Esfury 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

タイムライン

言語

en104
de4
fr2

国・地域

us38
de2
ca2
gb2

アクター

Chthonic2
Expiro1
Liberty Front Press1
Esfury1
Razy1

アクティビティ

関心

タイムライン

タイプ

Not Defined56
Programming Language Software6
WordPress Plugin4
Content Management System4
Billing Software2

ベンダー

SourceCodester30
Not Defined28
Weaver4
PHPGurukul2
Appnitro2

製品

SourceCodester Lost and Found Information System6
SourceCodester Online Exam System6
PHP4
SourceCodester Class Scheduling System4
External Media without Import Plugin2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
2Phplinkdirectory PHP Link Directory conf_users_edit.php 未知の脆弱性6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.18CVE-2011-0643
3SourceCodester Online Exam System GET Parameter updateCourse.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001460.05CVE-2023-2642
4SourceCodester Online Internship Management System POST Parameter login.php SQLインジェクション8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001460.00CVE-2023-2641
5OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment サービス拒否6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001290.32CVE-2023-2618
6OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment サービス拒否5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001490.05CVE-2023-2617
7SourceCodester Online Reviewer System GET Parameter user-update.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.002890.05CVE-2023-2596
8SourceCodester Billing Management System POST Parameter ajax_service.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002890.00CVE-2023-2595
9SourceCodester Food Ordering Management System Registration SQLインジェクション8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002160.05CVE-2023-2594
10SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php クロスサイトスクリプティング4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.05CVE-2023-2565
11jja8 NewBingGoGo クロスサイトスクリプティング4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.05CVE-2023-2560
12External Media without Import Plugin external-media-without-import.php print_media_new_panel クロスサイトスクリプティング4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.09CVE-2017-20183
13SourceCodester Online Tours & Travels Management System disapprove_delete.php exec SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001460.05CVE-2023-2619
14PHP-Login POST Parameter class.loginscript.php checkLogin SQLインジェクション8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.09CVE-2016-15031
15PHP Link Directory Administration Page index.html クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.09CVE-2007-0529
16TikiWiki tiki-index.php ディレクトリトラバーサル7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014140.55CVE-2007-5684
17AWStats Config awstats.pl クロスサイトスクリプティング4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.30CVE-2006-3681
18vu Mass Mailer Login Page redir.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.09CVE-2007-6138
19LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.54
20Suricata Rule ディレクトリトラバーサル6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000750.04CVE-2023-35852

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.79.71.205Esfury2022年04月28日verified
25.79.71.225Esfury2022年04月28日verified
335.229.93.4646.93.229.35.bc.googleusercontent.comEsfury2022年04月28日verified
4XX.XXX.XXX.Xx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx2022年04月28日verified
5XX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx2022年04月28日verified
6XX.XXX.XX.XXxxxxx.xxXxxxxx2022年04月28日verified
7XX.XXX.XX.XXxxxxx.xxXxxxxx2022年04月28日verified
8XX.XXX.XX.XXxxxxx.xxXxxxxx2022年04月28日verified
9XXX.XX.XX.XXXXxxxxx2022年04月28日verified
10XXX.XX.XX.XXXXxxxxx2022年04月28日verified
11XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx2022年04月28日verified
12XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx2022年04月28日verified
13XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxx2022年04月28日verified

