Mallox 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (125)

タイムライン

言語

en102
de8
es6
sv4
pl2

国・地域

us106
ie6
ru6

アクター

Cobalt Strike4
Mallox4
Stealc2
RedLine Stealer2
Hydra2

アクティビティ

関心

タイムライン

タイプ

Not Defined66
Content Management System12
Forum Software6
Calendar Software4
Blog Software4

ベンダー

Not Defined36
Google4
DMXReady4
Scripter.ch4
Dolibarr4

製品

DMXReady Blog Manager4
Yasirpro MS-Pro Portal Scripti2
WGCC Web Group Communication Center2
Pallets Werkzeug2
Peak Xoops Myalbum P2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Kingdee KIS Professional Edition Privilege Escalation8.07.7$0-$5k$0-$5kNot DefinedNot Defined0.001040.03CVE-2021-37274
2Google Android Privilege Escalation7.67.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001030.05CVE-2021-0877
3Google Android メモリ破損5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-21042
4Microsoft Windows Online Certificate Status Protocol SnapIn Remote Code Execution8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.001200.05CVE-2023-35313
5Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.78CVE-2020-15906
6GitHub Enterprise Server API 情報の漏洩3.93.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001110.00CVE-2022-46257
7Pallets Werkzeug Debugger tbtools.py render_full クロスサイトスクリプティング5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001830.04CVE-2016-10516
8Zyxel ATP/USG FLEX/VPN CGI Program 情報の漏洩5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000770.00CVE-2023-22918
9jeecg-boot 情報の漏洩6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.007030.00CVE-2021-37304
10La-souris-verte Com Svmap index.php ディレクトリトラバーサル5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.013340.00CVE-2010-1308
11Apache OpenOffice Calc 特権昇格7.36.4$5k-$25k$0-$5kUnprovenOfficial Fix0.006020.02CVE-2014-3524
12V3chat V3 Chat Profiles Dating Script 弱い認証7.37.3$0-$5k$0-$5kHighUnavailable0.016850.00CVE-2008-5784
13USAA Mobile Banking Screen Cache 情報の漏洩3.33.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001160.00CVE-2015-1314
14Microsoft SQL Server 特権昇格6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.025330.04CVE-2015-1762
15Efs Software Easy Chat Server メモリ破損5.35.3$0-$5k$0-$5kHighNot Defined0.177640.00CVE-2004-2466
16Synacor Zimbra Collaboration Suite mboximport ディレクトリトラバーサル8.08.0$0-$5k$0-$5kHighNot Defined0.975400.05CVE-2022-37042
17Google Chrome Media メモリ破損7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.008820.00CVE-2020-6452
18HPE OpenCall Media Platform 特権昇格7.16.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.144070.00CVE-2017-5799
19Microsoft Windows Remote Desktop/Terminal Services Web Connection 弱い認証6.36.2$25k-$100k$0-$5kNot DefinedWorkaround0.000000.00
20Allaire Coldfusion Server Login サービス拒否5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.022990.00CVE-2000-0538

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.188.86.237Mallox2024年05月02日verified
242.193.223.169Mallox2024年05月02日verified
343.138.76.102Mallox2023年08月20日verified
464.185.227.155api64.ipify.orgMallox2023年12月14日verified
5XX.XX.XX.XXXxxxxx2024年03月18日verified
6XX.XX.XX.XXXxxxxx2023年12月14日verified
7XX.XX.XX.XXXxxxxx2024年05月13日verified
8XX.XX.XX.XXXxxxxx2024年04月02日verified
9XX.XX.XX.XXXXxxxxx2023年06月23日verified
10XX.XX.XX.XXXXxxxxx2024年05月02日verified
11XX.XX.XX.XXXXxxxxx2024年05月13日verified
12XX.XXX.XXX.XXXXxxxxx2024年04月02日verified
13XX.XXX.XX.XXXxxxxx2024年05月13日verified
14XX.XXX.XX.XXXXxxxxx2024年05月02日verified
15XXX.XX.XX.XXXxxxxx2023年12月14日verified
16XXX.XXX.XX.XXXxxxxxx-xx.xxxxxxxx.xxxXxxxxx2023年12月14日verified
17XXX.XX.XX.XXXXxxxxx2024年04月02日verified
18XXX.XX.XXX.XXXXxxxxx2023年12月14日verified
19XXX.XXX.XXX.XXXXxxxxx2024年04月02日verified

