Medusa 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (376)

タイムライン

言語

en268
ru34
zh20
pl12
fr12

国・地域

us180
ru42
cn34
pl24
me10

アクター

Meduza Stealer20
RedLine Stealer17
Cobalt Strike15
Raccoon12
RecordBreaker11

アクティビティ

関心

タイムライン

タイプ

Not Defined160
Content Management System24
WordPress Plugin22
Router Operating System8
Bug Tracking Software8

ベンダー

Not Defined136
SourceCodester14
Microsoft10
Google6
Francisco Burzi6

製品

WordPress8
Francisco Burzi PHP-Nuke6
Atlassian JIRA Server4
Atlassian Data Center4
Magento4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Joomla CMS com_easyblog SQLインジェクション6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.34
2nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.04CVE-2020-12440
3Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.01CVE-2020-15906
4LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.82
5SPIP spip.php クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.59CVE-2022-28959
6PHP phpinfo クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.05CVE-2007-1287
7MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013021.10CVE-2007-0354
8Advisto Peel SHOPPING caddie_ajout.php 未知の脆弱性6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001180.04CVE-2018-20848
9DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.59CVE-2010-0966
10gnuboard5 FAQ Key ID faq.php クロスサイトスクリプティング4.14.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.04CVE-2022-3963
11Discuz! DiscuzX Access Restriction index.php 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003030.08CVE-2018-5377
12Fortinet FortiOS fgfmd Format String9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.17CVE-2024-23113
13Axigen WebMail クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-25080
14Fortinet FortiOS SSL-VPN メモリ破損9.89.6$25k-$100k$25k-$100kHighOfficial Fix0.018420.04CVE-2024-21762
15OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.30CVE-2014-2230
16WordPress SQLインジェクション6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
17WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.007080.09CVE-2021-44223
18Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed メモリ破損8.38.2$25k-$100k$0-$5kHighOfficial Fix0.966680.08CVE-2023-4966
19Grafana Dashboard 特権昇格6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2023-2801
20Ajax Load More Plugin admin-ajax.php SQLインジェクション6.76.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000870.04CVE-2021-24140

IOC - Indicator of Compromise (43)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.42.78.61Medusa2023年07月17日verified
