KillSomeOne 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (378)

言語

en	300
de	64
fr	4
es	4
zh	2

国・地域

us	144
gb	2

アクター

Lazarus	1
KillSomeOne	1
Dridex	1
IcedID	1
Bumblebee	1

関心

タイプ

Not Defined	18
Operating System	8
Programming Language Software	4
Cloud Software	2
Content Management System	2

ベンダー

Microsoft	8
Not Defined	8
ZyXEL	4
DZCP	2
Thomas R. Pasawicz	2

製品

Microsoft Windows	8
PHP	2
Tiki	2
DZCP deV!L`z Clanportal	2
ZyXEL NAS 326	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.55	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
3	jforum User 特権昇格	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.05	CVE-2019-7550
4	MGB OpenSource Guestbook email.php SQLインジェクション	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	1.06	CVE-2007-0354
5	Devilz Clanportal index.php SQLインジェクション	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00784	0.00	CVE-2006-3347
6	DZCP deV!L`z Clanportal browser.php 情報の漏洩	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	1.00	CVE-2007-1167
7	Devilz Clanportal File Upload 未知の脆弱性	5.3	4.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05362	0.07	CVE-2006-6338
8	Lars Ellingsen Guestserver guestserver.cgi 特権昇格	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00266	0.07	CVE-2001-0180
9	YaBB yabb.pl クロスサイトスクリプティング	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01240	0.04	CVE-2004-2402
10	Tiki Admin Password tiki-login.php 弱い認証	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.71	CVE-2020-15906
11	jforum クロスサイトスクリプティング	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00118	0.00	CVE-2012-5337
12	Lars Ellingsen Guestserver guestbook.cgi クロスサイトスクリプティング	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00169	0.07	CVE-2005-4222
13	WoltLab Burning Book addentry.php SQLインジェクション	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.00804	0.02	CVE-2006-5509
14	PHP phpinfo クロスサイトスクリプティング	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02101	0.04	CVE-2007-1287
15	Microsoft Windows Runtime Remote Code Execution	8.1	7.4	$100k 以上	$5k-$25k	Unproven	Official Fix	0.40028	0.05	CVE-2022-21971
16	Jasper imginfo bmp_dec.c bmp_getdata サービス拒否	5.4	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00314	0.00	CVE-2016-8690
17	Devilz Clanportal SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00684	0.08	CVE-2006-6339
18	ZyXEL NAS 326 Python Web Server 特権昇格	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00197	0.04	CVE-2019-10633
19	ZenPhoto 特権昇格	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00391	0.00	CVE-2018-0610
20	Microsoft Windows Kernel-Mode Driver win32k 特権昇格	7.0	6.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00056	0.00	CVE-2016-3309

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	160.20.147.254		KillSomeOne		2021年05月31日	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	addentry.php	predictive	中
2	File	admin_add.php	predictive	高
3	File	assets/add/registrar-accounts.php	predictive	高
4	File	data/gbconfiguration.dat	predictive	高
5	File	xxxxx.xxx	predictive	中
6	File	xxxxxxxxx.xxx	predictive	高
7	File	xxxxxxxxxxx.xxx	predictive	高
8	File	xxx/xxxxxx.xxx	predictive	高
9	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	高
10	File	xxxxx.xxx	predictive	中
11	File	xxxxxxxxx/xxx/xxx_xxx.x	predictive	高
12	File	xxxx.xxx	predictive	中
13	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	高
14	File	xxxx-xxxxx.xxx	predictive	高
15	File	xxxxx.xxx	predictive	中
16	File	xxxx.xx	predictive	低
17	Library	xxxxxx	predictive	低
18	Argument	xx_xxxxx_xxx_xxxx	predictive	高
19	Argument	xxxxxxxx	predictive	中
20	Argument	xxxxx	predictive	低
21	Argument	xxxxx	predictive	低
22	Argument	xxxx	predictive	低
23	Argument	xx	predictive	低
24	Argument	xxx	predictive	低
25	Argument	xxx	predictive	低
26	Argument	xxxxxxxx/xxxxxxxx xx/xxxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!