FontOnLake 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (36)

タイムライン

言語

en22
zh14

国・地域

cn30
us6

アクター

FontOnLake2
APT291
Cobalt Strike1
Beapy1

アクティビティ

関心

タイムライン

タイプ

Not Defined20
Programming Tool Software4
Operating System4
Database Software2
WordPress Plugin2

ベンダー

Not Defined12
Microsoft8
GNU4
Atlassian4
Oracle2

製品

GNU binutils4
Microsoft Windows4
Oracle MySQL Server2
WP Fastest Cache2
Server2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Penta WAPPLES 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2022-35582
2GNU binutils BFD Library opncls.c bfd_zalloc メモリ破損4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.001320.03CVE-2018-17359
3UUSee UUPlayer ActiveX control ActiveX Control 特権昇格9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.010630.00CVE-2011-2590
4Oracle MySQL Server Client programs Privilege Escalation7.16.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001790.04CVE-2023-21980
5Penta WAPPLES 構成ミス7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2022-31322
6Spring Boot Admins Notifier env 特権昇格7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002620.00CVE-2022-46166
7Apache Commons FileUpload Request Part サービス拒否5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.033590.09CVE-2023-24998
8redis-py Async Command 情報の漏洩4.03.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2023-28858
9Microsoft Windows Win32k Local Privilege Escalation7.87.4$25k-$100k$0-$5kHighOfficial Fix0.003500.08CVE-2021-1732
10Microsoft Windows L2TP Privilege Escalation7.87.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.008270.02CVE-2022-30211
11ZStack REST API 特権昇格5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004820.00CVE-2021-32836
12ZhongBangKeJi CRMEB UploadService.php Getshell 特権昇格5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.003090.05CVE-2020-21787
13WP Fastest Cache ディレクトリトラバーサル3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.002940.00CVE-2021-20714
14Atlassian Bamboo Double OGNL Evaluation Java 特権昇格8.38.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010400.00CVE-2017-14589
15Atlassian Confluence Server 情報の漏洩4.34.1$0-$5k$0-$5kHighOfficial Fix0.963210.00CVE-2021-26085
16Google Chrome V8 Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.243800.02CVE-2020-16040
17ExifTool djvu File Remote Code Execution6.36.0$0-$5k$0-$5kHighOfficial Fix0.922530.04CVE-2021-22204
18Microsoft Windows DNS Server SigRed メモリ破損10.09.8$25k-$100k$0-$5kHighOfficial Fix0.944410.05CVE-2020-1350
19Huawei NIP6800/Secospace USG6600/Secospace USG9500 メモリ破損7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001100.05CVE-2020-1876
20Microsoft Windows NTLM 情報の漏洩5.44.7$25k-$100k$0-$5kUnprovenOfficial Fix0.005350.05CVE-2021-1678

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
127.102.130.63FontOnLake2021年10月10日verified
2XX.XXX.XX.XXXXxxxxxxxxx2021年10月10日verified
3XX.XXX.XXX.XXXXxxxxxxxxx2021年10月10日verified
4XXX.XXX.XXX.XXXXxxxxxxxxx2021年10月10日verified
5XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxx.xxxXxxxxxxxxx2021年10月10日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/crmeb/crmeb/services/UploadService.phppredictive
2File/envpredictive
3File/s/predictive
4Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictive
5Filexxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictive
6Filexxxx.xpredictive
7Filexxxxxxx.xxxpredictive
8Filexxxxxx.xpredictive
9Filexxxxxx.xpredictive
10Libraryxxxx.xxxpredictive
11Argument-x/-xpredictive
12Argumentxxxxxxpredictive
13Argumentxxxxxxxxxx[xxx][x]predictive
14Argumentxxxxxxxxxxxpredictive
15Argumentxxpredictive
16Input Value..\predictive
17Network Portxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!