Expiro 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (248)

タイムライン

言語

en204
de16
fr8
es8
ru4

国・地域

us88
ru64
fr6
cn6
pl2

アクター

Expiro9
Ramnit2
Emotet1
Cobalt Strike1
Domestic Kitten1

アクティビティ

関心

タイムライン

タイプ

Not Defined78
Content Management System26
Operating System24
Web Server10
WordPress Plugin8

ベンダー

Not Defined80
Microsoft28
OTManager4
Cybozu4
Symonics4

製品

Microsoft Windows20
phpMyAdmin6
nginx4
Microsoft IIS4
OTManager CMS4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010758.15CVE-2006-6168
2Phplinkdirectory PHP Link Directory conf_users_edit.php 未知の脆弱性6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.05CVE-2011-0643
3Python Software Foundation BaseHTTPServer HTTP Request サービス拒否7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.02
4Maran PHP Shop prod.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.001370.04CVE-2008-4879
5OpenSSH Authentication Username 情報の漏洩5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.28CVE-2016-6210
6WordPress SQLインジェクション7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001750.00CVE-2011-3130
7Apache Tomcat CORS Filter 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.078490.05CVE-2018-8014
8DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.60CVE-2010-0966
9Apache HTTP Server suEXEC Feature .htaccess 情報の漏洩5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.03
10WordPress WP_Query class-wp-query.php SQLインジェクション8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.00CVE-2017-5611
11Microsoft Office Object Remote Code Execution7.06.9$5k-$25k$0-$5kHighOfficial Fix0.973390.07CVE-2017-8570
12TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
13Drupal User Module 特権昇格8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002080.00CVE-2016-6211
14Rockwell Automation FactoryTalk Service Platform 特権昇格8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2024-21915
15PHP Link Directory Administration Page index.html クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.28CVE-2007-0529
16TikiWiki tiki-index.php ディレクトリトラバーサル7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014140.32CVE-2007-5684
17AWStats Config awstats.pl クロスサイトスクリプティング4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.24CVE-2006-3681
18vu Mass Mailer Login Page redir.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.04CVE-2007-6138
19LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.13
20Suricata Rule ディレクトリトラバーサル6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.04CVE-2023-35852

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.79.71.205Expiro2022年08月01日verified
25.79.71.225Expiro2022年08月01日verified
318.213.250.117ec2-18-213-250-117.compute-1.amazonaws.comExpiro2022年04月28日verified
418.215.128.143ec2-18-215-128-143.compute-1.amazonaws.comExpiro2022年04月28日verified
535.205.61.6767.61.205.35.bc.googleusercontent.comExpiro2023年06月03日verified
635.234.136.1313.136.234.35.bc.googleusercontent.comExpiro2022年08月01日verified
746.165.220.145Expiro2022年04月28日verified
8XX.XXX.XXX.XXXXxxxxx2022年04月28日verified
9XX.XXX.XXX.XXXxxxxx2022年08月01日verified
10XX.XXX.XXX.XXXxxxxx2022年08月01日verified
11XX.XXX.XX.XXXXxxxxx2023年06月03日verified
12XX.X.XXX.XXXxxxxx2023年06月03日verified
13XX.XXX.XXX.XXXxx-xxx-xxx-xxx-xx.xxx.xxXxxxxx2022年08月01日verified
14XX.XX.XX.XXXxxxxx2022年08月01日verified
15XX.XX.XX.XXXXxxxxx2022年08月01日verified
16XX.XXX.XXX.XXXXxxxxx2022年04月28日verified
17XX.XXX.XXX.XXXxxxxx2023年06月03日verified
18XX.XXX.XXX.XXXXxxxxx2022年04月28日verified
19XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx2023年06月03日verified
20XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx2023年06月03日verified
21XXX.XX.XX.XXXxxxxx2022年08月01日verified
22XXX.XXX.XX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx2022年08月01日verified
23XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxx2022年04月28日verified
24XXX.XXX.XXX.XXXxxxxxxx.xxx.xxxx.xxxXxxxxx2023年06月03日verified
25XXX.XXX.XXX.XXXxxxxxxx.xxx.xxxx.xxxXxxxxx2022年08月01日verified
26XXX.XXX.XXX.XXXXxxxxx2022年08月01日verified
27XXX.XXX.XXX.XXXXxxxxx2022年08月01日verified
28XXX.XXX.XXX.XXXXxxxxx2022年08月01日verified
29XXX.XXX.XXX.XXXXxxxxx2022年08月01日verified
30XXX.XXX.XX.XXXxxxxx2022年08月01日verified
31XXX.XX.XXX.XXXXxxxxx2023年06月03日verified
32XXX.XXX.XXX.XXXxxxxx2022年08月01日verified
33XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxx2022年04月28日verified
34XXX.XXX.XXX.XXXXxxxxx2022年05月11日verified

