Ducktail 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

言語

de	6
en	4
pl	2
sv	2

国・地域

us	8
de	6

アクター

Ducktail	2

関心

タイプ

Not Defined	6
Web Browser	2
WordPress Plugin	2
Office Suite Software	2
Forum Software	2

ベンダー

Not Defined	4
Softbiz	2
Microsoft	2
BestWebSoft	2
Kingsoft	2

製品

Softbiz FAQ Script	2
Microsoft Edge	2
MyCMS	2
nemo-appium	2
BestWebSoft Contact Form Plugin	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	ASP-DEv XM Forum register.asp SQLインジェクション	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
2	h2oai h2o-3 POJO Model Import 特権昇格	9.9	9.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00386	0.00	CVE-2023-6016
3	Microsoft Edge 未知の脆弱性	4.3	4.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00063	0.00	CVE-2023-36026
4	Mercedes me App Booking Maintenance Order 情報の漏洩	4.8	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00046	0.04	CVE-2023-47393
5	BestWebSoft Contact Form Plugin bws_menu.php bws_add_menu_render クロスサイトスクリプティング	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00081	0.28	CVE-2014-125095
6	nemo-appium module.exports.setup 特権昇格	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00162	0.00	CVE-2022-21129
7	ubi-reader UBIFS File ubireader_extract_files ディレクトリトラバーサル	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00066	0.05	CVE-2023-0591
8	MyCMS Visitors Module view.php build_view クロスサイトスクリプティング	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00079	0.05	CVE-2022-4892
9	Kingsoft WPS Office Registry wpsupdater.exe 特権昇格	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00924	0.00	CVE-2022-24934
10	Gallery add_comment.php クロスサイトスクリプティング	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00414	0.04	CVE-2005-0219
11	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	計算中	High	Workaround	0.02016	0.00	CVE-2007-1192
12	Softbiz FAQ Script add_comment.php SQLインジェクション	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01302	0.00	CVE-2005-3938
13	Wheatblog add_comment.php クロスサイトスクリプティング	5.4	5.2	$0-$5k	$0-$5k	High	Unavailable	0.00677	0.00	CVE-2006-5921

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	23.88.71.29	static.29.71.88.23.clients.your-server.de	Ducktail		2024年01月08日	verified	高
2	XXX.XXX.X.XXX	xxxxxx.xxx.x.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxxx		2024年01月08日	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	add_comment.php	predictive	高
2	File	bws_menu/bws_menu.php	predictive	高
3	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
4	File	xxx/xxxxx/xxxx.xxx	predictive	高
5	File	xxxxxxxx.xxx	predictive	中
6	File	xxxxxxxxxx.xxx	predictive	高
7	Argument	xxxxx_xxxx_xxxxx	predictive	高
8	Argument	xx	predictive	低
9	Argument	xxxxxxxx/xxxxxxxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!