Medusa 解析
IOB - Indicator of Behavior (376)
アクティビティ
関心
脆弱性
IOC - Indicator of Compromise (43)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (16)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (219)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | クラス | Indicator | タイプ | 信頼度 |
---|---|---|---|---|
1 | File | /admin/app/product.php | predictive | 高 |
2 | File | /admin/delete_user.php | predictive | 高 |
3 | File | /admin/index.php | predictive | 高 |
4 | File | /admin/maintenance/view_designation.php | predictive | 高 |
5 | File | /admin/sales/view_details.php | predictive | 高 |
6 | File | /alphaware/summary.php | predictive | 高 |
7 | File | /api/baskets/{name} | predictive | 高 |
8 | File | /cas/logout | predictive | 中 |
9 | File | /cgi-bin/cstecgi.cgi?action=login | predictive | 高 |
10 | File | /cgi-bin/supervisor/PwdGrp.cgi | predictive | 高 |
11 | File | /collection/all | predictive | 高 |
12 | File | /common/info.cgi | predictive | 高 |
13 | File | /cupseasylive/countrymodify.php | predictive | 高 |
14 | File | /cupseasylive/taxstructurelist.php | predictive | 高 |
15 | File | /filex/read-raw | predictive | 高 |
16 | File | /forum/away.php | predictive | 高 |
17 | File | /hardware | predictive | 中 |
18 | File | /jeecg-boot/jmreport/show | predictive | 高 |
19 | File | /librarian/bookdetails.php | predictive | 高 |
20 | File | /LoginRegistration.php | predictive | 高 |
21 | File | /member/ad.php?action=ad | predictive | 高 |
22 | File | /oauth/idp/.well-known/openid-configuration | predictive | 高 |
23 | File | /opt/zimbra/jetty/webapps/zimbra/public | predictive | 高 |
24 | File | /owa/auth/logon.aspx | predictive | 高 |
25 | File | /protocol/index.php | predictive | 高 |
26 | File | /rest/api/latest/user/avatar/temporary | predictive | 高 |
27 | File | /spip.php | predictive | 中 |
28 | File | /xxx/xxxxx/xxxxxxx_xxxxxxx_xxxxxx.xxx | predictive | 高 |
29 | File | /xxx | predictive | 低 |
30 | File | /xxxxxxx/ | predictive | 中 |
31 | File | /xxxx/xxxxxxxxx | predictive | 高 |
32 | File | /xxx/xxx/xxx/xxxxx/xxxxxxx.xx | predictive | 高 |
33 | File | /xxx-xxx/xxx.xxx | predictive | 高 |
34 | File | /xx-xxxxx/xxxxx-xxxx.xxx | predictive | 高 |
35 | File | xxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxx | predictive | 高 |
36 | File | xxxxxx.xxx | predictive | 中 |
37 | File | xxxxxxxxxx/xxx/xxxxxx_xxxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxxx/_xxxxx.xxxx.xxx | predictive | 高 |
38 | File | xxxxxxx.xxx | predictive | 中 |
39 | File | xxxxx/xxxxxxxxxxxx.xxx | predictive | 高 |
40 | File | xxxxx/xxxxx_xxxxx.xxx | predictive | 高 |
41 | File | xxxxx/xxxxxxxx/xxxx/xxx_xxxxx_xx_xxxx.xxx | predictive | 高 |
42 | File | xxxxx/xxxxxxxx/xxx-xxxxxx-xxxxx-xxxxxxx.xxx | predictive | 高 |
43 | File | xxxxx.xxx | predictive | 中 |
44 | File | xxxxxxxx\xxxxx.xxx | predictive | 高 |
45 | File | xxx:.xxx | predictive | 中 |
46 | File | xxxxxxxxx.xxx | predictive | 高 |
47 | File | xxxxxxx.xx | predictive | 中 |
48 | File | xxxx/xxxxxxxxxxxx.xxx | predictive | 高 |
49 | File | xxx/xxx.xxx | predictive | 中 |
50 | File | xxx/xxxxx.xxx | predictive | 高 |
51 | File | xxxxx.xxx | predictive | 中 |
52 | File | xxx.xxx | predictive | 低 |
