Exchange Marauder 解析

IOB - Indicator of Behavior (312)

タイムライン

言語

en244
zh52
fr6
ru4
ko2

国・地域

us176
cn92
ru10
kr6
jp2

アクター

アクティビティ

関心

タイムライン

タイプ

ベンダー

製品

Microsoft Windows10
WordPress6
Microsoft IIS6
Nagios XI4
Apache HTTP Server4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2net2ftp ディレクトリトラバーサル7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.035010.00CVE-2008-5275
3Linux Kernel Pipe Dirty Pipe Privilege Escalation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.075840.00CVE-2022-0847
4MWChat Pro Help about.php 特権昇格7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.006500.00CVE-2006-5904
5Phicomm k2 特権昇格6.66.5$0-$5k$0-$5kNot DefinedNot Defined0.000440.06CVE-2023-40796
6Metalinks Metacart2 productsbycategory.asp SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001420.00CVE-2005-1363
7Yii Yii2 Gii クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.03CVE-2022-34297
8Microsoft Windows Clipboard User Service Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.07CVE-2022-21869
9SourceCodester Online Flight Booking Management System POST Parameter review_search.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001340.06CVE-2023-0283
10Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.28CVE-2014-4078
11FuelPHP 特権昇格7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.031290.00CVE-2014-1999
12phpLDAPadmin LDAP injection 特権昇格8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.145650.00CVE-2018-12689
13FreeBSD setrlimit メモリ破損6.55.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001260.00CVE-2017-1085
14DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.10CVE-2010-0966
15Zoho ManageEngine ServiceDesk Plus API Endpoint User 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.004660.00CVE-2018-7248
16WebARX Plugin Stored クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.002130.00CVE-2019-17213
17jforum User 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.03CVE-2019-7550
18ShowDoc 特権昇格5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001250.00CVE-2018-19620
19Chevereto CMS Stored クロスサイトスクリプティング5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2017-1000058
20Bitrix Upload from Local Disk Feature restore.php 特権昇格6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.05CVE-2022-29268