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
4T1068CAPEC-122CWE-264, CWE-269Execution with Unnecessary Privilegespredictive
5TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx Xxxxpredictive
13TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (111)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/budget/manage_budget.phppredictive
2File/admin/edit_subject.phppredictive
3File/admin/save_teacher.phppredictive
4File/admin/service.phppredictive
5File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictive
6File/cas/logoutpredictive
7File/changeimage.phppredictive
8File/dosen/datapredictive
9File/forum/away.phppredictive
10File/jurusan/datapredictive
11File/kelas/datapredictive
12File/kelasdosen/datapredictive
13File/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05predictive
14File/mahasiswa/datapredictive
15File/xxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictive
16File/xxxxxxxxx/xxxxxx.xxxpredictive
17File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictive
18File/xxxx_xxxxx.xxx?xxxxxxxxx=xxxxxxxpredictive
19File/xxxxxxxx-xxxx/xxx_xx/xxxxxx.xxxxpredictive
20File/xxxxxxx/predictive
21File/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictive
22Filexxxxx/predictive
23Filexxxxx/?xxxx=xxxxxxxxxx/xxxxxx_xxxxxxxxpredictive
24Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
25Filexxxxx/xxxxx.xxxpredictive
26Filexxxxx/xxxxxxxx_xxxxx_xxxx.xxxpredictive
27Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictive
28Filexxxxx_xxx.xxx?xxxxxx=xxxpredictive
29Filexxxx.xxxpredictive
30Filexxxx_xxxxxxx.xxxpredictive
31Filexxxxxxx.xxpredictive
32Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictive
33Filexxx.xpredictive
34Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxpredictive
35Filexxxxx.xxxpredictive
36Filexxxxxxxx.xxxpredictive
37Filexxxxxxxxxx_xxxxxx.xxxpredictive
38Filexxxxxxxx.xxxpredictive
39Filexxxxxxxxxxxxx.xxxpredictive
40Filexxxxxxxx-xxxxx-xxxxxxx-xxxxxx.xxxpredictive
41Filexxxxxxxxxxx.xxxpredictive
42Filexxxxxxxxxxxx.xxxpredictive
43Filexx_xxxxxxx.xxxpredictive
44Filexxxxxxxxxxxxxxxx.xxxpredictive
45Filexxxxxxxxxx.xxxxx.xxxpredictive
46Filexxxxxxxxxxxxxxxxx.xxxpredictive
47Filexxxxx.xxxxpredictive
48Filexxxxx/xxxx.xxxpredictive
49Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictive
50Filexxxxxx_xxxxxxx.xxxpredictive
51Filexxxx.xxxxxxxxxx.xxxpredictive
52Filexxxxxx.xpredictive
53Filexxxxx-xxxx.xxxpredictive
54Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictive
55Filexxxxx.xxxpredictive
56Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictive
57Filexxxx/xxx/xxx_xxxx.xpredictive
58Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictive
59Filexxxx_xxxx.xxxpredictive
60Filexxxxxxxx.xxxpredictive
61Filexxxx-xxxxx.xxxpredictive
62Filexxxx-xxxxxxxx.xxxpredictive
63Filexxxxx/xxxx_xxxx.xxxpredictive
64Filexxxx_xxxxxx.xxxpredictive
65Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictive
66Filexxxxxxx.xxxxpredictive
67Argument$_xxxxxx['xxxxx_xxxxxx']predictive
68Argumentxxxxxxxx_xxxxpredictive
69Argumentxxxxxxpredictive
70Argumentxxxxxxxxpredictive
71Argumentxxxxxxxxxxpredictive
72Argumentxx_xxpredictive
73Argumentxxxxxx_xxpredictive
74Argumentxxxx_xxpredictive
75Argumentxxxxxxx[x][xxxx]predictive
76Argumentxxxxxxxxx_xxxxpredictive
77Argumentxxxxxxpredictive
78Argumentxxxx_xxxxxxxxpredictive
79Argumentxxxxxpredictive
80Argumentxxxxxxxxpredictive
81Argumentxxxxxxpredictive
82Argumentxxxxxxxx/xxxxxxx/xxxxxxxpredictive
83Argumentxxpredictive
84Argumentxxx_xxxxxxxxpredictive
85Argumentxxxxxpredictive
86Argumentxxxxxxxpredictive
87Argumentxxxxpredictive
88Argumentxxxxxxxxxxpredictive
89Argumentxxxxpredictive
90Argumentxxxxxxpredictive
91Argumentxxx_xxxxxxxxpredictive
92Argumentxxxxpredictive
93Argumentxxxxxxxxpredictive
94Argumentxxxxxxxpredictive
95Argumentxxxxxxxpredictive
96Argumentxxxx/xxxxpredictive
97Argumentxxxxxxpredictive
98Argumentxxxpredictive
99Argumentxxx/xxxxx/xxxxx/xxxxxx/xxxx-xxxxpredictive
100Argumentxxxxxxxxpredictive
101Argumentxxxxxxxx-xxxx-xxpredictive
102Argumentxxxxxxxx/xxxxxxxxpredictive
103Argumentxxxxxxxxpredictive
104Argumentxxxx_xxpredictive
105Input Value-xpredictive
106Input Valuexxxxxxpredictive
107Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictive
108Input Valuexxxxxpredictive
109Input Valuexxxxxxpredictive
110Network Portxxx/xx (xxx xxxxxxxx)predictive
111Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!