Grobios 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (20)

言語

en	16
zh	4

国・地域

us	14
cn	6

アクター

TA505	2
APT28	2
APT29	1
Ammyy (SettingContent-MS)	1
IcedID	1

関心

タイプ

Not Defined	10
Web Server	2
WordPress Plugin	2
Automation Software	2
Content Management System	2

ベンダー

Not Defined	8
Microsoft	2
WSO2	2
Ametys	2
Fengoffice	2

製品

Microsoft IIS	2
Kentico	2
NotificationX Plugin	2
WSO2 API Manager	2
WSO2 Identity Server	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Adobe Dreamweaver 特権昇格	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00057	0.03	CVE-2021-21055
2	Atmail Remote Code Execution	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00251	0.04	CVE-2013-5033
3	WSO2 API Manager File Upload 特権昇格	9.8	9.8	$0-$5k	$0-$5k	High	Not Defined	0.97306	0.07	CVE-2022-29464
4	Keysight IXIA Hawkeye licenses クロスサイトスクリプティング	4.4	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00083	0.07	CVE-2023-1860
5	Microsoft IIS クロスサイトスクリプティング	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.00	CVE-2017-0055
6	PHP PHAR phar.c phar_parse_pharfile 情報の漏洩	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00576	0.04	CVE-2018-20783
7	NotificationX Plugin SQL Statement SQLインジェクション	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02414	0.04	CVE-2022-0349
8	Ametys CMS auto-completion Plugin en.xml 情報の漏洩	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00606	0.07	CVE-2022-26159
9	Joomla CMS Password Reset 特権昇格	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00207	0.00	CVE-2012-1598
10	Joomla CMS Password Reset 弱い暗号化	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01699	0.00	CVE-2011-4321
11	Joomla CMS Web Server Configuration クロスサイトスクリプティング	5.2	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2019-7742
12	Microweber controller.php 情報の漏洩	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01002	0.00	CVE-2020-13405
13	Fengoffice Feng Office クロスサイトスクリプティング	4.3	4.3	$0-$5k	$0-$5k	High	Unavailable	0.00192	0.00	CVE-2014-5343
14	Wargaming World of Warships Replay Remote Code Execution	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00517	0.05	CVE-2022-31265
15	WordPress WP_Query SQLインジェクション	6.3	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.94585	0.00	CVE-2022-21661
16	ISPConfig SQLインジェクション	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00152	0.03	CVE-2021-3021
17	Kentico CMS File Upload 特権昇格	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00249	0.03	CVE-2018-19453
18	Kentico File Upload 特権昇格	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00138	0.02	CVE-2019-19493

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	169.239.129.17	rns.za.zappiehost.com	Grobios		2018年05月17日	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	高
2	T1068		CWE-264	Execution with Unnecessary Privileges	predictive	高
3	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	高
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/licenses	predictive	中
2	File	/uncpath/	predictive	中
3	File	xxx/xxxx/xxxx.x	predictive	高
4	File	xxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxx	predictive	高
5	File	xxxxxxxxx/xxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxxxxx.xxx	predictive	高
6	Argument	xx_xx	predictive	低
7	Argument	xxxx	predictive	低
8	Input Value	xxxxx"><xxxxxx>xxxxx(%xxxxxxxxxxxx%xx)</xxxxxx>	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!