Manjusaka 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (60)

タイムライン

言語

zh28
en28
it4

国・地域

cn48
us6
ru4

アクター

Manjusaka4
Mirai2
Cobalt Strike1
Responder1
GuLoader1

アクティビティ

関心

タイムライン

タイプ

Not Defined28
Web Server4
Database Software4
Operating System2
Project Management Software2

ベンダー

Not Defined16
Apache4
Red Hat4
Siemens2
Microsoft2

製品

Apache HTTP Server2
Siemens LOGO!8 BM2
Microsoft Windows2
Red Hat JBoss Web Server2
iKuaiOS2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1vsftpd deny_file 未知の脆弱性3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.15CVE-2015-1419
2Oracle Storage Cloud Software Appliance Management Console Remote Code Execution10.09.5$100k 以上$5k-$25kNot DefinedOfficial Fix0.005760.00CVE-2021-2256
3VMware Spring Framework 特権昇格4.54.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000790.00CVE-2021-22096
4nginx ngx_http_mp4_module 情報の漏洩5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001980.05CVE-2018-16845
5Python libraries 特権昇格6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
6GilaCMS GET Parameter cm.php SQLインジェクション6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.002230.00CVE-2020-20692
7SourceCodester Simple Subscription Website manage_plan.php SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-3015
8Chengdu VEC40G Network Detection 特権昇格5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.05CVE-2023-2522
9code-projects Bus Dispatch and Information System view_admin.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000700.15CVE-2023-2773
10frioux ptome SQLインジェクション6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.04CVE-2010-10009
11Totolink X2000R HTTP POST Request boa formTmultiAP メモリ破損8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000790.08CVE-2023-7222
12SAP GUI Connector for Microsoft Edge 情報の漏洩6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000870.04CVE-2024-22125
13Cool Plugins Events Shortcodes for the Events Calendar Plugin SQLインジェクション7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000500.05CVE-2023-52142
14Acumos Design Studio クロスサイトスクリプティング4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.00CVE-2018-25097
15Google Android ion.c ion_ioctl メモリ破損5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-20118
16Qualcomm Snapdragon Compute XPU Re-Configuration 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2021-30276
17Epic Games Psyonix Rocket League UPK Object メモリ破損5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.003000.00CVE-2021-32238
18Microsoft Windows IIS メモリ破損7.97.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001820.03CVE-2019-1365
19MailEnable Enterprise Premium ディレクトリトラバーサル7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000610.02CVE-2019-12925
20Microsoft ISA Server H.323/H.225.0/Q.931 メモリ破損7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.311880.04CVE-2003-0819

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
139.104.90.45Manjusaka2022年08月02日verified
245.137.117.219Manjusaka2024年03月19日verified
3XX.XXX.XXX.XXXxxxx-xx-xxx-xxx-xxx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxxxx2024年03月19日verified
4XX.XXX.XXX.XXxxxxxx.xxxxxxx.xxxxXxxxxxxxx2024年03月19日verified
5XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxxxxx2024年03月19日verified
6XXX.XX.XXX.XXXXxxxxxxxx2024年03月19日verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3TXXXXCAPEC-242CWE-XXXxxxxxxx Xxxxxxxxxpredictive
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
9TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/bin/boapredictive
2File/send_order.cgi?parameter=access_detectpredictive
3File/src/core/controllers/cm.phppredictive
4File/xxx/xxx/xxxxxxpredictive
5File/xxxxxxpredictive
6Filexxxxx.xxxpredictive
7Filexxx.xpredictive
8Filexxxxxx_xxxx.xxxpredictive
9Filexxxx_xxxxx.xxxpredictive
10Filexx-xxxxx.xxxpredictive
11Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictive
12Libraryxxxxxxxxxpredictive
13Argumentxxxxxxxpredictive
14Argumentxxxxxpredictive
15Argumentxxpredictive
16Argumentxxpredictive
17Argumentxxxxxpredictive
18Argumentxxxxxx-xxxpredictive
19Argumentxxxxxpredictive
20Input Valuex | xxxxxxx -xxpredictive
21Input Value===predictive
22Network Portxxx/xxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!