ENT11 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (279)

タイムライン

言語

en194
pl52
de10
zh8
es8

国・地域

us216
ru24
cn12
pl10
de6

アクター

MuddyWater8
Mirai6
ENT116
TrickBot3
Cobalt Strike3

アクティビティ

関心

タイムライン

タイプ

Not Defined100
Content Management System14
WordPress Plugin8
Office Suite Software6
Photo Gallery Software4

ベンダー

Not Defined76
Microsoft10
Kailash Nadh4
Apache4
Navarino2

製品

Microsoft Office6
Kailash Nadh boastMachine4
Gallery4
PHP4
OpenSSH2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.67CVE-2010-0966
3TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010759.55CVE-2006-6168
4PHP Link Directory Administration Page index.html クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.42CVE-2007-0529
5Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.85CVE-2020-15906
6LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.85
7AWStats awstats.pl Path 情報の漏洩5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001830.08CVE-2018-10245
8vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.05CVE-2018-6200
9SourceCodester Online Flight Booking Management System POST Parameter review_search.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001340.13CVE-2023-0283
10D-Link IP Cameras lums.cgi 情報の漏洩4.84.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.725050.16CVE-2013-1601
11PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.33CVE-2015-4134
12Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.08CVE-2017-0055
13Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed メモリ破損8.38.2$25k-$100k$0-$5kHighOfficial Fix0.966680.08CVE-2023-4966
14deV!Lz deV!L z Clanportal Gamebase Addon index.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.000640.11CVE-2012-0905
15YaPIG view.php クロスサイトスクリプティング6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.024280.04CVE-2005-4799
16Pligg cloud.php SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000002.25
17Vunet VU Web Visitor Analyst redir.asp SQLインジェクション7.37.1$0-$5k$0-$5kHighWorkaround0.001190.04CVE-2010-2338
18D-Link DCS Authentication 弱い認証6.45.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.042040.02CVE-2013-1603
19ISC BIND Recursion 情報の漏洩5.86.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.005530.00CVE-2018-5738
20FLDS redir.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.002030.16CVE-2008-5928

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
123.94.7.9unsupervised.etcharb.comENT112024年02月16日verified
223.94.7.134landau.etcharb.comENT112024年02月16日verified
323.94.24.7623-94-24-76-host.colocrossing.comENT112024年02月16日verified
423.94.24.7723-94-24-77-host.colocrossing.comENT112024年02月16日verified
523.94.24.7823-94-24-78-host.colocrossing.comENT112024年02月16日verified
623.95.8.14923-95-8-149-host.colocrossing.comENT112024年02月16日verified
737.187.204.27smtp1.hosterdaddy.comENT112024年02月16日verified
8XX.XXX.XX.XXXxxxxxxxxxxx.xxx.xxxxx.xxxXxxxx2024年02月16日verified
9XX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxXxxxx2024年02月16日verified
10XX.XX.XXX.XXxxxxxxxx.xxxXxxxx2024年02月16日verified
11XX.X.XXX.XXXxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
12XX.X.XXX.XXXxxxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
13XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxx.xxxXxxxx2024年02月16日verified
14XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
15XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
16XXX.XXX.XX.XXxxx-xxx-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
17XXX.XXX.XX.XXXxxxxxxxxxx.xxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
18XXX.XXX.XX.XXXxxxxxxx.xxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
19XXX.XXX.XXX.XXxxxxx.xxxxxxx.xxxxXxxxx2024年02月16日verified
20XXX.XXX.XXX.XXxxxxxxxxx.xxxXxxxx2024年02月16日verified
21XXX.XXX.XXX.XXxxxxxxxxxxx.xxx.xxxxx.xxxXxxxx2024年02月16日verified
22XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
23XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
24XXX.XX.XX.XXxxxx2024年02月16日verified
25XXX.XX.XXX.XXXXxxxx2024年02月16日verified
26XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxxx.xxxXxxxx2024年02月16日verified
27XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxxx.xxxXxxxx2024年02月16日verified
28XXX.XXX.XX.XXxxxx2024年02月16日verified
29XXX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxx.xxxXxxxx2024年02月16日verified
30XXX.X.XXX.XXXxxxxx.xxxxxxx.xxxXxxxx2024年02月16日verified
31XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
32XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
33XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx2024年02月16日verified
34XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx2024年02月16日verified