53 | File | xxx.xxx | predictive | 低 |
54 | File | xxx-xxx/xxxxxxx.xx | predictive | 高 |
55 | File | xxxxx-xxxxxxx.xxx | predictive | 高 |
56 | File | xxxxxxx.xxx | predictive | 中 |
57 | File | x_xxxxxx | predictive | 中 |
58 | File | xxxxxxxx_xxxxxxx.xxx | predictive | 高 |
59 | File | xxxxxxx.xxx | predictive | 中 |
60 | File | xxxxxxx/xxx/xxx/xxx/xxx_xxxx.x | predictive | 高 |
61 | File | xxxx-xxxxxxx.xxx | predictive | 高 |
62 | File | xxxxx.xxx | predictive | 中 |
63 | File | xx/xxxxx/xxxxxx_xxxxx.xxx | predictive | 高 |
64 | File | xxx/xxxxxxx/xxxxxxxxxxxxxx.x | predictive | 高 |
65 | File | xxxxxxxxxxxxxxxxxx.xxxx | predictive | 高 |
66 | File | xxxxxxxxx/xx/xxxxxxxxxxxx.xxx | predictive | 高 |
67 | File | xxxxxxxxxx.xxx | predictive | 高 |
68 | File | xxxxxxxxx.xxx | predictive | 高 |
69 | File | xxxxxx/xxxxx | predictive | 中 |
70 | File | xxxxx_xxxxxx.xxx | predictive | 高 |
71 | File | xxx/xxxxxx.xxx | predictive | 高 |
72 | File | xxxxx.xxx | predictive | 中 |
73 | File | xxxxx.xxx | predictive | 中 |
74 | File | xxxxxxxxxxxxx.xxx | predictive | 高 |
75 | File | xxxxx/xxxx.xxx | predictive | 高 |
76 | File | x_xxxxxx.xxx | predictive | 中 |
77 | File | xxxxxxxxxxxxxxxxx.xxxx | predictive | 高 |
78 | File | xxxxxx.xxx | predictive | 中 |
79 | File | xxxxxx/xxxxx.xxx | predictive | 高 |
80 | File | xxx/xxxxxxxxx/xx_xxxxxx_xxx.x | predictive | 高 |
81 | File | xxx_xxxxxx.xxx | predictive | 高 |
82 | File | xxx_xxxx.xxx | predictive | 中 |
83 | File | xxx.xxxxxx.xxx | predictive | 高 |
84 | File | xxxx.xxx | predictive | 中 |
85 | File | xxx_xxxxxx.xx | predictive | 高 |
86 | File | xxxxxxxx.xxx | predictive | 中 |
87 | File | xxxxxx/xx_xxxxxx_xxxxxx/xxxxx/xxxxx.xxx | predictive | 高 |
88 | File | xxxxxxx.xxx | predictive | 中 |
89 | File | xxxxx.xxx | predictive | 中 |
90 | File | xxxxx.xxx | predictive | 中 |
91 | File | xxxxxxxx.xxx | predictive | 中 |
92 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | 高 |
93 | File | xxxx_xxxxx.xxx | predictive | 高 |
94 | File | xxxxx\xxxx.xxx | predictive | 高 |
95 | File | xxxx_xxx_xx.x | predictive | 高 |
96 | File | xxxx-xxx/xxxxxxxx.xxx?xxxx=xxxx_xxxx.xxx | predictive | 高 |
97 | File | xxxxxx.xx | predictive | 中 |
98 | File | xxxxxx.xx | predictive | 中 |
99 | File | xxxx.xxx | predictive | 中 |
100 | File | xxxx.xxx | predictive | 中 |
101 | File | xxxxxxxxxxxx.xxx | predictive | 高 |
102 | File | xxxx_xxxx.xxxx | predictive | 高 |
103 | File | xxx/xxxx_xx_xxx.x | predictive | 高 |
104 | File | xxxxxxx-xxxxxxxx.xxx | predictive | 高 |
105 | File | xxxxxxx_xxxxxx.xxx | predictive | 高 |
106 | File | xxxxxxxx.xxxxx.xxx | predictive | 高 |
107 | File | xxxx-xxxxxxxxxx.xxx | predictive | 高 |
108 | File | xxxx-xxxxxxxx.xxx | predictive | 高 |
109 | File | xxxx-xxxxx.xxx | predictive | 高 |
110 | File | xxxx-xxxxxxxx.xxx | predictive | 高 |
111 | File | xxxxxxxxxx.xxx | predictive | 高 |
112 | File | xxxx/xxx/xxxx-xxxxx.xxx | predictive | 高 |
113 | File | xx/xxxxxxxxx/xx | predictive | 高 |
114 | File | xxxx.xxx | predictive | 中 |
115 | File | xxxx_xxx.xxx | predictive | 中 |
116 | File | xxxx_xxxx.xxx | predictive | 高 |
117 | File | xxxx_xxxx.xxx | predictive | 高 |
118 | File | xx-xxxxx/xxxxxxx-xxxxxxx.xxx | predictive | 高 |
