Kapeka 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (206)

タイムライン

言語

en160
ru38
it4
zh2
de2

国・地域

us76
pl24
ru18
gb14
ch14

アクター

Kapeka3
Socks5 Systemz1
Sliver1
Charming Kitten1
BumbleBee1

アクティビティ

関心

タイムライン

タイプ

Not Defined44
Operating System16
Database Administration Software14
Web Server14
Programming Language Software10

ベンダー

Not Defined68
Microsoft20
Cisco10
Linux8
Adobe4

製品

phpMyAdmin14
PHP10
Microsoft IIS8
Linux Kernel8
Microsoft Windows6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.57CVE-2020-12440
2phpMyAdmin PMA_safeUnserialize 特権昇格9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004330.00CVE-2016-9865
3phpMyAdmin クロスサイトスクリプティング3.53.4$0-$5k$0-$5kHighOfficial Fix0.003480.02CVE-2014-8958
4Bitrix Site Manager redirect.php 特権昇格5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
5PHP Safe Mode mail 特権昇格7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.015350.00CVE-2002-0985
6Neet AirStream NAS1.1 Configuration Page 未知の脆弱性7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001120.04CVE-2016-10862
7Alt-N MDaemon Worldclient 特権昇格4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
8phpMyAdmin ArbitraryServerRegexp Reuse 特権昇格9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003660.04CVE-2016-6629
9phpMyAdmin Unserialization unserialize 特権昇格9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.009650.00CVE-2016-6620
10phpMyAdmin Central Column Query central_columns.lib.php SQLインジェクション9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003220.00CVE-2016-5703
11phpMyAdmin Git Information GitRevision.php Remote Code Execution9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001900.04CVE-2019-19617
12phpMyAdmin Redirect 特権昇格4.34.1$5k-$25k$0-$5kHighOfficial Fix0.002470.02CVE-2014-9219
13phpMyAdmin import.php クロスサイトスクリプティング4.34.1$5k-$25k$0-$5kHighOfficial Fix0.001500.02CVE-2014-1879
14ApolloTheme AP PageBuilder クロスサイトスクリプティング4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.04CVE-2022-44897
15InfluxDB JWT Token handler.go 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.042370.00CVE-2019-20933
16Seltmann Content Management System index.php SQLインジェクション7.67.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001390.00CVE-2022-47740
17Plohni Advanced Comment System Installation index.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.009970.05CVE-2009-4623
18PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.16CVE-2015-4134
19PHP メモリ破損5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.109590.02CVE-2014-9427
20D-Link DCS-936L info.cgi 情報の漏洩6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006210.04CVE-2018-18441

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
188.80.148.65Kapeka2024年04月23日verified
2XXX.XX.XXX.XXXxxxxx2024年04月23日verified
3XXX.XX.XXX.Xx.xxx.xx.xxx.xxxxxxxxx.xxxx.xxxXxxxxx2024年04月23日verified
4XXX.XXX.XXX.XXXxx-xxxx.xxxxxxxxxxxxx.xxxXxxxxx2024年04月23日verified

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-23Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (84)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/apply.cgipredictive
2File/common/info.cgipredictive
3File/filemanager/upload.phppredictive
4File/index.phppredictive
5File/redbin/rpwebutilities.exe/textpredictive
6File/servicespredictive
7File/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServletpredictive
8File/uncpath/predictive
9Fileadmin/product_category.php?rec=updatepredictive
10Filebug_report_page.phppredictive
11Filexxx/xxxxxxx.xxpredictive
12Filexxx.xxx?xxxxxx=xxxxxxxxxxxxx&xxx=xxpredictive
13Filexxxxxxx.xxxpredictive
14Filexxxxxxx.xxxpredictive
15Filexxxxxxxxxxxxxx.xxxpredictive
16Filexxxxxxxx_xxxxx.xxxpredictive
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
18Filexxxxxx.xxxpredictive
19Filexxxxxxxxx/xxxxxxxxx.xxxpredictive
20Filexxxxxxx.xxxpredictive
21Filexxx/xxxx/xxxx_xxxx.xpredictive
22Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictive
23Filexx/xxxxx/xxxxxx-xxxx.xpredictive
24Filexx/xxxx/xxxxxx.xpredictive
25Filexx/xxxx/xxxxx.xpredictive
26Filexxx_xxx.xxxpredictive
27Filexxxx.xxxpredictive
28Filexxx.xxxxxpredictive
29Filexxxx.xxxpredictive
30Filexxxxxx.xxxpredictive
31Filexxxxx.xxxpredictive
32Filexxxx_xxxx.xxxpredictive
33Filexxxxxx.xpredictive
34Filexxxxxx/xxxx.xpredictive
35Filexxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictive
36Filexxxxxxxxxxxxx.xxxpredictive
37Filexxxxxx.xxxpredictive
38Filexxxxxxx/xxxxxxxxxx/xxxx/xxxxxx.xxxpredictive
39Filexxxxxxx/xxxxxx%xxxxxxx/xxxxxx_xxx.xxx&xxxx=xxxxxxxxxxxxxxxxxx&xxxx=xpredictive
40Filexxx_xxxxx_xxxx.xpredictive
41Filexxxxxxxxxx.xxxpredictive
42Filexxxxxxxx.xxxpredictive
43Filexxxxxx_xxxxxx.xxpredictive
44Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictive
45Filexxxxx.xxxpredictive
46Filexxxxxx.xxxpredictive
47Filexxxx.xxxpredictive
48Filexxxxxx/xxxxxxxxxx/xxx-xxxxx/xxx/xxxxxxx.xxxpredictive
49Filexxxx/xxxxxxxxxxxx.xxxpredictive
50Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictive
51Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
52Filexxxx.xxpredictive
53Libraryxxxxx.xxxpredictive
54Libraryxxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxxpredictive
55Libraryxxxxxx_xxx.xxx.xxxpredictive
56Argument${xxx}predictive
57Argumentxxx_xxxxpredictive
58Argumentxxx_xxpredictive
59Argumentxxx_xxxxpredictive
60Argumentxxxxpredictive
61Argumentxxxx_xxpredictive
62Argumentxxxxxxxxxxxpredictive
63Argumentxxxxxxxpredictive
64Argumentxxxpredictive
65Argumentxxxxpredictive
66Argumentxxxxxx_xxxx_xxxpredictive
67Argumentxxpredictive
68Argumentxxxx_xxpredictive
69Argumentxxxpredictive
70Argumentx_xxpredictive
71Argumentxxxxxxxxxpredictive
72Argumentxxxxxxxxpredictive
73Argumentxxxxx[x]predictive
74Argumentxxxxxxxxpredictive
75Argumentxxxxxxxpredictive
76Argumentxxxx_xxxxxxpredictive
77Argumentxxxxxx_xxxxpredictive
78Argumentxxxpredictive
79Argumentxxxxxxxxpredictive
80Argumentxxxxxxxxpredictive
81Argumentxxxxxxxxpredictive
82Input Value::$xxxxx_xxxxxxxxxxpredictive
83Input Valuexxxxxxxxpredictive
84Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!