Karakurt 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

zh106
en104
fr94
ru88
pl86

国・地域

fr94
ru88
pl86
it78
ar78

アクター

Karakurt1
Emotet1
Cobalt Strike1

アクティビティ

関心

タイムライン

タイプ

Not Defined76
WordPress Plugin32
E-Commerce Management Software6
Content Management System4
Web Browser2

ベンダー

Not Defined30
Tenda24
Dell4
Apache4
Kashipara4

製品

Tenda W15E8
Tenda TX94
Tenda AX18064
MailCleaner4
Kashipara Online Furniture Shopping Ecommerce Webs ...4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Apryse WebViewer PDF Document クロスサイトスクリプティング3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.13CVE-2024-4327
2MailCleaner Email 特権昇格9.89.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.13CVE-2024-3191
3osCommerce all-products クロスサイトスクリプティング4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.16CVE-2024-4348
4MailCleaner Admin Interface クロスサイトスクリプティング6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.09CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.22CVE-2024-4349
6MailCleaner Admin Endpoints 特権昇格8.88.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.03CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin 特権昇格6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
8Extend Themes Teluro Plugin 未知の脆弱性4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-33688
9Apache HTTP Server mod_lua Multipart Parser r:parsebody メモリ破損8.58.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.088080.03CVE-2021-44790
10Elementor ImageBox Plugin クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-3074
11Dell Wyse Proprietary OS Telemetry Dashboard 情報の漏洩4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-28963
12Apache Parquet Parquet-MR サービス拒否3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2021-41561
13Foliovision FV Flowplayer Video Player Plugin 特権昇格5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-32955
14Dell Repository Manager API Module 特権昇格8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-28976
15Jegstudio Financio Plugin 未知の脆弱性4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-33690
16Pavex Embed Google Photos Album Plugin 特権昇格5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32775
17ThemeNcode Fan Page Widget by Plugin クロスサイトスクリプティング4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
18AnnounceKit Plugin クロスサイトスクリプティング2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
19Repute Infosystems ARMember Plugin 特権昇格7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948
20Dell Repository Manager Logger Module 特権昇格3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-28977

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
11.116.139.11Karakurt2022年06月01日verified
25.45.83.32Karakurt2022年06月01日verified
323.99.177.202Karakurt2022年06月01日verified
431.14.40.64Karakurt2022年06月01日verified
537.252.0.143Karakurt2022年06月01日verified
6XX.X.XXX.XXXxxxxxxx2022年06月01日verified
7XX.XXX.XX.XXXXxxxxxxx2022年06月01日verified
8XX.XXX.XXX.XXX.Xxxxxxxx2022年06月01日verified
9XX.XXX.XX.XXXXxxxxxxx2022年06月01日verified
10XX.XX.XXX.XXxxxxxxx2022年06月01日verified
11XX.XXX.XXX.XXXxxxxxxx2022年06月01日verified
12XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxx.xxxxxxxxxxxxx.xxXxxxxxxx2022年06月01日verified
13XX.XXX.XXX.XXxxxx-xx-xxx-xxx-xx.xxxxxxx.xxXxxxxxxx2022年06月01日verified
14XXX.XXX.X.XXXXxxxxxxx2022年06月01日verified
15XXX.XXX.XX.XXXxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx2022年06月01日verified
16XXX.XXX.XX.XXXXxxxxxxx2022年06月01日verified
17XXX.XXX.XXX.XXXXxxxxxxx2022年06月01日verified
18XXX.XXX.XX.XXXXxxxxxxx2022年06月01日verified
19XXX.XXX.X.XXXXxxxxxxx2022年06月01日verified
20XXX.XX.XXX.XXXxxxxxxx2022年06月01日verified
21XXX.X.XXX.XXxxxxxxxxxx.xx-xxxx.xxXxxxxxxx2022年06月01日verified
22XXX.XXX.XX.XXXxxxxxxx2022年06月01日verified
23XXX.XXX.XXX.XXXXxxxxxxx2022年06月01日verified