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (134)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/koha/acqui/supplier.pl?op=enterpredictive
2File/cgi-bin/system_mgr.cgipredictive
3File/downloadpredictive
4File/forum/away.phppredictive
5File/include/helpers/upload.helper.phppredictive
6File/oauth/idp/.well-known/openid-configurationpredictive
7File/opt/IBM/es/lib/libffq.cryptionjni.sopredictive
8File/PROD_ar/twbkwbis.P_FirstMenupredictive
9File/rom-0predictive
10File/spip.phppredictive
11File/uncpath/predictive
12File/WWW//app/admin/controller/admincontroller.phppredictive
13Fileadclick.phppredictive
14Fileadd_comment.phppredictive
15Fileadmin/cmsWebFile/list.html?path=../predictive
16FileadminBanned.phppredictive
17Fileadministrator/components/com_media/helpers/media.phppredictive
18Filexxxxxxxxxxxxxx.xxxpredictive
19Filexxxxx_xxxxxx.xxxpredictive
20Filexxxxxxx.xxpredictive
21Filexxxxx.xxxpredictive
22Filexxxxxxxx.xxxpredictive
23Filexxxxxx/xxxxxxx.xpredictive
24Filexxxxx.xxxpredictive
25Filexxx/xxxxxx-xxxxxxx.xxxpredictive
26Filexxxxxx/xxx.xpredictive
27Filexxxxxxx.xxxpredictive
28Filexxxxxxxxxx\xxxx.xxxpredictive
29Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
30Filexxx.xpredictive
31Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictive
32Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
33Filexxxxxx.xxxpredictive
34Filexxxx.xxxpredictive
35Filexxxxxxxxx.xxxpredictive
36Filexxx/xxxxxx.xxxpredictive
37Filexxxxxxx/xxxxxxx.xxxpredictive
38Filexxxxx.xxxxpredictive
39Filexxxxx.xxxpredictive
40Filexxx_xxxxxxxxx.xxxpredictive
41Filexxxxxxxxx.xxxpredictive
42Filexxxxx.xxxxpredictive
43Filexxxxx.xxxpredictive
44Filexxx_xxxxxx.xpredictive
45Filexxxxxxxx.xxxpredictive
46Filexxxxxxxxxx.xxxpredictive
47Filexx-xxxxx/xxxx-xxxx.xxxpredictive
48Filexx/xxxx.xxxpredictive
49Filexxx/xxx_xxx_xxxxxxx.xpredictive
50Filexxxxxxx/xxx.xxxpredictive
51Filexxx_xxxx.xxxpredictive
52Filexxxx.xxxpredictive
53Filexxxxxxx.xxxpredictive
54Filexxxx.xxxpredictive
55Filexxxxx.xxxpredictive
56Filexxxxx.xxxpredictive
57Filexxxxxxxx.xxxpredictive
58Filexxxxxxxxxx.xxxpredictive
59Filexxxxxxxx.xxxpredictive
60Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
61Filexxxxxxxxxxxx_xxxxxxxx.xxxpredictive
62Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
63Filexxxxxx_xxxxxx.xxxpredictive
64Filexxxxxxxx.xxxpredictive
65Filexxxx-xxxxxx.xpredictive
66Filexxxxxxxxxxxxxx.xxxpredictive
67Filexxxxxxxx_xxxxxxxxx.xxxpredictive
68Filexxxxxxx/xxxx/xxx_xxx.xxxpredictive
69Filexxxxxxx-xxxxxxx.xxxpredictive
70Filexxxxxxx_xxxxxxxx.xxxpredictive
71Filexxxxxxxx.xxxxpredictive
72Filexxxx-xxxxxxxx.xxxpredictive
73Filexxxx-xxxxx.xxxpredictive
74Filexxxx-xxxxxxxx.xxxpredictive
75Filexxxx_xxxx.xpredictive
76Filexxxx/xxx-xxx.xxxpredictive
77Filexxxx.xxxpredictive
78Filexxxxxxx/xxxxxxxxx/xxxxxxxxxxx.xxxpredictive
79Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictive
80Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictive
81Argumentxxxxxxxxxxpredictive
82Argumentxxxxxxxxxxxpredictive
83Argumentxxxxxxpredictive
84Argumentxxxxxxxxpredictive
85Argumentxxxxpredictive
86Argumentxxxxxxpredictive
87Argumentxxxpredictive
88Argumentxxxxxxxxxpredictive
89Argumentxxxxxxxxxxpredictive
90Argumentxxxpredictive
91Argumentxxxxxxxxxxxxxpredictive
92Argumentxxxxxxpredictive
93Argumentxxxxxxxpredictive
94Argumentxxxxx[]predictive
95Argumentxxxxx_xxxpredictive
96Argumentxxxxxxxxpredictive
97Argumentxxxxxxxxx/xxxxxxpredictive
98Argumentxx_xxxxxxpredictive
99Argumentxxxxxxpredictive
100Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictive
101Argumentxxxxxxx[xx_xxx_xxxx]predictive
102Argumentxxxxpredictive
103Argumentxxxx_xxxxxpredictive
104Argumentxxpredictive
105Argumentxxxxpredictive
106Argumentxxxxxxpredictive
107Argumentxxxx_xxxxpredictive
108Argumentxxxxxxxxxpredictive
109Argumentxxxxpredictive
110Argumentxxpredictive
111Argumentxxpredictive
112Argumentxxxxpredictive
113Argumentxxxxxxxxpredictive
114Argumentxxxxxxxxpredictive
115Argumentxxxxpredictive
116Argumentxxxx_xxxxpredictive
117Argumentxxxxx_xxxx_xxxxpredictive
118Argumentxxxx/xxxxxpredictive
119Argumentxxxxxxpredictive
120Argumentxxxxxxpredictive
121Argumentxxxxxxxxxxxpredictive
122Argumentxxxpredictive
123Argumentxxxxxpredictive
124Argumentxxxxxxxxxpredictive
125Argumentxx_xxxx_xxxpredictive
126Argumentxxxpredictive
127Argumentxxxxpredictive
128Argumentxxxx_xxpredictive
129Argumentxxxxxxxxxpredictive
130Input Value..predictive
131Input Value|<xxxxxxx>predictive
132Patternxxxxxxx-xxxxxxxxxxx|xx| xxxx-xxxxpredictive
133Pattern|xx|xx|xx|predictive
134Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!