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Exchange Marauder

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/cgi-bin/luci/api/authpredictive
3File/filemanager/upload.phppredictive
4File/resources//../predictive
5File/src/Illuminate/Laravel.phppredictive
6File/usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.phppredictive
7File/usr/local/WowzaStreamingEngine/bin/predictive
8File/wp-json/oembed/1.0/embed?urlpredictive
9Fileabout.phppredictive
10Fileadmin/modules/tools/ip_history_logs.phppredictive
11Fileadminer.phppredictive
12Fileadmin_feature.phppredictive
13Fileapi_poller.phppredictive
14Fileapplication/controllers/admin/dataentry.phppredictive
15Filexxx.xxxpredictive
16Filexxxxxx/xxxxxxxx.xxxxpredictive
17Filexxxxxxx.xxpredictive
18Filexxx-xxx/xxxxxx.xxxpredictive
19Filexxxxxxxxxx.xxxpredictive
20Filexxx.xxx?xxx=xxxxx_xxxxpredictive
21Filexxx.xxxpredictive
22Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
23Filexxxxxxxx.xxxpredictive
24Filexxxx_xxxxxxx.xxxpredictive
25Filexxxxxxxxxxxxx.xxxpredictive
26Filexxx/xxxxxx/xxxxxx.xpredictive
27Filexxxxxxx.xxxpredictive
28Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictive
29Filexx_xxxx.xxxpredictive
30Filexxxxxxxxx.xxxpredictive
31Filexxx/xxxxxx.xxxpredictive
32Filexxxxxxxx/xxxx/xxxxx-xxxxx.xxxpredictive
33Filexxxxx.xxxpredictive
34Filexxxxxxx/xxxxxxxx.xxxpredictive
35Filexxxxxx/xxx/xxxxxxxx.xpredictive
36Filexx_xxxxxx.xxxpredictive
37Filexxxxxxx.xxxpredictive
38Filexxxxxxxxx/xxxx_xxxxxxx.xxx.xxxpredictive
39Filexxxx/xxxxxxxxxx.xxxpredictive
40Filexxx.xxxpredictive
41Filexxxxxx.xxpredictive
42Filexxxxxxx/xx?xxxxxxxx=predictive
43Filexxxxxxxxxxx-xxxx.xxpredictive
44Filexxx/xxxxxxx/xxx.xxxpredictive
45Filexxxxxxxxxxxxxxxxxx.xxxpredictive
46Filexxxxxxx_xxxx.xxxpredictive
47Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictive
48Filexxxxxxxx.xxxpredictive
49Filexxxx.xxxpredictive
50Filexxxxx-xxxxxxpredictive
51Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
52Filexxxxxxx.xxxpredictive
53Filexxxxxx_xxxxxx.xxxpredictive
54Filexxxxxx/xxx/xx/xxx.xxpredictive
55Filexxxxxxxxxx.xxxxpredictive
56Filexxxxxx_xxx_xxxxxx.xxxpredictive
57Filexxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xxpredictive
58Filexxxxxx.xpredictive
59Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictive
60Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictive
61Filexx/xx_xxxxxx.xxxpredictive
62Filexx\xxxxxxx.xxxxpredictive
63Filexxxx-xxxxxxx-xxxxxx.xxxpredictive
64File\xxxxxxx\xxxxxxxxxxxx.xxxxpredictive
65Library/xxx/xxx/xxxx.xxxpredictive
66Libraryxxxxxx[xxxxxx_xxxxpredictive
67Libraryxxxx.xxx.xxxpredictive
68Libraryxxxxxx.xxxpredictive
69Libraryxx-xxxxxxx/xxxxxxx/xx-xxxx-xxxxxxx/xxx/xxxxx/predictive
70Argument%xpredictive
71Argumentxxxxxxxpredictive
72Argumentxxxpredictive
73Argumentxxxxxx_xxxxpredictive
74Argumentxxxxxxxxpredictive
75Argumentxxxxpredictive
76Argumentxxxpredictive
77Argumentxxxxxpredictive
78Argumentxxxxxxxpredictive
79Argumentxxxpredictive
80Argumentxxxxxxxxpredictive
81Argumentxxxxxxxxxpredictive
82Argumentxxxxxx[xxxxxx_xxxx]predictive
83Argumentxxxxxx_xxxxx_xxxxxxxxxxxxxpredictive
84Argumentxxpredictive
85Argumentxxxxxxxxxxxpredictive
86Argumentxxxxpredictive
87Argumentxxxxxpredictive
88Argumentxx-xxxxpredictive
89Argumentxxxxxxxxpredictive
90Argumentxxpredictive
91Argumentxx_xxxxpredictive
92Argumentxxxxxxxxxpredictive
93Argumentxxxx/xxx_xxxxpredictive
94Argumentxxxxxxxpredictive
95Argumentxxxpredictive
96Argumentxxxxxxx/xxxxxxx/xxxxxxpredictive
97Argumentxxxxpredictive
98Argumentxxxxx_xxpredictive
99Argumentxxxx_xxpredictive
100Argumentxxxxxxxxxxxxxpredictive
101Argumentxxxx_xxpredictive
102Argumentxxxxx_xxxxxxpredictive
103Argumentxxxxxx xxxxpredictive
104Argumentxxxxxxxpredictive
105Argumentxxxxxxx xxxxpredictive
106Argumentxxxxxxpredictive
107Argumentxxxxxx_xxpredictive
108Argumentxxxxpredictive
109Argumentxxxx_xxxxxx/xxxxxx/xxxxxxpredictive
110Argumentxxxxxxxx_xxxxxpredictive
111Argumentxxxpredictive
112Argumentxxxxxxxxxx/xxxxxxxxxxxxxxxpredictive
113Argumentxxxxxxxxxpredictive
114Argumentxxxpredictive
115Argumentxxxpredictive
116Argumentxxxxxxxxxpredictive
117Argumentxxxxxxpredictive
118Argumentxxxx_xxpredictive
119Argumentxxxpredictive
120Argumentx-xxxxxxxxx-xxxpredictive
121Argumentxx_xxxx_xxxxxpredictive
122Argument_xxxpredictive
123Input Valuexxxx%xxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!