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/catalog/all-productspredictive
2File/changePasswordpredictive
3File/forum/away.phppredictive
4File/goform/addIpMacBindpredictive
5File/goform/DelDhcpRulepredictive
6File/goform/delIpMacBindpredictive
7File/goform/DelPortMappingpredictive
8File/goform/modifyDhcpRulepredictive
9File/goform/modifyIpMacBindpredictive
10File/xxxxxx/xxxxxxxxxxxxpredictive
11File/xxxxxx/xxxxxxxxxxpredictive
12File/xxxxxx/xxxxxxxxxpredictive
13File/xxxxxx/xxxxxxxxxxxxxxxxpredictive
14File/xxxxxx/xxxxxxxxxxxxxxpredictive
15File/xxxxxx/xxxxxxxxxxxxxxpredictive
16File/xxxxxx/xxxxxxxxxxxxxpredictive
17File/xxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
18File/xxxxxx/xxxxxxxxxxxpredictive
19File/xxxxxx/xxxxxxxxxx.xxxpredictive
20File/xxxxxxxxxxx.xxx/xxxxxxxxpredictive
21File/xxxxxx_xx.xxxpredictive
22File/xxxxxxxx.xxxpredictive
23File/xxx/xxxxxxx/xxxpredictive
24File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictive
25File/xxxx/xxxxxx_xxx.xxxpredictive
26Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictive
27Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictive
28Filexxxxxxxxxxxx.xxxpredictive
29Filexxxxxxxxxxxxxxxxxxx.xxxpredictive
30Filexxxxx.xxxpredictive
31Filexxxxxxx/xxxxxxxx.xxxpredictive
32Filexx/xxxxxx/xxxxxxxxxxpredictive
33Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictive
34Filexxxxx.xxxpredictive
35Filexxxxxxxx.xxxpredictive
36Filexxx.xxpredictive
37Filexxxxxxxx.xxxpredictive
38Filexxxxxxxx.xxxpredictive
39Filexxxxxxxxxxxxxxx.xxxpredictive
40Filexxxx-xxxxxxxx.xxxpredictive
41Argumentxxxxx_xxxxxpredictive
42Argumentxxxxxxxxxxxxxpredictive
43Argumentxxxpredictive
44Argumentxxxxxxxxx[x]predictive
45Argumentxxxxxxxxxpredictive
46Argumentxxxxxxxxxxxxpredictive
47Argumentxxxxxxxxxxpredictive
48Argumentxxxxxxxpredictive
49Argumentxxxxpredictive
50Argumentxxxxxxxxxxxxxxxxxxxxxxpredictive
51Argumentxx/xxxxpredictive
52Argumentxxxxxxxpredictive
53Argumentxxpredictive
54Argumentxxpredictive
55Argumentxxxxxxxxxxxxxxpredictive
56Argumentxxxxxxxxxxxxxpredictive
57Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
58Argumentxxxxpredictive
59Argumentxxxxxxxxxxpredictive
60Argumentxxxxxxxxxxxxpredictive
61Argumentxx_xxxxxx_xxxxxxxxxxxxpredictive
62Argumentxx_xxxxxpredictive
63Argumentxxxxpredictive
64Argumentxxxx/xxxxxx/xxxxxxxpredictive
65Argumentxxxxxxxxxxxxxxxxpredictive
66Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictive
67Argumentxxxxxxpredictive
68Argumentxxxxxxxxpredictive
69Argumentxxxxxxxxxxxxxxxxxxpredictive
70Argumentxxxxxxxxxxpredictive
71Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictive
72Argumentxxxxxxxxxpredictive
73Argumentxxxxxxxxxxxxxxxxpredictive
74Argumentxxxxpredictive
75Argumentxxxxxxxxxxpredictive
76Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!