25.61.49.177Medusa2023年06月30日verified
35.182.87.27Medusa2023年11月01日verified
48.217.23.144Medusa2023年10月28日verified
520.0.25.177Medusa2023年10月28日verified
645.15.157.16scientific-group.aeza.networkMedusa2023年07月23日verified
745.145.167.117hms16304.hostmyservers.meMedusa2024年04月02日verified
845.150.65.121vm1757649.stark-industries.solutionsMedusa2023年10月28日verified
964.52.80.13Medusa2023年06月30日verified
10XX.XXX.XXX.XXXxxxxxxxx-xxxxxx.xxxx.xxxxxxxXxxxxx2023年06月30日verified
11XX.XXX.XXX.Xxxxxxxxx-xxxxxxxxx.xxxx.xxxxxxxXxxxxx2023年06月30日verified
12XX.XXX.XXX.XXXxxxxxx-xxxxxx.xxxx.xxxxxxxXxxxxx2023年10月26日verified
13XX.XXX.XXX.XXXxxxxx-xxxxx.xxxx.xxxxxxxXxxxxx2023年06月19日verified
14XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxx2023年10月28日verified
15XX.XXX.XXX.XXXxxxxxxxxxx-xxxx.xxxx.xxxxxxxXxxxxx2023年06月30日verified
16XX.XXX.XXX.XXxxxxxxxxxxx-xxxxx.xxxx.xxxxxxxXxxxxx2023年07月15日verified
17XX.XXX.XXX.XXxxxx-xxxx.xxxx.xxxxxxxXxxxxx2023年10月28日verified
18XX.XXX.XXX.XXXxxxxxxx-xxxxx.xxxx.xxxxxxxXxxxxx2023年07月15日verified
19XX.XXX.XX.XXxxxxx-xxx.xxxx.xxxxxxxXxxxxx2023年10月26日verified
20XX.XXX.XX.XXxxxxxxx-xxxx.xxxx.xxxxxxxXxxxxx2023年10月26日verified
21XX.XXX.XX.XXXxxxxxx-xxx.xxxx.xxxxxxxXxxxxx2023年10月26日verified
22XX.XXX.XXX.XXxxxx-xxxx.xxxx.xxxxxxxXxxxxx2023年06月30日verified
23XX.XXX.XXX.XXXxxxxxx-xxxxxx.xxxx.xxxxxxxXxxxxx2023年07月15日verified
24XX.XXX.XXX.XXxxxxx2023年10月26日verified
25XX.XXX.XXX.XXXXxxxxx2023年10月28日verified
26XX.XXX.XXX.XXXXxxxxx2023年10月26日verified
27XX.XXX.XXX.XXXXxxxxx2023年10月26日verified
28XXX.XXX.XXX.XXXxxxxx-xxxx.xxxx.xxxxxxxXxxxxx2023年10月28日verified
29XXX.XX.XXX.XXXxxxxx2023年10月26日verified
30XXX.XX.XXX.XXXXxxxxx2023年06月30日verified
31XXX.XXX.XXX.XXXxxxxx2023年10月28日verified
32XXX.XXX.XXX.XXxxxxx2023年10月28日verified
33XXX.XX.XXX.XXXxxx.xxx.xx.xxx.xx-xxxx.xxxxXxxxxx2023年10月28日verified
34XXX.XX.XX.XXXxxxxxx.xx.xxx-xxxxx.xxXxxxxx2023年06月30日verified
35XXX.XXX.XX.XXxxxxx-xxxxxx.xxxx.xxxxxxxXxxxxx2023年10月26日verified
36XXX.XXX.XX.XXxxxxxxxxx.xxxx.xxxxxxxXxxxxx2023年06月30日verified
37XXX.XXX.XXX.XXxxxxxxxxx.xxxx.xxxxxxxXxxxxx2023年10月26日verified
38XXX.XXX.XXX.XXxxxxxxxx-xxxxx.xxxx.xxxxxxxXxxxxx2023年07月20日verified
39XXX.XXX.XXX.XXXxxxx-xxxxxxxxx.xxxx.xxxxxxxXxxxxx2023年07月15日verified
40XXX.XXX.XXX.XXXxxxxx-xxxx.xxxx.xxxxxxxXxxxxx2023年06月30日verified
41XXX.XXX.XXX.XXXxxxxxxxx-xxx.xxxx.xxxxxxxXxxxxx2023年07月15日verified
42XXX.XXX.XXX.XXxxxxxxxx-xxxx.xxxx.xxxxxxxXxxxxx2023年10月26日verified
43XXX.XXX.XX.XXxxxx-xxx-xxx-xx-xx.xxxxxx-xx-xxxxxx.xxXxxxxx2023年10月28日verified

