JAFF 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (462)

タイムライン

言語

en396
ru36
de10
fr6
zh4

国・地域

us186
ru166
lv24
be8
de8

アクター

JAFF20
Locky5
Cobalt Strike4
YKCOL (Locky Variant)2
RedLine Stealer2

アクティビティ

関心

タイムライン

タイプ

Not Defined162
Operating System22
Router Operating System16
Programming Language Software16
Web Server14

ベンダー

Not Defined160
Microsoft24
Linux16
Google8
SourceCodester6

製品

Linux Kernel16
PHP12
Microsoft Office6
nginx4
CentOS Web Panel4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track 未知の脆弱性4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
2PHP Link Directory Administration Page index.html クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.19CVE-2007-0529
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
4MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013020.49CVE-2007-0354
5LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.84
6Esoftpro Online Guestbook Pro ogp_show.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.23CVE-2009-4935
7phpMyAdmin phpinfo.php 情報の漏洩5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001420.05CVE-2016-9848
8LushiWarPlaner register.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.008210.05CVE-2007-0864
9Flat PHP Board ディレクトリトラバーサル3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.01
10Simple PHP Guestbook guestbook.php クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
11212cafe 212cafeboard view.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.000640.06CVE-2008-4713
12Tenda AC15/AC1900 setUsbUnload 特権昇格8.58.5$0-$5k$0-$5kHighNot Defined0.961830.03CVE-2020-10987
13FreeBSD Ping pr_pack メモリ破損7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-23093
14Googlemaps Plugin plugin_googlemap2_proxy.php サービス拒否6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.006040.03CVE-2013-7428
15nginx SPDY メモリ破損7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.037110.04CVE-2014-0133
16Apache Spark UI 特権昇格7.17.0$5k-$25k$0-$5kHighOfficial Fix0.972820.00CVE-2022-33891
17HP Router/Switch SNMP 情報の漏洩3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002850.05CVE-2012-3268
18Microsoft Outlook Email Message 特権昇格5.95.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.006090.02CVE-2017-0204
19PHP unserialize メモリ破損7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.000000.05
20Lars Ellingsen Guestserver guestbook.cgi クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.15CVE-2005-4222

IOC - Indicator of Compromise (37)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
16.43.51.17Jaff2019年02月01日verified
227.254.44.204JAFF2018年01月01日verified
331.202.130.2031-202-130-20-kh.maxnet.uaJAFF2018年01月01日verified
437.59.41.180ns3002298.ip-37-59-41.euJAFF2018年01月01日verified
546.17.46.214JAFF2018年01月01日verified
646.173.219.234JAFF2018年01月01日verified
747.91.107.213JAFF2018年01月01日verified
877.73.67.163JAFF2018年01月01日verified
9XX.XXX.XX.XXXxx-xxx-xx-xxx.xxx-xxx.xxxxxxx.xxxxxxxx.xxXxxx2018年01月01日verified
10XX.XXX.XXX.XXXXxxx2018年01月01日verified
11XX.XXX.XXX.XXxxx-xxxxxxxxxxx.xxxxxxxx.xxx.xxXxxx2018年01月01日verified
12XX.XXX.XX.XXxxxxxxxxxxx.xxxxxx.xxxXxxx2018年01月01日verified
13XX.XXX.XX.XXXXxxx2018年01月01日verified
14XX.XXX.XXX.XXXxxx2018年01月01日verified
15XX.XXX.XXX.XXXXxxx2018年01月01日verified
16XX.XX.XXX.XXxxxxxxx.xxXxxx2018年01月01日verified
17XX.XXX.XX.XXxxxx.xxxxx.xxXxxx2018年01月01日verified
18XX.XXX.XXX.XXXxxx2018年01月01日verified
19XX.XXX.XX.XXxxxxxxx.xxxxxxxxxxx.xxxxxx.xxXxxx2018年01月01日verified
20XX.XXX.XX.XXxxxxxxxxx.xxxxxxxxxx.xxxXxxx2018年01月01日verified
21XX.XXX.XXX.XXxxxxxx-xx.xxxxxxx.xxxXxxx2018年01月01日verified
22XX.XXX.XXX.XXXXxxx2018年01月01日verified
23XXX.XXX.XX.XXXXxxx2018年01月01日verified
24XXX.XXX.XX.XXxxxx-xxx-xxx-xx-xx.xxxxxx-xx-xxxxxx.xxXxxx2018年01月01日verified
25XXX.XXX.XX.XXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxx2018年01月01日verified
26XXX.X.XX.XXXxx.xxxxxxx.xxxXxxx2018年01月01日verified
27XXX.XX.XXX.XXXxxx.xxx-xxxxxx.xxXxxx2018年01月01日verified
28XXX.XXX.XXX.XXXXxxx2018年01月01日verified
29XXX.XXX.XXX.XXXXxxx2018年01月01日verified
30XXX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxx2018年01月01日verified
31XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxx.xxXxxx2018年01月01日verified
32XXX.XXX.XXX.XXXxxxx.xxxxxxxxxx.xxXxxx2018年01月01日verified
33XXX.XXX.XXX.XXxxxx.xxxxxxxxxxxxx.xxxxxXxxx2018年01月01日verified
34XXX.XXX.XXX.XXXxxx-xxxxxxxxx-xxxxx.xxxxx-xxxxxxxx.xxxXxxx2018年01月01日verified
35XXX.XXX.XXX.XXXXxxx2018年01月01日verified
36XXX.XX.XX.XXXxxx2018年01月01日verified
37XXX.XX.XXX.XXXxxx2018年01月01日verified

