Mint Sandstorm 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (41)

言語

en	38
it	4

国・地域

us	36
gb	6

アクター

Mint Sandstorm	3
TunnelVision	2

関心

タイプ

Not Defined	16
Content Management System	10
Network Camera Software	2
Programming Language Software	2
Application Server Software	2

ベンダー

Not Defined	16
AVTECH	2
Umbraco	2
cpp-ethereum	2
Alienvault	2

製品

WordPress	6
AVTECH IP Camera	2
AVTECH NVR	2
AVTECH DVR	2
Umbraco CMS	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	SAP NetWeaver MigrationService 特権昇格	9.2	9.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00077	0.00	CVE-2021-21481
2	WordPress クロスサイトスクリプティング	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00364	0.02	CVE-2022-21662
3	WordPress WP_Query SQLインジェクション	6.3	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.94585	0.00	CVE-2022-21661
4	Microsoft Windows RDP 特権昇格	8.8	7.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00121	0.00	CVE-2021-1669
5	Cacti Request Parameter remote_agent.php 特権昇格	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.96631	0.05	CVE-2022-46169
6	ZyXEL USG FLEX 50 CGI Program 特権昇格	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.97442	0.03	CVE-2022-30525
7	All in One SEO Plugin REST API Endpoint 特権昇格	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02407	0.00	CVE-2021-25036
8	YITH WooCommerce Gift Cards Premium Plugin Shopping Cart php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.17866	0.00	CVE-2021-3120
9	WordPress wp-publications Plugin Archive bibtexbrowser.php ディレクトリトラバーサル	7.8	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00565	0.03	CVE-2021-38360
10	WP Import Export Plugin class-wpie-general.php wpie_process_file_download 特権昇格	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00161	0.00	CVE-2022-0236
11	Cisco Small Business RV345 メモリ破損	9.9	9.7	$5k-$25k	$0-$5k	High	Official Fix	0.96324	0.05	CVE-2022-20699
12	WordPress Object 特権昇格	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00432	0.00	CVE-2022-21663
13	WordPress SQLインジェクション	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.07	CVE-2022-21664
14	Oracle GlassFish Open Source Edition Demo Feature 弱い認証	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00187	0.07	CVE-2018-14324
15	Microsoft Exchange Server Privilege Escalation	8.8	8.3	$25k-$100k	$0-$5k	High	Official Fix	0.96540	0.03	CVE-2021-42321
16	F5 BIG-IP TMUI Privilege Escalation	8.8	8.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00159	0.03	CVE-2021-22988
17	Microsoft SharePoint Server Privilege Escalation	8.8	7.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.32312	0.00	CVE-2021-31181
18	Umbraco CMS Installation ディレクトリトラバーサル	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00384	0.06	CVE-2020-5811
19	cpp-ethereum JSON-RPC admin_addPeer API 特権昇格	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01274	0.04	CVE-2017-12112
20	Oracle GlassFish Server Java Server Faces 特権昇格	3.1	3.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00129	0.00	CVE-2017-3626

キャンペーン (1)

These are the campaigns that can be associated with the actor:

Drokbk

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	51.89.135.15	ip15.ip-51-89-135.eu	Mint Sandstorm	Drokbk	2023年04月22日	verified	高
2	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xx	Xxxx Xxxxxxxxx	Xxxxxx	2023年04月22日	verified	高
3	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xx	Xxxx Xxxxxxxxx	Xxxxxx	2023年04月22日	verified	高
4	XX.XX.XXX.X	xxx.xx-xx-xx-xxx.xxx	Xxxx Xxxxxxxxx	Xxxxxx	2023年04月22日	verified	高

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	高
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
6	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
7	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
9	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
10	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
11	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/cgi-bin/user/Config.cgi	predictive	高
2	File	admin.php/User/del/ucode/	predictive	高
3	File	detail.php	predictive	中
4	File	ext/standard/http_fopen_wrapper.c	predictive	高
5	File	xxxxx.xxx	predictive	中
6	File	xxxxx_xxx.xxx	predictive	高
7	File	xxxxxxxxxx.x	predictive	中
8	File	xxx	predictive	低
9	File	xxxx.xxx	predictive	中
10	File	xxxxxxxxx.xxx	predictive	高
11	File	xxxxxx_xxxxx.xxx	predictive	高
12	File	xxxx.xxx	predictive	中
13	File	xxxxxx/xxxxx.xxx/xxxx/xxxx	predictive	高
14	File	xxxxxxxxx.xxx	predictive	高
15	File	~/xxxxxxxxxxxxx.xxx	predictive	高
16	File	~/xxxxxxxx/xxxxxxx/xxxxx-xxxx-xxxxxxx.xxx	predictive	高
17	Argument	xxx	predictive	低
18	Argument	xxxx/xxxxxxx	predictive	中
19	Argument	xxxx_xx	predictive	低
20	Argument	xxxxxxxx	predictive	中
21	Argument	xxxx	predictive	低
22	Argument	xxxxxxx	predictive	低
23	Argument	x_xxxx	predictive	低
24	Argument	xxxxx_xx	predictive	中
25	Input Value	xxxxxx=xxx&xxxxxxxx=xxxxxxx.*	predictive	高
26	Input Value	xxxxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!