EagerBee 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (43)

タイムライン

言語

en40
fr2
de2

国・地域

us20
me8
ru6
gb4
it2

アクター

EagerBee2
PsiXBot1
TA5051
TrickBot1
Mirai1

アクティビティ

関心

タイムライン

タイプ

Not Defined18
Programming Language Software8
Content Management System4
Operating System2
Continuous Integration Software2

ベンダー

Not Defined18
Microsoft4
MikroTik2
Modernmethod2
Hikvision2

製品

PHP6
protobuf-python2
protobuf-cpp2
Miraserver2
Microsoft Windows2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.17CVE-2010-0966
2Thomson Cable Modem RgSecurity.asp サービス拒否7.36.8$0-$5k$0-$5kFunctionalOfficial Fix0.053980.00CVE-2005-0494
3MobileIron Core/Connector 弱い認証8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.009870.04CVE-2020-15506
4Apple iOS Image サービス拒否6.56.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002060.00CVE-2022-42795
5Mikrotik RouterOS Hotspot Process 情報の漏洩7.67.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001120.04CVE-2022-45313
6MikroTik RouterOS Hotspot Login Page クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000740.00CVE-2021-3014
7Alt-N MDaemon Worldclient 特権昇格4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.07CVE-2021-27182
8protobuf-python/protobuf-cpp ProtocolBuffers サービス拒否5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002080.00CVE-2022-1941
9protobuf-java core/protobuf-java lite Garbage Collection サービス拒否5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2022-3171
10protobuf-java core/protobuf-java lite Message-Type Extension サービス拒否6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000750.03CVE-2022-3510
11Apache HTTP Server mod_ssl 特権昇格7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.002670.15CVE-2019-0215
12Calendar Event Management System SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001260.06CVE-2023-0675
13SourceCodester Sanitization Management System Banner Image クロスサイトスクリプティング3.63.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000700.00CVE-2022-3992
14Windriver VxWorks 特権昇格6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.002010.00CVE-2013-0712
15SourceCodester Sanitization Management System SQLインジェクション6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001800.00CVE-2022-3868
16SourceCodester Human Resource Management System Profile Photo 特権昇格7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001140.07CVE-2022-3492
17Microsoft Windows PowerShell Integrated Scripting Environment 特権昇格5.35.0$25k-$100k$0-$5kProof-of-ConceptUnavailable0.000000.00
18PHP FILTER_VALIDATE_FLOAT メモリ破損7.77.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003320.09CVE-2021-21708
19PHP collator_sort.c sortWithSortKeys メモリ破損8.68.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002840.02CVE-2015-8616
20PHP Format Printer メモリ破損8.58.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.003730.03CVE-2015-8880

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1185.82.217.164vds-671556.hosted-by-itldc.comEagerBee2023年10月29日verified
2XXX.XXX.XXX.XXxxx-xxxxxx.xxxxxx-xx-xxxxx.xxxXxxxxxxx2023年10月29日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/php-sms/classes/Master.php?f=save_quotepredictive
2Fileadd_comment.phppredictive
3Fileadmin/?page=system_infopredictive
4Filexxxxx.xxxxxxxxx_xxxx.xxxpredictive
5Filexxx/xxxx/xxxxxxxx/xxxxxxxx_xxxx.xpredictive
6Filexxxxxxx.xxxpredictive
7Filexxxxx.xxxpredictive
8Filexxx/xxxxxx.xxxpredictive
9Filexxxxxxxx.xxxpredictive
10Filexxxxxxxxxx.xxxpredictive
11Filexxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
12Argumentxxxxxxxxpredictive
13Argumentxxpredictive
14Argumentxx_xxxxpredictive
15Argumentxxxxxxxxxpredictive
16Argumentxxxxxx_xxxxpredictive
17Argumentxxxxx/xxxpredictive
18Argumentxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!