119 | File | xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxx-xxxxx-xxxxxxxx | predictive | 高 |
120 | File | xx-xxxxxxx/xxxxxxx/xxxxxx-xxxxxxxx/xxxxxxxx/xxxxxxxxx.xxx | predictive | 高 |
121 | File | xx-xxxxxxx/xxxxxxx | predictive | 高 |
122 | File | xx-xxxx.xxx | predictive | 中 |
123 | File | xxxxxx.xx | predictive | 中 |
124 | File | xxxx.xx | predictive | 低 |
125 | File | xx_xxxxx/xxxxxx/xxxxxxx/xxx/xxxxxx_xxxxxxx.xxx | predictive | 高 |
126 | File | ~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxx | predictive | 高 |
127 | Library | /xxxxxxx/xxxxx/xxx.xxx | predictive | 高 |
128 | Library | xxxxxxxxxxx.xxx | predictive | 高 |
129 | Library | ~/xxx/xxxxx/xxxxx-xxxxx-xxxxxxx.xxx | predictive | 高 |
130 | Argument | xxxxxx_xxxxx | predictive | 中 |
131 | Argument | xxxxxx | predictive | 低 |
132 | Argument | xxxxxx | predictive | 低 |
133 | Argument | xxxxx | predictive | 低 |
134 | Argument | x_xxxx/x_xxx/x_xxxxxxx | predictive | 高 |
135 | Argument | xxxxxxxx | predictive | 中 |
136 | Argument | xxxxx | predictive | 低 |
137 | Argument | xxxx | predictive | 低 |
138 | Argument | xxxxxx | predictive | 低 |
139 | Argument | xxxxx_xxxx/xx_xxxxx_xxxxx_xx/xx_xxxxx_xxxxx_xxxxx_xxxx_xxxx/xxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxx_xxxxx | predictive | 高 |
140 | Argument | xxxxxxxxxx_xxxx | predictive | 高 |
141 | Argument | xxxxx | predictive | 低 |
142 | Argument | xxx | predictive | 低 |
143 | Argument | xxx | predictive | 低 |
144 | Argument | xxxxxx | predictive | 低 |
145 | Argument | xxxxxxxxx[x] | predictive | 中 |
146 | Argument | xxxxxxxxx | predictive | 中 |
147 | Argument | xxxxxxx_xxxx_xxxx | predictive | 高 |
148 | Argument | xxxx | predictive | 低 |
149 | Argument | xxxxxxxxxxx | predictive | 中 |
150 | Argument | xxxx | predictive | 低 |
151 | Argument | xxxxxxx | predictive | 低 |
152 | Argument | xxxx_xxxxxx_xxxxxxxxx | predictive | 高 |
153 | Argument | xxxxx | predictive | 低 |
154 | Argument | xxxxx_xxxx/xxxxx_xxx/xxxxx_xxxx/xxxx_xx | predictive | 高 |
155 | Argument | xxxx | predictive | 低 |
156 | Argument | xxxxxxxx | predictive | 中 |
157 | Argument | xxxx | predictive | 低 |
158 | Argument | xx_xx | predictive | 低 |
159 | Argument | xxxxxxxxx | predictive | 中 |
160 | Argument | xxxxxxxxxx | predictive | 中 |
161 | Argument | xx_xx | predictive | 低 |
162 | Argument | xx=xxxxxx) | predictive | 中 |
163 | Argument | xxxx | predictive | 低 |
164 | Argument | xx | predictive | 低 |
165 | Argument | xx | predictive | 低 |
166 | Argument | xxxxx xxxxxxxxx | predictive | 高 |
167 | Argument | xxxxxxx_xxxx | predictive | 中 |
168 | Argument | xxxxxx | predictive | 低 |
169 | Argument | xxxxxxxx | predictive | 中 |
170 | Argument | xxxx | predictive | 低 |
171 | Argument | xxxxxxxx | predictive | 中 |
172 | Argument | xx/xxxx | predictive | 低 |
173 | Argument | xxx | predictive | 低 |
174 | Argument | xxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxx | predictive | 高 |
175 | Argument | xxx | predictive | 低 |
176 | Argument | x_xxx | predictive | 低 |
177 | Argument | xxxx | predictive | 低 |
178 | Argument | xxxxxx | predictive | 低 |
179 | Argument | xxx.xxxxxxx | predictive | 中 |