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-425Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-137CWE-88, CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
13TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (219)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/app/product.phppredictive
2File/admin/delete_user.phppredictive
3File/admin/index.phppredictive
4File/admin/maintenance/view_designation.phppredictive
5File/admin/sales/view_details.phppredictive
6File/alphaware/summary.phppredictive
7File/api/baskets/{name}predictive
8File/cas/logoutpredictive
9File/cgi-bin/cstecgi.cgi?action=loginpredictive
10File/cgi-bin/supervisor/PwdGrp.cgipredictive
11File/collection/allpredictive
12File/common/info.cgipredictive
13File/cupseasylive/countrymodify.phppredictive
14File/cupseasylive/taxstructurelist.phppredictive
15File/filex/read-rawpredictive
16File/forum/away.phppredictive
17File/hardwarepredictive
18File/jeecg-boot/jmreport/showpredictive
19File/librarian/bookdetails.phppredictive
20File/LoginRegistration.phppredictive
21File/member/ad.php?action=adpredictive
22File/oauth/idp/.well-known/openid-configurationpredictive
23File/opt/zimbra/jetty/webapps/zimbra/publicpredictive
24File/owa/auth/logon.aspxpredictive
25File/protocol/index.phppredictive
26File/rest/api/latest/user/avatar/temporarypredictive
27File/spip.phppredictive
28File/xxx/xxxxx/xxxxxxx_xxxxxxx_xxxxxx.xxxpredictive
29File/xxxpredictive
30File/xxxxxxx/predictive
31File/xxxx/xxxxxxxxxpredictive
32File/xxx/xxx/xxx/xxxxx/xxxxxxx.xxpredictive
33File/xxx-xxx/xxx.xxxpredictive
34File/xx-xxxxx/xxxxx-xxxx.xxxpredictive
35Filexxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxxpredictive
36Filexxxxxx.xxxpredictive
37Filexxxxxxxxxx/xxx/xxxxxx_xxxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxxx/_xxxxx.xxxx.xxxpredictive
38Filexxxxxxx.xxxpredictive
39Filexxxxx/xxxxxxxxxxxx.xxxpredictive
40Filexxxxx/xxxxx_xxxxx.xxxpredictive
41Filexxxxx/xxxxxxxx/xxxx/xxx_xxxxx_xx_xxxx.xxxpredictive
42Filexxxxx/xxxxxxxx/xxx-xxxxxx-xxxxx-xxxxxxx.xxxpredictive
43Filexxxxx.xxxpredictive
44Filexxxxxxxx\xxxxx.xxxpredictive
45Filexxx:.xxxpredictive
46Filexxxxxxxxx.xxxpredictive
47Filexxxxxxx.xxpredictive
48Filexxxx/xxxxxxxxxxxx.xxxpredictive
49Filexxx/xxx.xxxpredictive
50Filexxx/xxxxx.xxxpredictive
51Filexxxxx.xxxpredictive
52Filexxx.xxxpredictive
53Filexxx.xxxpredictive
54Filexxx-xxx/xxxxxxx.xxpredictive
55Filexxxxx-xxxxxxx.xxxpredictive
56Filexxxxxxx.xxxpredictive
57Filex_xxxxxxpredictive
58Filexxxxxxxx_xxxxxxx.xxxpredictive
59Filexxxxxxx.xxxpredictive
60Filexxxxxxx/xxx/xxx/xxx/xxx_xxxx.xpredictive
61Filexxxx-xxxxxxx.xxxpredictive
62Filexxxxx.xxxpredictive
63Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictive
64Filexxx/xxxxxxx/xxxxxxxxxxxxxx.xpredictive
65Filexxxxxxxxxxxxxxxxxx.xxxxpredictive
66Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictive
67Filexxxxxxxxxx.xxxpredictive
68Filexxxxxxxxx.xxxpredictive
69Filexxxxxx/xxxxxpredictive
70Filexxxxx_xxxxxx.xxxpredictive
71Filexxx/xxxxxx.xxxpredictive
72Filexxxxx.xxxpredictive
73Filexxxxx.xxxpredictive
74Filexxxxxxxxxxxxx.xxxpredictive
75Filexxxxx/xxxx.xxxpredictive
76Filex_xxxxxx.xxxpredictive
77Filexxxxxxxxxxxxxxxxx.xxxxpredictive
78Filexxxxxx.xxxpredictive
79Filexxxxxx/xxxxx.xxxpredictive
80Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictive
81Filexxx_xxxxxx.xxxpredictive
82Filexxx_xxxx.xxxpredictive
83Filexxx.xxxxxx.xxxpredictive
84Filexxxx.xxxpredictive
85Filexxx_xxxxxx.xxpredictive
86Filexxxxxxxx.xxxpredictive
87Filexxxxxx/xx_xxxxxx_xxxxxx/xxxxx/xxxxx.xxxpredictive
88Filexxxxxxx.xxxpredictive
89Filexxxxx.xxxpredictive
90Filexxxxx.xxxpredictive
91Filexxxxxxxx.xxxpredictive
92Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
93Filexxxx_xxxxx.xxxpredictive
94Filexxxxx\xxxx.xxxpredictive
95Filexxxx_xxx_xx.xpredictive
96Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxxx_xxxx.xxxpredictive
97Filexxxxxx.xxpredictive
98Filexxxxxx.xxpredictive
99Filexxxx.xxxpredictive
100Filexxxx.xxxpredictive
101Filexxxxxxxxxxxx.xxxpredictive
102Filexxxx_xxxx.xxxxpredictive
103Filexxx/xxxx_xx_xxx.xpredictive
104Filexxxxxxx-xxxxxxxx.xxxpredictive
105Filexxxxxxx_xxxxxx.xxxpredictive
106Filexxxxxxxx.xxxxx.xxxpredictive
107Filexxxx-xxxxxxxxxx.xxxpredictive
108Filexxxx-xxxxxxxx.xxxpredictive
109Filexxxx-xxxxx.xxxpredictive
110Filexxxx-xxxxxxxx.xxxpredictive
111Filexxxxxxxxxx.xxxpredictive
112Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
113Filexx/xxxxxxxxx/xxpredictive
114Filexxxx.xxxpredictive
115Filexxxx_xxx.xxxpredictive
116Filexxxx_xxxx.xxxpredictive
117Filexxxx_xxxx.xxxpredictive
118Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictive
119Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxx-xxxxx-xxxxxxxxpredictive
120Filexx-xxxxxxx/xxxxxxx/xxxxxx-xxxxxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictive
121Filexx-xxxxxxx/xxxxxxxpredictive
122Filexx-xxxx.xxxpredictive
123Filexxxxxx.xxpredictive
124Filexxxx.xxpredictive
125Filexx_xxxxx/xxxxxx/xxxxxxx/xxx/xxxxxx_xxxxxxx.xxxpredictive
126File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictive
127Library/xxxxxxx/xxxxx/xxx.xxxpredictive
128Libraryxxxxxxxxxxx.xxxpredictive
129Library~/xxx/xxxxx/xxxxx-xxxxx-xxxxxxx.xxxpredictive
130Argumentxxxxxx_xxxxxpredictive
131Argumentxxxxxxpredictive
132Argumentxxxxxxpredictive
133Argumentxxxxxpredictive
134Argumentx_xxxx/x_xxx/x_xxxxxxxpredictive
135Argumentxxxxxxxxpredictive
136Argumentxxxxxpredictive
137Argumentxxxxpredictive
138Argumentxxxxxxpredictive
139Argumentxxxxx_xxxx/xx_xxxxx_xxxxx_xx/xx_xxxxx_xxxxx_xxxxx_xxxx_xxxx/xxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxx_xxxxxpredictive
140Argumentxxxxxxxxxx_xxxxpredictive
141Argumentxxxxxpredictive
142Argumentxxxpredictive
143Argumentxxxpredictive
144Argumentxxxxxxpredictive
145Argumentxxxxxxxxx[x]predictive
146Argumentxxxxxxxxxpredictive
147Argumentxxxxxxx_xxxx_xxxxpredictive
148Argumentxxxxpredictive
149Argumentxxxxxxxxxxxpredictive
150Argumentxxxxpredictive
151Argumentxxxxxxxpredictive
152Argumentxxxx_xxxxxx_xxxxxxxxxpredictive
153Argumentxxxxxpredictive
154Argumentxxxxx_xxxx/xxxxx_xxx/xxxxx_xxxx/xxxx_xxpredictive
155Argumentxxxxpredictive
156Argumentxxxxxxxxpredictive
157Argumentxxxxpredictive
158Argumentxx_xxpredictive
159Argumentxxxxxxxxxpredictive
160Argumentxxxxxxxxxxpredictive
161Argumentxx_xxpredictive
162Argumentxx=xxxxxx)predictive
163Argumentxxxxpredictive
164Argumentxxpredictive
165Argumentxxpredictive
166Argumentxxxxx xxxxxxxxxpredictive
167Argumentxxxxxxx_xxxxpredictive
168Argumentxxxxxxpredictive
169Argumentxxxxxxxxpredictive
170Argumentxxxxpredictive
171Argumentxxxxxxxxpredictive
172Argumentxx/xxxxpredictive
173Argumentxxxpredictive
174Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictive
175Argumentxxxpredictive
176Argumentx_xxxpredictive
177Argumentxxxxpredictive
178Argumentxxxxxxpredictive
179Argumentxxx.xxxxxxxpredictive
180Argumentxxxxxxx_xxxxx_xxxxxxx_xxxxx[x]predictive
181Argumentxxxxpredictive
182Argumentxxxxxxxxpredictive
183Argumentxxxxxxxxpredictive
184Argumentxxxxxpredictive
185Argumentxxxxxxpredictive
186Argumentxxxxxxxpredictive
187Argumentxxxxx_xxxxxxpredictive
188Argumentxxxxxxxxpredictive
189Argumentxxx_xxpredictive
190Argumentxxxpredictive
191Argumentxxxxxxxxxxpredictive
192Argumentxxxxxxxxxxxpredictive
193Argumentxxxxxxxxpredictive
194Argumentxxxxxx_xxxxpredictive
195Argumentxxxxxxpredictive
196Argumentxxxxpredictive
197Argumentxxxpredictive
198Argumentxxxxpredictive
199Argumentxxxxxxpredictive
200Argumentxxxpredictive
201Argumentxxxxxx_xxxx/xxxxxxxxxx/xxxx_xx/xxxxxxxxxxxx_xx/xxxxxxxxxxxx_xxxxxx_xxxx/xxxxxxxxx_xxpredictive
202Argumentxxxxxpredictive
203Argumentxxxpredictive
204Argumentxxxpredictive
205Argumentxxxxxpredictive
206Argumentxxxxx/xxxpredictive
207Argumentxxxxxxxxxxxpredictive
208Argumentxxxpredictive
209Argumentxxxxxx/xxxxpredictive
210Argumentxxxxxxxxpredictive
211Argumentxxxxxxxx/xxxxxxxxpredictive
212Argumentxxxxxx/xxxxxx/xxxx/xxxxpredictive
213Argument主题predictive
214Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
215Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictive
216Input Valuexxxxxxxxpredictive
217Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>predictive
218Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictive
219Network Portxxx/xxxxpredictive

参考 (33)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!