxxxxxxxx.x.x.xxx.xxxpredictive
55Libraryxxxxxxxx.xxxpredictive
56Libraryxxxxxxxx.xxxpredictive
57Argument$xxx_xxxxpredictive
58Argument$xxxxpredictive
59Argumentxx_xxxxx_xxx_xxxxpredictive
60Argumentxxxxxxxxpredictive
61Argumentxxxpredictive
62Argumentxxxxxxxxxxpredictive
63Argumentxxxxxxxxx[x]predictive
64Argumentxxxxxxxpredictive
65Argumentxxxxpredictive
66Argumentxxxxxxxpredictive
67Argumentxxxxxxxpredictive
68Argumentxxxxxpredictive
69Argumentxx_xxxxx_xxpredictive
70Argumentxxxxxxxpredictive
71Argumentxxxx_xxxxxpredictive
72Argumentxxxxpredictive
73Argumentxxxxxxxxpredictive
74Argumentxxpredictive
75Argumentxx_xxxxpredictive
76Argumentxxxxpredictive
77Argumentxxxxxxxpredictive
78Argumentxxxpredictive
79Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
80Argumentxxxxxxpredictive
81Argumentxxpredictive
82Argumentxxxxpredictive
83Argumentxxxxxxxxpredictive
84Argumentxxxx_xxxxpredictive
85Argumentxxxpredictive
86Argumentxxxxxpredictive
87Argumentxxxxxxxxxxxxxxxpredictive
88Argumentxxxpredictive
89Argumentxxxxpredictive
90Argumentxxxxxpredictive
91Argumentxxxpredictive
92Argumentxxxx_xxxxxpredictive
93Argumentxxxx_xxxxxpredictive
94Input Valuexxxxx.xxxpredictive
95Network Portxxx/xxxxpredictive
96Network Portxxx/xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!