180 | Argument | xxxxxxx_xxxxx_xxxxxxx_xxxxx[x] | predictive | 高 |
181 | Argument | xxxx | predictive | 低 |
182 | Argument | xxxxxxxx | predictive | 中 |
183 | Argument | xxxxxxxx | predictive | 中 |
184 | Argument | xxxxx | predictive | 低 |
185 | Argument | xxxxxx | predictive | 低 |
186 | Argument | xxxxxxx | predictive | 低 |
187 | Argument | xxxxx_xxxxxx | predictive | 中 |
188 | Argument | xxxxxxxx | predictive | 中 |
189 | Argument | xxx_xx | predictive | 低 |
190 | Argument | xxx | predictive | 低 |
191 | Argument | xxxxxxxxxx | predictive | 中 |
192 | Argument | xxxxxxxxxxx | predictive | 中 |
193 | Argument | xxxxxxxx | predictive | 中 |
194 | Argument | xxxxxx_xxxx | predictive | 中 |
195 | Argument | xxxxxx | predictive | 低 |
196 | Argument | xxxx | predictive | 低 |
197 | Argument | xxx | predictive | 低 |
198 | Argument | xxxx | predictive | 低 |
199 | Argument | xxxxxx | predictive | 低 |
200 | Argument | xxx | predictive | 低 |
201 | Argument | xxxxxx_xxxx/xxxxxxxxxx/xxxx_xx/xxxxxxxxxxxx_xx/xxxxxxxxxxxx_xxxxxx_xxxx/xxxxxxxxx_xx | predictive | 高 |
202 | Argument | xxxxx | predictive | 低 |
203 | Argument | xxx | predictive | 低 |
204 | Argument | xxx | predictive | 低 |
205 | Argument | xxxxx | predictive | 低 |
206 | Argument | xxxxx/xxx | predictive | 中 |
207 | Argument | xxxxxxxxxxx | predictive | 中 |
208 | Argument | xxx | predictive | 低 |
209 | Argument | xxxxxx/xxxx | predictive | 中 |
210 | Argument | xxxxxxxx | predictive | 中 |
211 | Argument | xxxxxxxx/xxxxxxxx | predictive | 高 |
212 | Argument | xxxxxx/xxxxxx/xxxx/xxxx | predictive | 高 |
213 | Argument | 主题 | predictive | 低 |
214 | Input Value | ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx | predictive | 高 |
215 | Input Value | ../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxx | predictive | 高 |
216 | Input Value | xxxxxxxx | predictive | 中 |
217 | Input Value | <xxxxxx>xxxxx(/xxx/)</xxxxxx> | predictive | 高 |
218 | Input Value | <xxxxxx>xxxxx(x)</xxxxxx> | predictive | 高 |
219 | Network Port | xxx/xxxx | predictive | 中 |
参考 (33)
The following list contains external sources which discuss the actor and the associated activities:
- https://cyble.com/blog/new-medusa-botnet-emerging-via-mirai-botnet-targeting-linux-users/
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/Medusa
- https://threatfox.abuse.ch
- https://tracker.viriback.com/index.php?q=5.42.78.61
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=x.xx.xx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xx.xxx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xx.xx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.x
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.x
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xx.xxx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xx.xx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xxx.xx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xxx.xx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xxx.xxx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xxx.xxx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xxx.xxx.xx
- xxxxx://xxxxxxx.xxx/xxxx_xxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx