East Europe Unknown 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (247)

タイムライン

言語

en154
zh60
ru20
pl4
es4

国・地域

cn108
us80
ru40
ca4
jp4

アクター

Curious Gorge5
Cobalt Strike3
BadBazaar2
Sliver2
RedLine Stealer2

アクティビティ

関心

タイムライン

タイプ

Not Defined86
Content Management System16
Operating System14
Web Server10
WordPress Plugin8

ベンダー

Not Defined88
Microsoft16
Apache10
SourceCodester6
Mozilla4

製品

Microsoft Windows10
Postfix6
Microsoft IIS4
Traefik4
PHPMailer4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Ignite Realtime Openfire Administration Console 弱い認証7.87.7$0-$5k$0-$5kHighOfficial Fix0.974090.04CVE-2023-32315
2Esoftpro Online Guestbook Pro ogp_show.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.26CVE-2009-4935
3Joomla CMS com_easyblog SQLインジェクション6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.26
4Apple Mac OS X TCP Timestamp 情報の漏洩5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002430.00CVE-2003-0882
5HP Router/Switch SNMP 情報の漏洩3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002850.03CVE-2012-3268
6Esoftpro Online Guestbook Pro ogp_show.php クロスサイトスクリプティング4.34.2$0-$5k$0-$5kHighUnavailable0.002090.08CVE-2009-2441
7Plesk Obsidian Reflected クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.04CVE-2020-11583
8OpenVPN Access Server Web Portal 弱い暗号化5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001510.05CVE-2022-33738
9Essential Addons for Elementor Plugin 特権昇格8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.084050.00CVE-2023-32243
10Apache Struts ExceptionDelegator 特権昇格8.88.4$5k-$25k$0-$5kHighOfficial Fix0.308380.04CVE-2012-0391
11Schneider Electric Vijeo Designer ディレクトリトラバーサル5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.00CVE-2021-22704
12Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009366.00CVE-2020-15906
13OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.59CVE-2014-2230
14MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013021.06CVE-2007-0354
15Hscripts PHP File Browser Script index.php ディレクトリトラバーサル5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2018-16549
16Matomo safemode.twig Path 情報の漏洩4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2019-12215
17Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.06CVE-2014-4078
18Microsoft Windows Win32k Privilege Escalation8.37.8$25k-$100k$0-$5kHighOfficial Fix0.001030.00CVE-2021-40449
19Sphinx 弱い認証7.47.3$0-$5k$0-$5kNot DefinedWorkaround0.010380.04CVE-2019-14511
20vsftpd deny_file 未知の脆弱性3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.13CVE-2015-1419