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCAPEC-464CWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx Xxxxxpredictive
11TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (121)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/attachments.phppredictive
2File/goform/RgUrlBlock.asppredictive
3File/include/viewtagdb.psppredictive
4File/includes/cart.inc.phppredictive
5File/wp-content/plugins/woocommerce/templates/emails/plain/predictive
6Fileaccount.phppredictive
7Fileaccount/lost_passwordpredictive
8Fileadmin/cal_login.phppredictive
9Fileadmin/kfm/initialise.phppredictive
10Fileadmin/password_forgotten.phppredictive
11Fileadmin_options_manage.phppredictive
12Fileannonces-p-f.phppredictive
13Fileasppredictive
14Filebooks.phppredictive
15Filebrowse_videos.phppredictive
16Filexxxxpredictive
17Filexxxxxxxx.xxxpredictive
18Filexxxxxx/xxxxxx_xxx.xxxpredictive
19Filexxxxx/xxxxxxx.xxpredictive
20Filexxxxxx.xxxpredictive
21Filexxxxxxx.xxxpredictive
22Filexxxxxxx.xxxpredictive
23Filexxxxxxxxxx.xxxxx.xxx.xxxpredictive
24Filexxxxx.xxxpredictive
25Filexxxxxxxx.xxxpredictive
26Filexxxxxx/xxxxxxxx/xx.xxxpredictive
27Filexxxxx.xxxpredictive
28Filexxxxx_xxxx.xxxpredictive
29Filexxxxxx/xxxx.xxx.xxxpredictive
30Filexxxxxx.xxxpredictive
31Filexxx_xxxxxxxxxxxxxx.xxxpredictive
32Filexxxxx.xxxpredictive
33Filexxxxx.xxpredictive
34Filexxxxxxxx.xxxpredictive
35Filexxxxx.xxxpredictive
36Filexxxxx.xxxpredictive
37Filexxxx.xxxpredictive
38Filexxxxxxxxx.xxxxpredictive
39Filexxx.xxxpredictive
40Filexxxxxxxx.xxxpredictive
41Filexxxxxxx.xxxxx.xxxpredictive
42Filexxxxx_xxx.xxxpredictive
43Filexxxxx.xxxpredictive
44Filexxxxxxx/xxxxx/xxxx.xxxpredictive
45Filexxxxxxx.xxxpredictive
46Filexxxxxx/xxxxx/xxxxx/xxxx/xxxxxpredictive
47Filexxxxxxxx.xxxpredictive
48Filexxxxxxxx.xxxpredictive
49Filexxxxxx.xxxpredictive
50Filexxxxxxx.xxxpredictive
51Filexxx/xxxx/xxxx/xx/xxxxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
52Filexxxxxx.xxxpredictive
53Filexxx.xxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictive
54Filexxxxxxxxxxxxxxxx.xxxpredictive
55Filexxxx-xxxxx.xxxpredictive
56Filexxxxxx.xxxpredictive
57Filexxxxxx.xxxpredictive
58Filexxxxxx/xxxxxx/xxxxx/xxxxxxxx/xxxxx_xxxxx_xxxxxxxx.xxxpredictive
59Filexxxxxxxx.xxxpredictive
60Filexxxxxx.xxxpredictive
61Filexxxxxxx.xxxpredictive
62Filexxxx_xxxx.xxxpredictive
63Filexxx_xxx.xxxpredictive
64Libraryxxx/xxxxxxxxx.xxxpredictive
65Libraryxxx/xxx.xxxxxx.xxxpredictive
66Argumentxxxxx_xxxxxpredictive
67Argumentxxxxxxxxpredictive
68Argumentxxxx_xxx[xxx_xxxxxxxxxx]predictive
69Argumentxxxxxxxxxxxxxxxxxxxxxxxpredictive
70Argumentxxxxxxpredictive
71Argumentxxxpredictive
72Argumentxxxxxxxxxxpredictive
73Argumentxxxx_xxpredictive
74Argumentxxxxxpredictive
75Argumentxxxxxxxxpredictive
76Argumentxxxpredictive
77Argumentxxxxxxxxxxpredictive
78Argumentxxxxpredictive
79Argumentxxx_xxxxpredictive
80Argumentxxxxpredictive
81Argumentxxxxxxxxxxpredictive
82Argumentxxxxxpredictive
83Argumentxxxxxxpredictive
84Argumentxxxxpredictive
85Argumentxxxxxxpredictive
86Argumentxxxxxxpredictive
87Argumentxxxxxxx[xxxxxxxxxxx]predictive
88Argumentx_xxxxx[xxx_xxxx]predictive
89Argumentxxxx_xxxxpredictive
90Argumentxxpredictive
91Argumentxx_xxxxpredictive
92Argumentxxx_xxxpredictive
93Argumentxxxx_xxxx_xxpredictive
94Argumentxxxxxxpredictive
95Argumentxxxpredictive
96Argumentxxxpredictive
97Argumentxxx_xxxx_xxxxpredictive
98Argumentxxxpredictive
99Argumentxxxxxxpredictive
100Argumentxxxxxpredictive
101Argumentxxxxx_xxxxxxxxpredictive
102Argumentxxxxxxxpredictive
103Argumentxxxxxxxxx_xxxx_xxxxpredictive
104Argumentxxxpredictive
105Argumentxxxxxxpredictive
106Argumentxxxxpredictive
107Argumentxxxxxxxxpredictive
108Argumentxxxxpredictive
109Argumentx_xxpredictive
110Argumentxxxpredictive
111Argumentxxxpredictive
112Argumentxxxxxx_xxpredictive
113Argumentxx_xxxxpredictive
114Argumentxxxxpredictive
115Argumentxxpredictive
116Argumentxxxxpredictive
117Argumentxxxxxxpredictive
118Argumentxxxxxxxxpredictive
119Argumentxxxxxxxxpredictive
120Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictive
121Input Valuex==predictive

参考 (9)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!