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
14TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
19TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
20TXXXX.XXXCAPEC-59CWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (207)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/admin/maintenance/view_designation.phppredictive
3File/category/list?limit=10&offset=0&order=descpredictive
4File/cgi-bin/login_action.cgipredictive
5File/cgi-bin/supervisor/PwdGrp.cgipredictive
6File/cgi-bin/touchlist_sync.cgipredictive
7File/classes/Master.php?f=delete_brandpredictive
8File/diag_ping_admin.asppredictive
9File/forum/away.phppredictive
10File/forum/PostPrivateMessagepredictive
11File/goform/formSysCmdpredictive
12File/HNAP1predictive
13File/owa/auth/logon.aspxpredictive
14File/pages/systemcall.php?command={COMMAND}predictive
15File/phppath/phppredictive
16File/setSystemAdminpredictive
17File/shellpredictive
18File/spip.phppredictive
19File/SSOPOST/metaAlias/%realm%/idpv2predictive
20File/uncpath/predictive
21File/user/loader.php?api=1predictive
22File/usr/bin/pkexecpredictive
23File/webpages/datapredictive
24File/wp-admin/options.phppredictive
25File/xxx-xxx-xxxxx/xxxx/xxxpredictive
26File/__xx/predictive
27Filexxxxxxx.xxxpredictive
28Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
29Filexxxxx/xxxxxxxx.xxxpredictive
30Filexxxxx/xxxxx.xxxpredictive
31Filexxxxxxx.xxx?xxx=xxxxxpredictive
32Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictive
33Filexxxx/xxx/xxxx/xxxxxxxxxxxxxxxpredictive
34Filexxxx/xxx/xxxx/xxxxxxxxxxxpredictive
35Filexxx/xxxxxxxxxxx/xxxxxxx_xxxxxxxxxx.xxpredictive
36Filexxxx-xxxx.xpredictive
37Filexxxx.xxxpredictive
38Filexxxxxxxx.xxxpredictive
39Filexxxxxxxxxxx_xxxxxx.xxxpredictive
40Filexxxx.xpredictive
41Filexxxx.xxxpredictive
42Filexxxxxxxxxxx.xxxpredictive
43Filexxxxxx-xxxxxxxx.xxxpredictive
44Filexxx-xxx/predictive
45Filexxx-xxx/xxxx_xxxx.xxxpredictive
46Filexxx_xxxx.xpredictive
47Filexx_xxxx.xxxpredictive
48Filexxxxxxxxx.xxxpredictive
49Filexxxxxxxxxxx/xxxxxx.xxxpredictive
50Filexxxxxx/xx/xx_xxxx.xpredictive
51Filexxxxxx.xxxpredictive
52Filexxxxxx.xpredictive
53Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
54Filexxxxxxxx.xxxpredictive
55Filexxxxxxxx_xxxx_xxxxxxxxxx.xxxxpredictive
56Filexxxxxxx/xxxxx/xxxxxx/xxxxxx-xxxxxxx.xpredictive
57Filexxxxx_xxxxxxxxxx.xpredictive
58Filexxxxx.xxxpredictive
59Filexxxxx-xxxxxx.xxxpredictive
60Filexxxx_xxxxxxxx.xxxpredictive
61Filexxxxxxxx.xxxpredictive
62Filexxx_xxxxxxxxxxx.xxxpredictive