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
18TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
19TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
20TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (136)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/ajax-files/followBoard.phppredictive
3File/DATAREPORTSpredictive
4File/etc/gsissh/sshd_configpredictive
5File/Forms/predictive
6File/forum/away.phppredictive
7File/getcfg.phppredictive
8File/maint/modules/home/index.phppredictive
9File/uncpath/predictive
10Fileaccount.asppredictive
11Fileaddentry.phppredictive
12Fileadmin/conf_users_edit.phppredictive
13Fileapi.phppredictive
14Fileawstats.plpredictive
15Filecarbon/resources/add_collection_ajaxprocessor.jsppredictive
16Filexxx-xxx/xxx/xxxxxx.xxpredictive
17Filexxx.xxpredictive
18Filexxxxxx.xxxpredictive
19Filexxxxx_xxxx.xxxpredictive
20Filexxxxxxxx/xxxxxxxxxx.xxxxpredictive
21Filexxxxxx/xxx.xpredictive
22Filexxx.xxx.xxxxpredictive
23Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictive
24Filexxxxxxx/xxx_xxxxxxx.xxxpredictive
25Filexxxxxx-xxxx.xpredictive
26Filexxxxx_xxxx.xpredictive
27Filexxxxxxxx.xxxpredictive
28Filexxx/xxxx/predictive
29Filexxxxxxxxxxxxxx.xxxpredictive
30Filexxxx_xxxxxxx.xxx.xxxpredictive
31Filexxx/xxxxxxxxxx.xpredictive
32Filexxxxx.xxxpredictive
33Filexxxx.xxxpredictive
34Filexxxx/xxxxxx.xpredictive
35Filexxxxxxxx.xxxpredictive
36Filexxx/xxxxxx.xxxpredictive
37Filexxxxx.xxxxpredictive
38Filexxxxx.xxxpredictive
39Filexxxxxx/xxxxx/xxxxx.xpredictive
40Filexxxxxxx/xxxx-xxxx.xpredictive
41Filexxxxx.xxxpredictive
42Filexxxx.xpredictive
43Filexxxxxx/xxxxxx.xpredictive
44Filexxxxxxxxxx/xxxxx.xpredictive
45Filexx/predictive
46Filexxx_xxxxx_xxxxxx_xxxxx.xxxpredictive
47Filexxxx.xxxxxxxxxx.xxxpredictive
48Filexxxxxxxx_xxxxxx.xxxpredictive
49Filexxxxx-xxxx.xxxpredictive
50Filexxxx.xxxpredictive
51Filexxxxxxxpredictive
52Filexxxxxx.xxxpredictive
53Filexxxxxxxxxxx_xxxxxx/xxxxxxxxxxxx/xxx_xxxxxxxxxxx.xxxpredictive
54Filexxxxx.xxxpredictive
55Filexxxxxxx.xxpredictive
56Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictive
57Filexxxxxxxxx.xxxpredictive
58Filexxxxxxxxxx.xxxpredictive
59Filexxxxxxxxxxx.xxxpredictive
60Filexxxxxxxxx_xxxxxxxxx.xxxpredictive
61Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictive
62Filexxxxxxx.xxxpredictive
63Filexxxx-xxxxx.xxxpredictive
64Filexxxx-xxxxxxxx.xxxpredictive
65Filexxxxxx.xxxpredictive
66Filexxxxxx-xxxxxxx-xxxx.xxxpredictive
67Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictive
68Filexxxxxxx.xxxpredictive
69Filexxxxxxxxxxxxxxx.xxxpredictive
70Filexxxxx_xx.xxxpredictive
71Filexxxx/xx_xxxxxxx.xxxpredictive
72Filexxxxx/xxxxx.xxpredictive
73Filexxxxxx.xxxpredictive
74Filexxxxxxx/xxxxxx.xpredictive
75Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictive
76Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictive
77Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
78Filexxxxxx.xxxpredictive
79Library/xxx/xxx/xxxx.xxxpredictive
80Libraryxxx/xxxx/xxxxxx.xxpredictive
81Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictive
82Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictive
83Libraryxxxxxxx.xxxpredictive
84Libraryxxxxxx/x/xxxxxxxxpredictive
85Argumentxxxxxxxxpredictive
86Argumentxxxxxpredictive
87Argumentxxxxpredictive
88Argumentxxxpredictive
89Argumentxxxxxxxpredictive
90Argumentxxxxxxxxxxxxxx/xxxxxxxxxxpredictive
91Argumentxxxxxxpredictive
92Argumentxxxxxx[xxxxxxx_xxx]predictive
93Argumentxxxxxxxxxxxxxxxxpredictive
94Argumentxxxxxxxxpredictive
95Argumentxxxxxxxx_xxxxx[]predictive
96Argumentxxxxxxxxxpredictive
97Argumentxxx_xxxxxxxxpredictive
98Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictive
99Argumentxxxxxxxxxpredictive
100Argumentxxxpredictive
101Argumentxxxxpredictive
102Argumentxxx_xxxpredictive
103Argumentxxxxpredictive
104Argumentxx_xxxxxxxxpredictive
105Argumentxxxxpredictive
106Argumentxxxpredictive
107Argumentxxxxxxxxpredictive
108Argumentxxxxxxxxpredictive
109Argumentxxxx[xxxxxxxxxxxxxxxxx]predictive
110Argumentxxxx_xxxxpredictive
111Argumentxxxxx_xxxx_xxxxpredictive
112Argumentxxxpredictive
113Argumentxxxxxxxxpredictive
114Argumentxxxxxpredictive
115Argumentxxxxpredictive
116Argumentxxxxxxpredictive
117Argumentxxxxxxxxxxxxxpredictive
118Argumentxxxxpredictive
119Argumentxxxxpredictive
120Argumentxxxxxxxxpredictive
121Argumentxxxxxxxxpredictive
122Argumentxxxpredictive
123Argumentxxxxpredictive
124Argumentxxxx->xxxxxxxpredictive
125Argumentxxxxx_xxxxxxpredictive
126Argumentxxxxxpredictive
127Input Value#/+predictive
128Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictive
129Input Value../predictive
130Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
131Input Value\xpredictive
132Network Portxxxxpredictive
133Network Portxxx/xxxxpredictive
134Network Portxxx/xxxxpredictive
135Network Portxxx/xxx (xxxx)predictive
136Network Portxxx xxxxxx xxxxpredictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!