Elephant 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (450)

タイムライン

言語

en426
ru10
sv4
fr4
pt2

国・地域

us58
tr48
ru16
gb12
cn8

アクター

Elephant3
Raccoon2
RedLine Stealer2
Cobalt Strike2
Pawn Storm1

アクティビティ

関心

タイムライン

タイプ

Not Defined164
Chip Software26
Bug Tracking Software22
Operating System20
Document Reader Software18

ベンダー

Not Defined118
Oracle98
Qualcomm24
Foxit22
GitLab20

製品

Qualcomm Snapdragon Mobile24
GitLab Enterprise Edition20
Tracker Software PDF-XChange Editor16
Foxit PDF Reader16
Qualcomm Snapdragon Auto16

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd 特権昇格4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002050.00CVE-2022-41479
2TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010755.60CVE-2006-6168
3Redis メモリ破損7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007500.03CVE-2023-41056
4Zabbix SAML 弱い認証8.28.2$0-$5k$0-$5kHighNot Defined0.971740.05CVE-2022-23131
5janobe Online Ordering System 特権昇格6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.001250.00CVE-2022-36580
6Google Android PowerVR GPU Kernel Driver メモリ破損5.45.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000430.03CVE-2022-20235
7WordPress Pingback 特権昇格5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.05CVE-2022-3590
8Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.29CVE-2014-4078
9Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation7.77.3$5k-$25k$0-$5kHighOfficial Fix0.110630.04CVE-2022-41082
10nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.05CVE-2020-12440
11Django Admin Interface debug.py クロスサイトスクリプティング6.15.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003700.05CVE-2016-6186
12Communigate Pro WebMail Stored クロスサイトスクリプティング5.25.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000780.03CVE-2017-16962
13Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.42CVE-2020-15906
14OceanWP Plugin 特権昇格5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04CVE-2023-23700
15Sonatype Nexus Repository Manager OSS Admin Panel 特権昇格6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000440.04CVE-2022-31289
16Ivanti Connect Secure/Policy Secure SAML 特権昇格7.97.8$0-$5k$0-$5kHighOfficial Fix0.963010.00CVE-2024-21893
17Google Chrome V8 メモリ破損7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000800.04CVE-2024-0517
18Zabbix 特権昇格6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001340.04CVE-2023-32728
19Microsoft IIS FTP Server メモリ破損7.57.2$25k-$100k$0-$5kHighOfficial Fix0.968430.00CVE-2010-3972
20Nagios XI POST Request banner_message-ajaxhelper.php SQLインジェクション6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000850.03CVE-2023-40931