63Filexxxxxx/xxxxxxxxxxxxpredictive
64Filexxxx.xxxpredictive
65Filexxxxxxxxx.xxxpredictive
66Filexxxxxxxxx.xxxpredictive
67Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictive
68Filexxx/xxxxxx.xxxpredictive
69Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
70Filexxxxxxxx/xxxxxxxxx.xxxpredictive
71Filexxxxx.xxxxpredictive
72Filexxxxx.xxxpredictive
73Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictive
74Filexxxxxxxxx/xxxxxxxxxpredictive
75Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictive
76Filexxxx.xxxpredictive
77Filexx.xxxpredictive
78Filexxxxxxxxxxxx/xxxxxxxxx.xpredictive
79Filexxxxxxxx.xxxpredictive
80Filexxx_xxxx.xxxpredictive
81Filexxx_xxxxx_xxxx.xpredictive
82Filexxx/xxxxxxxxx/xx_xxxxxxxxx_xxx.xpredictive
83Filexxxx.xxxpredictive
84Filexxx_xxxx.xxxpredictive
85Filexxx.xpredictive
86Filexxxxxxxxxxxxxxx.xxxpredictive
87Filexxx-xxxxxxxxx-xxxxxxxxxx-xxxxxx/xxxxx.xxxpredictive
88Filexxx.xxxpredictive
89Filexxxxxxx.xxxpredictive
90Filexxxxxx_xxxxxxxxxx_xxxxx.xxxpredictive
91Filexxxxxx.xpredictive
92Filexxxxxxx.xxxpredictive
93Filexxxxxxx.xxx?xx=xxx_xxxxxxxxpredictive
94Filexxxx.xxxpredictive
95Filexxxxx.xxxpredictive
96Filexxxxxxxx.xxxpredictive
97Filexxxxxxxx.xxxpredictive
98Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
99Filexxxxxxxx_xxxx.xxxpredictive
100Filexxx.xxxpredictive
101Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
102Filexxx_xxxx_xxxxxxxxx.xxpredictive
103Filexxx.xpredictive
104Filexxxxxx.xxpredictive
105Filexxxxxxxxxxxxx.xxxpredictive
106Filexxxxxxxxxx.xxxpredictive
107Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictive
108Filexxx_xxxxxx_xxx.xxxpredictive
109Filexxxx/xxxxxxxxxx.xxxpredictive
110Filexxxxxxx.xxxpredictive
111Filexxxxxxxx-xxxxxxxx-xxxxxxxx.xxxpredictive
112Filexxxxxx.xxxpredictive
113Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
114Filexxxx.xxxpredictive
115Filexxxxxx.xxxpredictive
116Filexxxxxxx.xxxpredictive
117Filexxx/xxxxx/xxxxx.xxxpredictive
118Filexxxxxxxx.xxxpredictive
119Filexxxxxxx.xxxpredictive
120Library/xxxxxxx/xxxxx/xxx.xxxpredictive
121Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxx.xxxpredictive
122Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxpredictive
123Argumentxxxxxxpredictive
124Argumentxxxxxxxpredictive
125Argumentxxxxxxxxxpredictive
126Argumentxxxxxxxpredictive
127Argumentxxxxxxxxpredictive
128Argumentxxxxx xxxxpredictive
129Argumentxxxpredictive
130Argumentxxxxxxxxpredictive
131Argumentxxxxxx/xxxxpredictive
