FamousSparrow 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (158)

タイムライン

言語

en96
zh56
ja4
de2

国・地域

cn106
us52

アクター

Cobalt Strike2
GhostEmperor1
Andariel1
Lazarus1
FamousSparrow1

アクティビティ

関心

タイムライン

タイプ

Not Defined58
Operating System10
Groupware Software10
Firewall Software8
Content Management System6

ベンダー

Not Defined60
Microsoft12
Synacor6
Array Networks4
Sonatype2

製品

Microsoft Windows8
Synacor Zimbra Collaboration4
EspoCRM4
Sonatype Nexus Repository Manager OSS2
Sangfor Next-Gen Application Firewall2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1ipTIME NAS-I Bulletin Manage 特権昇格7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.06CVE-2020-7847
2Array Networks ArrayOS AG Packets 特権昇格8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001640.04CVE-2023-51707
3mm-wiki Markdown Editor クロスサイトスクリプティング4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.05CVE-2021-39393
4EspoCRM 特権昇格7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.001040.04CVE-2022-38843
5Palo Alto PAN-OS 未知の脆弱性4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000750.04CVE-2023-0004
6Joomla! Blacklist SQLインジェクション6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001960.00CVE-2020-35613
7koha ディレクトリトラバーサル5.35.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.066560.04CVE-2011-4715
8Synacor Zimbra Collaboration mboximport ディレクトリトラバーサル4.74.5$0-$5k$0-$5kHighOfficial Fix0.947580.00CVE-2022-27925
9WordPress WP_Query class-wp-query.php SQLインジェクション8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.07CVE-2017-5611
10Synacor Zimbra Webmail Subsystem upload 特権昇格6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004660.07CVE-2020-12846
11Vmware Workspace ONE Access/Identity Manager Template 特権昇格9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974180.04CVE-2022-22954
12UniSharp laravel-filemanager Image File upload 特権昇格5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.001930.02CVE-2021-23814
13Citrix XenServer ディレクトリトラバーサル8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.023400.00CVE-2018-14007
14PHPMailer validateAddress 特権昇格5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003440.13CVE-2021-3603
15Spamsniper Mail From メモリ破損7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.014040.00CVE-2020-7845
16ThinkPHP index.php SQLインジェクション8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001790.02CVE-2018-10225
17IBM MQ TLS Key Renegotiation 特権昇格6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.002670.00CVE-2019-4055
18Array Networks APV Packet 特権昇格5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001510.04CVE-2023-28460
19Array Networks ArrayOS 特権昇格9.39.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.04CVE-2022-42897
20Array Networks Array AG/vxAG SSL VPN Gateway 弱い認証5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003310.03CVE-2023-28461

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
127.102.113.240power.playtimeins.netFamousSparrow2021年09月24日verified
2XX.XXX.XXX.XXXXxxxxxxxxxxxx2021年09月24日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (58)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/api/v1/terminal/sessions/?limit=1predictive
2File/cgi-bin/login.cgipredictive
3File/login.htmlpredictive
4File/newpredictive
5File/secure/QueryComponent!Default.jspapredictive
6File/service/uploadpredictive
7File/system?action=ServiceAdminpredictive
8File/xxx/xxx/xxxxxpredictive
9File/xx-xxxxpredictive
10Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictive
11Filexxxxx/xxxxx.xxx?x=xxxxxxxx&x=xxxpredictive
12Filexxxxx/xxxxxxx/xxxxxxxxxxpredictive
13Filexxx_xxxxxxx.xxxpredictive
14Filexxxxxx/xxxxx/xxxxx.xxxpredictive
15Filexxxxxxx.xxxxx.xxxpredictive
16Filexxxxxxx_xxxxxxx.xxpredictive
17Filexxxxxxxxxxxx.xxxpredictive
18Filexxxxxxxxxxxxxxxxxx.xxxpredictive
19Filexxxxxx_xxx_xxxx_xxxxx_xx_xxxxx.xpredictive
20Filexxxxx.xxxpredictive
21Filexxxxxx/xxxxxx.xpredictive
22Filexxxxxxxxxxx/xxxxx.xpredictive
23Filexxxxxxxxx.xxxpredictive
24Filexxxxxxx/xxxx/xxxxx/xxxxxxxxxxx.xxxpredictive
25Filexxxxxxx/xxxx_xxx_xxxxx.xxxpredictive
26Filexxxxxxx.xxxpredictive
27Filexxxxxxx.xxxpredictive
28Filexxxxxx_xxxxx.xxxpredictive
29Filexxx_xxxx_xxxxxxx.xxxpredictive
30Filexx_xxx.xxpredictive
31Filexxxxxxxx/xxxxx/xxxxxxx.xxxx?xxxxxxxxxx=xxxxxxxxxxxxxxxx/xxxxpredictive
32Filexxxxxx-xxxxxxx-xxxx.xxxpredictive
33Filexxxxxxx/xxxxxxxx_xxxx_xx_xxx.xpredictive
34Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
35Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
36File__xxxx_xxxxxxxx.xxxpredictive
37Libraryxxxxxxxx.xpredictive
38Libraryxxxxxxxx.xxxpredictive
39Libraryxxxxxxxx.xxxpredictive
40Libraryxxxxxxxx.xxxpredictive
41Argument--xxxxxx/--xxxxxxxxpredictive
42Argumentxxx_xxxxx_xxxxpredictive
43Argumentxxxxxxxxpredictive
44Argumentxxxx xxxxpredictive
45Argumentxxxxxxxx_xxxxx[]predictive
46Argumentxxxxpredictive
47Argumentxxxxxpredictive
48Argumentxxxxxxxxpredictive
49Argumentxxxx_xxpredictive
50Argumentxxxxxxxxxxxxxpredictive
51Argumentxxxxxxxxx_predictive
52Argumentxxxxxxpredictive
53Argumentxxxxxxxxpredictive
54Argumentxxxxxxxxpredictive
55Input Value%xx%xx%xxpredictive
56Input Value../predictive
57Input Valuexxxx.xxx::$xxxxpredictive
58Network Portxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!