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.84.0.116vm1904340.stark-industries.solutionsElephant2024年02月12日verified
2XX.XX.XX.XXXXxxxxxxx2024年02月12日verified
3XX.XXX.XXX.XXXXxxxxxxx2024年02月12日verified
4XX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx2024年02月12日verified
5XXX.XX.XX.XXXXxxxxxxx2024年02月12日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (126)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/edit_user.phppredictive
2File/admin/products/controller.php?action=addpredictive
3File/admin/question/editpredictive
4File/api/predictive
5File/bifs/field_decode.cpredictive
6File/bin/proc.cgipredictive
7File/bitrix/admin/ldap_server_edit.phppredictive
8File/cgi-bin/system_mgr.cgipredictive
9File/Core/Ap4File.cpppredictive
10File/csms/?page=contact_uspredictive
11File/debug/pprofpredictive
12File/DXR.axdpredictive
13File/index.phppredictive
14File/index.php?route=extension/module/so_filter_shop_by/filter_datapredictive
15File/isomedia/box_funcs.cpredictive
16File/xxxxxxxx/xxxx.xpredictive
17File/xxxxxxxx/xxxxx/xxxxxx_xxxxxxx-xxxxxxxxxx.xxxpredictive
18File/xxx_xxxxxx/xxxxxxxxxxxxxxxx.xxxpredictive
19File/xxxxx_xxxxxx/xxxxxx_xxxx.xxxpredictive
20File/xxxxx_xxxxxxx/xxxxx_xxxx.xpredictive
21File/xxxxxpredictive
22File/xxxx_xxxxxxxxxx/xxxxxxx.xxxpredictive
23File/xxx/xxx/xxxxxxpredictive
24File/xx-xxxxx/xxxxxxx.xxxpredictive
25File/_xxxxpredictive
26Filexxxxxxxxxx/xxx/xxxxxx_xxxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxxx/_xxxxx.xxxx.xxxpredictive
27Filexxxxx/xxxxxx/xxxxxxx.xxxpredictive
28Filexxxxx/xxxxx-xxxx.xxxpredictive
29Filexxxxxxx/xxxxxxxxxx.xxx&xx=xxxxxxx&xxxxpredictive
30Filexxxx_xxxxx.xxxpredictive
31Filexxxxxxxxxxx.xxxpredictive
32Filexxxxxxxxxxxxxxxxxxx.xxxpredictive
33Filexxxxxxxxxx.xxxpredictive
34Filexxxxxxx.xxxpredictive
35Filexxxxxxxxxx\xxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
36Filexxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictive
37Filexxxxxxx/xxx/xxx/xxxxx.xpredictive
38Filexxx_xxxxxxxx.xpredictive
39Filexxxxxxxxxxx.xxxpredictive
40Filexxxxxxxx.xxxpredictive
41Filexxx/xxxx/xxxx.xpredictive
42Filexxxxxxxxxxxxxx.xxxxpredictive
43Filexx/xxxx/xxxx.xpredictive
44Filexxxxxxx/xxxxxx.xxxpredictive
45Filexxx.xxxpredictive
46Filexxxxxx_xxxxx_xxxxx.xpredictive
47Filexxx/xxxxxx.xxxpredictive
48Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
49Filexxxxx.xxxpredictive
50Filexx/xxxxxxx.xpredictive
51Filexxxxxxxx/xxxx_xxxxxx.xpredictive
52Filexxxxx.xxxpredictive
53Filexxxxx.xxxpredictive
54Filexxxxxxx.xxxpredictive
55Filexxx%xx.xxxpredictive
56Filexxxxxxxx.xxxpredictive
57Filexxxx.xxxpredictive
58Filexx-xxx.xxxpredictive
59Filexxxxxxx.xxxpredictive
60Filexxxxxx.xxxpredictive
61Filexxxxxxxxxx.xxpredictive
62Filexxxxxx.xxxpredictive
63Filexxxx.xxxpredictive
64Filexxx/xxxxxxx/xx.xxxpredictive
65Filexxxxxxxxxxxxxx/xxxxx.xxpredictive
66Filexxxxxx.xxxpredictive
67Filexxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxxpredictive
68Filexxxx-xxxxx.xxxpredictive
69Filexxxx-xxxxxxxx.xxxpredictive
70Filexxxxx/xxx/xxx/xxxxxx.xpredictive
71Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxxpredictive
72Filexxxxxxx.xxxpredictive
73Filexxxxx/xxxxx.xxpredictive
74Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictive
75Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictive
76Filexx-xxxxx.xxxpredictive
77Filexx/xx/xxxxxpredictive
78File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxx.xxxpredictive
79Library/_xxx_xxx/xxxxx.xxxpredictive
80Libraryxxxxxxxxxxxxxx.xxxpredictive
81Libraryxxx/xxxxxxxx.xxxpredictive
82Argumentxxx_xxxxx_xx /xxxx_xxxxx_xx /xxx_xxxxx_xx /xxxxxxx_xxxxx_xxpredictive
83Argumentxxxxxxxxpredictive
84Argumentxxxxxxxpredictive
85Argumentxxxxxxxxpredictive
86Argumentxxxpredictive
87Argumentxxxxxxxxxxxpredictive
88Argumentxxxxxx_xxxxpredictive
89Argumentxxxxpredictive
90Argumentxxxxxxxxpredictive
91Argumentxxxx[]predictive
92Argumentxxxpredictive
93Argumentxxxxpredictive
94Argumentxxxxpredictive
95Argumentxxpredictive
96Argumentxxpredictive
97Argumentxxxxxxxxxpredictive
98Argumentxxxxxpredictive
99Argumentxxxxpredictive
100Argumentxxxx/xxxxxxxxxpredictive
101Argumentxxxxpredictive
102Argumentxxxxxpredictive
103Argumentxxxx_xxxpredictive
104Argumentxxxxxxpredictive
105Argumentxxxxxpredictive
106Argumentxxxxxxxxpredictive
107Argumentxxxxxx_xxxxpredictive
108Argumentxxxxxxxpredictive
109Argumentxxxxxxx_xxxpredictive
110Argumentxxxxpredictive
111Argumentxxxxxx/xxxxxpredictive
112Argumentxxxxxxpredictive
113Argumentxxxxpredictive
114Argumentxxxxxxxxpredictive
115Argumentxxxxxpredictive
116Argumentxxxxpredictive
117Argumentxxx_xxxpredictive
118Argumentxxxxxxxxpredictive
119Argumentxxxxxxxx/xxxxxxxxpredictive
120Argumentxxxxx[_xxxxxxxx]predictive
121Argumentxxxxxpredictive
122Argumentxxx_xxx_xxxxxxxxpredictive
123Argumentxxxx-xxxxxpredictive
124Argumentxxxxx_xxxxxxxxxx_xxxxxpredictive
125Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictive
126Input Value…/.predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!