132Argumentxxxxxxxpredictive
133Argumentxxxxxxxxxpredictive
134Argumentxxxxxxxxxxxxxpredictive
135Argumentxxxxxxxxxxxxxxxxpredictive
136Argumentxxxxpredictive
137Argumentxxxxxxxxxxxpredictive
138Argumentxxxxxxxxxxpredictive
139Argumentxxxxxxxpredictive
140Argumentxxxxxpredictive
141Argumentxxxxpredictive
142Argumentxxxxxxxxpredictive
143Argumentxxxxxpredictive
144Argumentxxxxpredictive
145Argumentxxxxpredictive
146Argumentxxpredictive
147Argumentxxxxxpredictive
148Argumentxxpredictive
149Argumentxxxxpredictive
150Argumentxxxxxxxxpredictive
151Argumentxxxxxxxxpredictive
152Argumentxxxxpredictive
153Argumentxxxx/xxxxxxpredictive
154Argumentxxxxxxxxpredictive
155Argumentxxxxxxxxpredictive
156Argumentxxxx_xxxxpredictive
157Argumentxxxxx_xxxx_xxxxpredictive
158Argumentxxxxxxxxpredictive
159Argumentxxxxxxxx_xxxxxpredictive
160Argumentxxxpredictive
161Argumentxxxxxxxxpredictive
162Argumentxxxxxx_xxxxpredictive
163Argumentxxxxxxxxxxxxxxpredictive
164Argumentxxxxxxxxpredictive
165Argumentxxxxxxxxxpredictive
166Argumentxxxx_xxxxpredictive
167Argumentxxxxxxxxxxxpredictive
168Argumentxxxxxxxpredictive
169Argumentxxxxxxx_xxxxx/xxxxxxx_xxxxxxx/xxxxxxx_xxxxxxxxxx/xxxxxxx_xxxxpredictive
170Argumentxxxxxxxxxpredictive
171Argumentxxpredictive
172Argumentxxxxpredictive
173Argumentxxxxxxxpredictive
174Argumentxxxxxxx/xxxxxxxpredictive
175Argumentxxxxxxpredictive
176Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictive
177Argumentxxxx_xxxxxxxxpredictive
178Argumentxxxxpredictive
179Argumentxxxpredictive
180Argumentxxxxxxxxxx_xxxx_xxxxxxxpredictive
181Argumentxxxxxpredictive
182Argumentxxxxxxxxxxxxxxxpredictive
183Argumentxxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxpredictive
184Argumentx_xxxxxxpredictive
185Argumentxxxxpredictive
186Argumentxxxxx_xxxxxpredictive
187Argumentxxxpredictive
188Argumentxxxpredictive
189Argumentxxxxpredictive
190Argumentxxxxxxxxpredictive
191Argumentxxxxxpredictive
192Argumentxxxxxpredictive
193Argumentxxxxx_xxx_xxx_xxpredictive
194Argumentxxxxpredictive
195Argumentxxxxxpredictive
196Argumentxxxxxxpredictive
197Argumentxxxx->xxxxxxxpredictive
198Argumentx-xxxxxxxxx-xxxxxxpredictive
199Argument_xxxxxxxpredictive
200Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictive
201Input Value../predictive
202Input Value/%xxpredictive
203Pattern|xx|xx|xx|predictive
204Network Portxxx/xxxxpredictive
205Network Portxxx/xxxxxpredictive
206Network Portxxx/xxx (xxx)predictive
207Network Portxxx/xxx (xxxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!