eCh0raix 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (278)

タイムライン

言語

en236
ru38
sv2
de2

国・地域

sc182
us24
pl20
ru16
li10

アクター

eCh0raix2
Cobalt Strike2
Raccoon2
Mirai2
QNAPCrypt2

アクティビティ

関心

タイムライン

タイプ

Not Defined94
Firewall Software16
Content Management System16
Bug Tracking Software10
Database Administration Software10

ベンダー

Not Defined92
Microsoft12
Siemens8
F58
Google8

製品

phpMyAdmin10
F5 BIG-IP8
Cisco ASA6
GitLab Community Edition6
GitLab Enterprise Edition6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1spring-boot-actuator-logview LogViewEndpoint.view ディレクトリトラバーサル5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000520.04CVE-2023-29986
2Apache HTTP Server 特権昇格5.35.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.06CVE-2023-38709
3phpMyAdmin PMA_safeUnserialize 特権昇格9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004330.00CVE-2016-9865
4nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.22CVE-2020-12440
5phpMyAdmin クロスサイトスクリプティング3.53.4$0-$5k$0-$5kHighOfficial Fix0.003480.00CVE-2014-8958
6Jetty URI 特権昇格5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.489170.00CVE-2021-34429
7Alt-N MDaemon Worldclient 特権昇格4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.07CVE-2021-27182
8phpMyAdmin ArbitraryServerRegexp Reuse 特権昇格9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003660.00CVE-2016-6629
9phpMyAdmin Unserialization unserialize 特権昇格9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.009650.00CVE-2016-6620
10phpMyAdmin Central Column Query central_columns.lib.php SQLインジェクション9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003220.00CVE-2016-5703
11phpMyAdmin Git Information GitRevision.php Remote Code Execution9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001900.03CVE-2019-19617
12phpMyAdmin Redirect 特権昇格4.34.1$5k-$25k$0-$5kHighOfficial Fix0.002470.02CVE-2014-9219
13phpMyAdmin import.php クロスサイトスクリプティング4.34.1$5k-$25k$0-$5kHighOfficial Fix0.001500.00CVE-2014-1879
14portable SDK for UPnP unique_service_name メモリ破損10.09.5$0-$5k$0-$5kHighOfficial Fix0.974140.05CVE-2012-5958
15ApolloTheme AP PageBuilder クロスサイトスクリプティング4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.04CVE-2022-44897
16InfluxDB JWT Token handler.go 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.042370.00CVE-2019-20933
17Seltmann Content Management System index.php SQLインジェクション7.67.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001390.04CVE-2022-47740
18CKFinder File Name 特権昇格7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.04CVE-2019-15862
19Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
20Asus RT-AC2900 特権昇格8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.085970.02CVE-2018-8826

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
12.37.149.230net-2-37-149-230.cust.vodafonedsl.iteCh0raix2022年08月10日verified
264.42.152.46bern-wstd-gw.wireless.nmia.comeCh0raix2022年08月10日verified
3XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xx.xxx.xx.xxxXxxxxxxx2022年08月10日verified
4XXX.XX.XXX.XXXxxxxxxx2022年08月10日verified
5XXX.XXX.XX.XXXxxxxxxx2022年08月10日verified
6XXX.XX.XX.XXxxxxxxxx.xxxxxxx.xxx.xxxxx-xxx.xx.xxXxxxxxxx2022年08月10日verified
7XXX.XX.XX.XXxx.xx.xx.xxx.xx.xxx.xxXxxxxxxx2022年08月10日verified
8XXX.XXX.XXX.XXXxx-xxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2022年08月10日verified
9XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxx2022年06月22日verified
10XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx2019年07月17日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-23Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXXCAPEC-55CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictive
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (80)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/sysmon.phppredictive
2File/api/content/posts/commentspredictive
3File/debug/pprofpredictive
4File/Home/GetAttachmentpredictive
5File/index.phppredictive
6File/modules/projects/vw_files.phppredictive
7File/opt/teradata/gsctools/bin/t2a.plpredictive
8File/webman/info.cgipredictive
9Fileaccount/gallery.phppredictive
10Filexxxxxx.xxxpredictive
11Filexxxxx/xxxxxx.xxxpredictive
12Filexxx-xxx/xxxx_xxx.xxxpredictive
13Filexxxxxx.xpredictive
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
15Filexxxx/xxxxpredictive
16Filexxxxxx_xxx.xpredictive
17Filexxxxxxxxxxxxxx.xxpredictive
18Filexxx_xxx.xxxpredictive
19Filexxx.xxxxxpredictive
20Filexx/xxxxxxx/xxx.xpredictive
21Filexxxxxx.xxxpredictive
22Filexxx/xxxxxx.xxxpredictive
23Filexxx/xx/xxxx/xxxx.xxxxx.xxxpredictive
24Filexxxxx.xxxpredictive
25Filexxxxxx.xpredictive
26Filexxxxxxxx.xxxpredictive
27Filexxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictive
28Filexxxxxxxxxxxx/xxx.xpredictive
29Filexxx_xxxxxxxxx.xpredictive
30Filexxxxxxx.xxxpredictive
31Filexxx_xxxxx_xxxx.xpredictive
32Filexxxxxxx/xxxxpredictive
33Filexxx/xxxxx.xxxxpredictive
34Filexxxxxxx.xxxpredictive
35Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
36Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
37Filexxxxxxx.xxxpredictive
38Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictive
39Filexxx_xxxxx_xxxxxxxxx.xpredictive
40Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictive
41Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictive
42Filexxxxx.xxxpredictive
43Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
44Filexxxxxxxxxxxxxxx.xxxpredictive
45Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxpredictive
46Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictive
47Filexxxx.xxxpredictive
48Filexxx xxxx xxxxxxxpredictive
49Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
50Filexxxx.xxpredictive
51Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictive
52Libraryxxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxxpredictive
53Argument-xpredictive
54Argumentxxxxxxxxxxxxxxpredictive
55Argumentxxxxxxxxpredictive
56Argumentxxx_xxpredictive
57Argumentxxxxpredictive
58Argumentxxxxxpredictive
59Argumentxxxxxx/xxxxxxxpredictive
60Argumentxxxxxxxx[xxxx_xxx]predictive
61Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictive
62Argumentxxxx/xxxxxx/xxxpredictive
63Argumentxxpredictive
64Argumentxxxxxxxxpredictive
65Argumentxxxxxxxxxxpredictive
66Argumentxxxx_xxx_xxxxxxxx_xxxpredictive
67Argumentxxxxxxxpredictive
68Argumentxxxxx/xxxxxxxxpredictive
69Argumentxxxxxpredictive
70Argumentxxxx_xxxxxxpredictive
71Argumentxx_xxx_xxxxxpredictive
72Argumentxxxxxxxxxxxxxxxxpredictive
73Argumentxxxpredictive
74Argumentxxxxxxxxpredictive
75Argumentxxxxxxxxpredictive
76Input Value../predictive
77Input Value\xpredictive
78Network Portxxx/xxpredictive
79Network Portxxx/xxxpredictive
80Network Portxxx/xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!