GreenMwizi 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (198)

タイムライン

言語

en198

国・地域

ke198

アクター

Unknown1

アクティビティ

関心

タイムライン

タイプ

Not Defined60
Web Server22
Content Management System10
Router Operating System8
Operating System6

ベンダー

Not Defined62
Apache16
Microsoft6
Cisco4
BMC4

製品

Apache HTTP Server12
nginx6
WordPress6
Microsoft Windows4
Apache Tomcat4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.30CVE-2014-4078
2Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.04CVE-2017-0055
3Samsung Galaxy OMACP Message Config 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001150.00CVE-2016-7991
4OpenSSH Authentication Username 情報の漏洩5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.22CVE-2016-6210
5Apache Tomcat CORS Filter 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.078490.05CVE-2018-8014
6Ilohamail クロスサイトスクリプティング4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
7Huawei B315s-22 情報の漏洩5.45.1$5k-$25k$0-$5kProof-of-ConceptNot Defined0.002780.02CVE-2018-7921
8JIRA Access Check CachingResourceDownloadRewriteRule 特権昇格7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.971310.07CVE-2019-8442
9Portainer API Endpoint check 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003040.03CVE-2018-19367
10Apache HTTP Server suEXEC Feature .htaccess 情報の漏洩5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.03
11OpenNetAdmin 特権昇格7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.008570.08CVE-2019-25065
12Apache HTTP Server HTTP Digest Authentication Challenge 弱い認証8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018150.08CVE-2018-1312
13Rapidleech upload.php ディレクトリトラバーサル5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004430.00CVE-2009-1089
14Huawei HG532 Service Port 37215 特権昇格7.57.4$5k-$25k$0-$5kNot DefinedWorkaround0.876080.00CVE-2017-17215
15Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog 弱い暗号化8.17.1$25k-$100k$0-$5kUnprovenOfficial Fix0.382560.06CVE-2013-1862
16OpenSSH 特権昇格8.47.9$25k-$100k$5k-$25kProof-of-ConceptNot Defined0.000450.00CVE-2008-1483
17Apache HTTP Server mod_http2 サービス拒否5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.046130.04CVE-2016-1546
18D-Link DIR-645 Authentication getcfg.php 情報の漏洩8.68.2$5k-$25k$0-$5kHighOfficial Fix0.000000.02
19Tenda AC10U saveParentControlInfo メモリ破損6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.08CVE-2024-0931
20Tenda AC10U setSmartPowerManagement メモリ破損6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.04CVE-2024-0932

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1154.123.56.191kiboko.telkom.co.keGreenMwizi2024年03月20日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
17TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/api/users/admin/checkpredictive
3File/getcfg.phppredictive
4File/goform/setDeviceSettingspredictive
5File/server-statuspredictive
6File/uncpath/predictive
7File/updown/upload.cgipredictive
8Fileadmin_main.phppredictive
9Fileapi/sms/send-smspredictive
10Filexxxxx/xxxxxxx/xxxxxxxxxxxxxpredictive
11Filexxxx/xxxxxxxxxxxx.xxxpredictive
12Filexx_xxxxxxx/xxxxx.xxx?x=xxx&x=xxxxxxxpredictive
13Filexx-xxxxxx/xxxx/xxxxxx-xxxxxx.xxxpredictive
14Filexxxxxxxxxx/xxxxx.xxxpredictive
15Filexxxxxxx/xxxxxxxxx/xxxxpredictive
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
17Filexxxxxxxx_xxxx.xxxxpredictive
18Filexxxxxxx-xxxxxxx/xxxx/xxxxxx/xxxxxxxx/xxx/xxxxxxxxx/xxxxxx.xxpredictive
19Filexxxxxxx_xxxxxx.xxxpredictive
20Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictive
21Filexxxxxxxxxx.xxxxxpredictive
22Filexxxx_xxxxxx.xxxpredictive
23Filexxxxx.xxxpredictive
24Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictive
25Filexxxxxxx.xxpredictive
26Filexxxx/xxxxxxxxxxxxxx/xxxx_xxxxxxx.xpredictive
27Filexxxx-xxxxxx.xpredictive
28Filexxxxxxxxxxxxxxxx.xxxxpredictive
29Filexxx/xxxxxxxx.xpredictive
30Filexxxxx.xxxpredictive
31Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
32Filexxxxxx/predictive
33Filexxx%xxxxx-xxxxxxxxxxxxx+xxxxxxx/xxxxxxx+xxxxx+xxxx/predictive
34Filexxxxxxxxx.xxxpredictive
35Filexxxxxxxxxxxxxxx/xxxxxxxxxxxxpredictive
36Filexxxxxx.xxxpredictive
37Filexxx_xxxxxx.xxxpredictive
38Filexxxx-xxxxxxx.xxxpredictive
39Filexx-xxxxxxxx/xxxx.xxxpredictive
40File\xxx\xxxxx\xxxxxx.xxxpredictive
41Libraryxxxxxxxxx.xxx/xxxxxxxxx.xxxpredictive
42Libraryxxxxxx.xxxpredictive
43Libraryxxxxxxx.xxx.xx.xxxpredictive
44Argumentxxxxxxpredictive
45Argumentxxx_xxpredictive
46Argumentxxxxxxxpredictive
47Argumentxxxxxxxx/xxxx/xxxxpredictive
48Argumentxxxxxxxpredictive
49Argumentxxxx_xxxxxxxpredictive
50Argumentxxxx/xxxxxxxx xxxx/xxxxx/xxxxxxx/xxxxxxx/xxx xxxxx xxxxxxxxxpredictive
51Argumentxxx[xxxx][xx_xxxx_xxxx]predictive
52Argumentxxxxxxpredictive
53Argumentxxxxxxxxxpredictive
54Argumentxxxxxxxxpredictive
55Argumentxxxxxxxxpredictive
56Argumentxxxxxxxxxxxxxxxxxxxxpredictive
57Argumentxxxxpredictive
58Argumentxxxxx/xxxxxxxxxxxpredictive
59Argumentxxxxxxxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxx/xxxx/xxxxx/xxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxpredictive
60Argumentxxxxxxxx-xxxxxxxxpredictive
61Argumentxxxx_xxpredictive
62Argumentxxxxpredictive
63Argumentxxxxxxxx/xxxxpredictive
64Argumentxxxx->xxxxxxxpredictive
65Argument_xxx_xxxxxxxxxxx_predictive
66Input Value/..predictive
67Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
68Pattern|xx|xx|xx|predictive
69Network Portxxx/xxxx (xxxxx)predictive
70Network Portxxx/xxxxpredictive
71Network Portxxx/xxxxxpredictive
72Network Portxxx/xxx (xxx)predictive
73Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!