MagnetGoblin 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (146)

タイムライン

言語

en118
zh14
de4
ja4
es4

国・地域

us60
cn22
es2
ru2

アクター

MagnetGoblin3
DCRat2
Bashlite2
DarkComet2
Mirai2

アクティビティ

関心

タイムライン

タイプ

Not Defined66
Operating System8
WordPress Plugin6
Content Management System4
Image Processing Software4

ベンダー

Not Defined36
Microsoft8
Adobe6
IBM4
Vaerys-Dawn2

製品

Microsoft Windows6
Vaerys-Dawn DiscordSailv22
QNAP Multimedia Console2
QNAP QTS2
QNAP Media Streaming Add-on2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1PHP Link Directory Administration Page index.html クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.41CVE-2007-0529
2Esoftpro Online Guestbook Pro ogp_show.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.78CVE-2009-4935
3AUO SunVeillance Monitoring System Access Control Picture_Manage_mvc.aspx 特権昇格8.58.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.250880.02CVE-2019-12719
4SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php 特権昇格6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.33CVE-2024-1875
5Adtran SR400ac Ping Command 特権昇格8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000700.03CVE-2023-38120
6Canon Satera LBP670C CPCA Color LUT Resource Download Process メモリ破損9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.001250.03CVE-2023-6234
7SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php クロスサイトスクリプティング4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000460.04CVE-2024-1196
8Form.io Email Template 特権昇格6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.005250.00CVE-2020-28246
9AIpost AI WP Writer Plugin 特権昇格5.35.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-30459
10SourceCodester Kortex Lite Advocate Office Management System register_case.php SQLインジェクション4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.25CVE-2024-3621
11PbootCMS create_function 特権昇格7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.04CVE-2023-39834
12Phplinkdirectory PHP Link Directory conf_users_edit.php 未知の脆弱性6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
13BD Totalys MultiProcessor 弱い認証8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2022-40263
14Petwant PF-103/Petalk AI libcommon.so processCommandUploadSnapshot メモリ破損9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.018310.04CVE-2019-16736
15PHPGurukul User Registration & Login and User Management System Search Bar クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-25202
16WordPress ディレクトリトラバーサル5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.25CVE-2023-2745
17WordPress Post Author Path 情報の漏洩5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001830.04CVE-2017-6514
18GNU adns 未知の脆弱性6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.010530.00CVE-2008-4100
19Grafana 情報の漏洩5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000690.00CVE-2019-19499
20GARO WALLBOX GLB+ T2EV7 Software Update index.jsp#settings クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-1707

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • CVE-2024-21887

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
123.184.48.132MagnetGoblinCVE-2024-218872024年03月11日verified
245.9.149.215MagnetGoblinCVE-2024-218872024年03月11日verified
3XX.XXX.XXX.XXXxxxxxxxxxxxXxx-xxxx-xxxxx2024年03月11日verified
4XX.XX.XXX.XXXXxxxxxxxxxxxXxx-xxxx-xxxxx2024年03月11日verified
5XX.XXX.XX.XXXXxxxxxxxxxxxXxx-xxxx-xxxxx2024年03月11日verified
6XXX.XX.XX.XXXXxxxxxxxxxxxXxx-xxxx-xxxxx2024年03月11日verified

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
14TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
17TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/auth/callbackpredictive
2File/control/register_case.phppredictive
3File/etc/init.d/sshd_servicepredictive
4File/forum/away.phppredictive
5File/index.jsp#settingspredictive
6File/plainpredictive
7File/proc/self/environpredictive
8File/xxxxxxx/xxxxx/xxxxxxpredictive
9File/xx_xxx.xxxpredictive
10File/xxx/xxxxxx/xxx/xxxpredictive
11File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictive
12Filexxx.xxxpredictive
13Filexxx-xxxxxxxxxxx.xxxpredictive
14Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
15Filexxxxxx.xxxpredictive
16Filexxxxxxx.xpredictive
17Filexxxxxx\xxxxx.xxxxxxx_xxxxxxx.xxxpredictive
18Filexx/xxx/xxxxxx/xxxxxxx.xpredictive
19Filexxxxx.xxxxpredictive
20Filexxxxx.xxxpredictive
21Filexxxxxxx.xpredictive
22Filexxxxxxxxx.xxpredictive
23Filexxxxx.xxxpredictive
24Filexxx.xpredictive
25Filexxxxxxx.xpredictive
26Filexxx_xxxx.xxxpredictive
27Filexxxxxx.xpredictive
28Filexxxxxxx_xxxxxx_xxx.xxxxpredictive
29Filexxxxxxx.xxxpredictive
30Filexxx_xxxpredictive
31Filexxxxxxx.xxxpredictive
32Filexxxxxx-xxxxxxxx-xxxxxx_xx.xxxpredictive
33Filexxxxx.xpredictive
34Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictive
35Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxxpredictive
36Libraryxxxxxxxxx.xpredictive
37Libraryxxxxxxxxxpredictive
38Argumentxxxxxxxpredictive
39Argumentxxxxxxxxxpredictive
40Argumentxxxxxx_xxxxpredictive
41Argumentxxxxxxpredictive
42Argumentxxxxxxxpredictive
43Argumentxxxxxx_xxxxxxxpredictive
44Argumentxxxxxxxpredictive
45Argumentxxx_xxxxpredictive
46Argumentxxxxxx['xxxx']predictive
47Argumentxxxxpredictive
48Argumentxxxxxxpredictive
49Argumentxxxxpredictive
50Argumentxxxx/xxxxxxxxxxx/xxxxxxxxxpredictive
51Argumentxxxxxxxxxpredictive
52Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxpredictive
53Argumentxxxxxxxxpredictive
54Input Value../../predictive
55Network Portxxx/xx (xxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!