Icloader 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (131)

タイムライン

言語

en100
ru22
de8
es2

国・地域

ru100
us18
ua10
de2

アクター

Dfni2
BEAR1
GreyEnergy1
Dridex1
Clop1

アクティビティ

関心

タイムライン

タイプ

Not Defined52
Operating System12
Content Management System6
Web Server6
Cloud Software4

ベンダー

Not Defined40
Microsoft18
HP4
Apache4
VMware2

製品

Microsoft Windows8
PHP Everywhere Plugin4
openmosix2
VMware Spring Cloud Function2
OkayCMS2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Microsoft Windows Advanced Local Procedure Call Privilege Escalation9.28.7$25k-$100k$5k-$25kFunctionalOfficial Fix0.006830.02CVE-2023-21674
2IBM Security AppScan Enterprise Enterprise Source Database 弱い暗号化9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.000820.00CVE-2013-3989
3raspap-webgui activate_ovpncfg.php 特権昇格8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.899660.00CVE-2022-39986
4Microsoft Windows Kernel Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000530.00CVE-2022-21881
5Microsoft Windows SMB Witness Service 特権昇格8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.001200.03CVE-2023-21549
6Microsoft SQL Server Privilege Escalation8.17.4$25k-$100k$0-$5kUnprovenOfficial Fix0.000430.05CVE-2022-23276
7PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.02CVE-2022-24663
8HP 3PAR Service Processor SP 情報の漏洩4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.001100.00CVE-2015-5443
9Oracle Java SE/Java SE Embedded Deployment メモリ破損10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.014720.03CVE-2013-5788
10WooCommerce PayU India Payment Gateway Plugin Purchase Price 特権昇格6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001140.05CVE-2019-14978
11WooCommerce Instamojo Payment Gateway Plugin Purchase amount Price 特権昇格7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.00CVE-2019-14977
12Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
13Omron CX-One CX-Programmer Password Storage 情報の漏洩5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2015-0988
14Apache HTTP Server smbvalid/smbval authensmb メモリ破損10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.001330.02CVE-1999-1237
15Add Link to Facebook Plugin profile.php クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000570.03CVE-2018-5214
16openmosix libmosix.c this メモリ破損4.04.0$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2008-1865
17Netgate pfSense XML File config.xml restore_rrddata 特権昇格5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.459280.01CVE-2023-27253
18User Post Gallery Plugin 特権昇格8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.051920.00CVE-2022-4060
19eSST Monitoring 特権昇格7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2023-41631
20Joomla Webservice Endpoint 特権昇格5.45.4$5k-$25k$5k-$25kNot DefinedNot Defined0.952140.06CVE-2023-23752

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.149.248.134Icloader2022年04月08日verified
2XXX.XX.XXX.XXxxxxxx-xx.xxx.xxXxxxxxxx2022年04月08日verified
3XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx2022年04月08日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-137CWE-88, CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-49CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictive
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/ajax/openvpn/activate_ovpncfg.phppredictive
2File/objects/getImageMP4.phppredictive
3File/payu/icpcheckout/predictive
4File/uncpath/predictive
5Fileadmin.phppredictive
6Fileasn1fix_retrieve.cpredictive
7Filebigsam_guestbook.phppredictive
8Filebooks.phppredictive
9Filecard/pay/.../amountpredictive
10Filexxxxxxxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxxxxx.xxxpredictive
13Filexxxxxx.xxxpredictive
14Filexx/xx_xxxxxxx.xxxpredictive
15Filexxxxxxxx.xxxpredictive
16Filexxxxxxx/xxxx/xxxxxx/xxxxxxx.xpredictive
17Filexxxxx.xxxpredictive
18Filexxxxxxxx.xxxpredictive
19Filexxxxxxx.xxxpredictive
20Filexxxxxxxxx.xxxpredictive
21Filexxx/xxxxxx.xxxpredictive
22Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictive
23Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictive
24Filexxxx_xxxx.xxxpredictive
25Filexxxxxxxx.xpredictive
26Filexxxxxxxx.xxxpredictive
27Filexxx/xxxx/xxxx_xxxx.xpredictive
28Filexxxx.xxxxxx.xxpredictive
29Filexxx/xxxxx.xxxxpredictive
30Filexxxxx-xxxxxxx.xxxpredictive
31Filexxxxxxx.xxxpredictive
32Filexxxx.xxxpredictive
33Filexxxxxxx.xxxpredictive
34Filexxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxxpredictive
35Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
36Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictive
37Filexxxxxxx-xxxxxxx.xxxpredictive
38Filexx/xx/xxxxxxxxx_xxxxxxxxxxx.xxxpredictive
39Filexxxx.xxxpredictive
40Filexxxx/xxxxxxxxxxxx.xxxpredictive
41Filexxx.xxxxxxxx.xxxpredictive
42Filexxxxxxxx.xxxpredictive
43Filexx-xxxxx/xxxxxxx.xxxpredictive
44Libraryxxxxxx.xxxpredictive
45Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictive
46Libraryxxxxxxxx.xxx.xxxpredictive
47Argumentxxxxx_xxxxxxxx_xxpredictive
48Argumentxxxxxxxxxpredictive
49Argumentxxxxxxxxpredictive
50Argumentxxxxxxpredictive
51Argumentxxx_xxxpredictive
52Argumentxxxpredictive
53Argumentxxx_xxpredictive
54Argumentxxx_xxpredictive
55Argumentxxxpredictive
56Argumentxxxx_xxpredictive
57Argumentxxxxxxxxpredictive
58Argumentxxpredictive
59Argumentxxpredictive
60Argumentxxxxpredictive
61Argumentxxxx_xxpredictive
62Argumentxxpredictive
63Argumentxxxxxxxxxxxxxxxxpredictive
64Argumentxxxxxx/xxxxxx_xxxxxxpredictive
65Argumentxxxxxxpredictive
66Argumentxxxxpredictive
67Argumentxxxxxxxpredictive
68Argumentxxx_xxpredictive
69Argumentxxxpredictive
70Argumentxxxxpredictive
71Argumentxxxxxpredictive
72Argumentxxxpredictive
73Argumentxxxxxxpredictive
74Argumentxxxxxxxxpredictive
75Argumentxxxxxxxx/xxxxpredictive
76Argumentxxxxxxxx:xxxxxxxxpredictive
77Input Valuexxx[…]predictive
78Input Valuexxxxxxxxx:xxxxxxxxpredictive
79Network Portxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!