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.188.108.119free.dsEast Europe Unknown2022年06月01日verified
245.154.12.167East Europe Unknown2022年06月01日verified
3XX.XXX.XXX.XXXxxx Xxxxxx Xxxxxxx2022年06月01日verified
4XXX.XX.XXX.XXXxxx Xxxxxx Xxxxxxx2022年06月01日verified
5XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxx.xxxXxxx Xxxxxx Xxxxxxx2022年05月11日verified
6XXX.XXX.XX.XXXXxxx Xxxxxx Xxxxxxx2022年06月01日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94, CWE-1321Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
16TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (116)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/api/admin/user/listpredictive
2File/cgi-bin/supervisor/PwdGrp.cgipredictive
3File/classes/Master.phppredictive
4File/classes/Master.php?f=delete_servicepredictive
5File/etc/postfix/sender_loginpredictive
6File/file/upload/1predictive
7File/filemanager/ajax_calls.phppredictive
8File/index.phppredictive
9File/Items/*/RemoteImages/Downloadpredictive
10File/members/view_member.phppredictive
11File/mhds/clinic/view_details.phppredictive
12File/owa/auth/logon.aspxpredictive
13File/rest/api/latest/projectvalidate/keypredictive
14File/restapi/v1/certificates/FFM-SSLInspectpredictive
15File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxpredictive
16File/xxxxxxx/xxxxxxxxx/%xxxxx%/xxxxxpredictive
17File/xxxxxxx/predictive
18File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictive
19File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictive
20Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
21Filexxxxxxx.xxxpredictive
22Filexxxxxxxxx.xxxpredictive
23Filexxxxx.xxxxxxxxx.xxxpredictive
24Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictive
25Filexxxx_xxxxx.xxxpredictive
26Filexxxxxxx.xxxpredictive
27Filexxxxxxx.xxxxpredictive
28Filexxxxxx.xxxpredictive
29Filexxx/xxx.xxxpredictive
30Filexxx-xxx/xxxxx_xxx_xxxpredictive
31Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictive
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
33Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictive
34Filexxxxxxx.xxxpredictive
35Filexxxxx.xxxpredictive
36Filexxx/xxxx/xxxx.xpredictive
37Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictive
38Filexxxxxxxxx.xxx.xxxpredictive
39Filexx_xxx_xx.xpredictive
40Filexxxxx.xxxxpredictive
41Filexxx/xxxxxx.xxxpredictive
42Filexxxxx.xxxpredictive
43Filexxxxxxxx/xx/xxxx.xxpredictive
44Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictive
45Filexxxxxxx.xxxpredictive
46Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictive
47Filexxx/xxxxxpredictive
48Filexxxxx.xpredictive
49Filexxx_xxxx.xxxpredictive
50Filexxxxxxxx.xxxpredictive
51Filexxxxxx.xpredictive
52Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictive
53Filexxxxxxxxx.xxxpredictive
54Filexxxxxxxx.xxxpredictive
55Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
56Filexxxx.xxxpredictive
57Filexxxxxxxxxx.xxxpredictive
58Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
59Filexxxxxx.xxxpredictive
60Filexxxxxxxxxxxxx.xxxxpredictive
61Filexxx_xxxxx.xxxpredictive
62Filexxxx.xxxpredictive
63Filexxxx-xxxxx.xxxpredictive
64Filexxx.xpredictive
65Filexxxxxx-xxxxxx.xxpredictive
66Filexxxxxxxx/predictive
67Library/_xxx_xxx/xxxxx.xxxpredictive
68Libraryxxx.xxxpredictive
69Libraryxxx/xxxxxx.xpredictive
70Argumentxxxxxxxxpredictive
71Argumentxxx_xxpredictive
72Argumentxxx_xxxxpredictive
73Argumentxxxxxxxxxpredictive
74Argumentxxxxxxxxxxxxxxxxpredictive
75Argumentxxxxpredictive
76Argumentxxxxxxxpredictive
77Argumentxxxxxxxxpredictive
78Argumentxxxxxxpredictive
79Argumentxxxxxpredictive
80Argumentxxxxpredictive
81Argumentxxxxxxxxpredictive
82Argumentxx_xxpredictive
83Argumentxxxxpredictive
84Argumentxxpredictive
85Argumentxxxxxxxpredictive
86Argumentxxxxxxxxpredictive
87Argumentxxxxpredictive
88Argumentxxxpredictive
89Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictive
90Argumentxxxxpredictive
91Argumentxxxxxxxpredictive
92Argumentxxxxpredictive
93Argumentxxxxxxxxpredictive
94Argumentxxxxxxxxpredictive
95Argumentxxxxpredictive
96Argumentxxxxxxxxxxxxxpredictive
97Argumentxxx xxxpredictive
98Argumentxxxxxxxpredictive
99Argumentxxpredictive
100Argumentxxxxxxpredictive
101Argumentxxxxxxxxxxxpredictive
102Argumentxxxx_xxxxxpredictive
103Argumentxxxpredictive
104Argumentxxxxxxxxxxxxpredictive
105Argumentxxxpredictive
106Argumentxxxxxx[]predictive
107Argumentxxxpredictive
108Argumentxxxpredictive
109Argumentxxxxpredictive
110Argumentxxxxxxxxpredictive
111Argumentxxxxxpredictive
112Argumentx-xxxxxxxxx-xxxxxxpredictive
113Input Value../predictive
114Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictive
115Input Value\xxx\xxxpredictive
116Network Portxxx/xxx (xxxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!