ModernLoader 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (56)

タイムライン

言語

en52
ru4

国・地域

ru8

アクター

Tofsee2
RedLine Stealer2
ModernLoader2
Amadey2
Stealc2

アクティビティ

関心

タイムライン

タイプ

Not Defined42
Health Information Software2
Groupware Software2
Multimedia Player Software2
Content Management System2

ベンダー

Not Defined18
SourceCodester12
annyshow4
OpenMRS2
Microsoft2

製品

annyshow DuxCMS4
OpenMRS openmrs-module-referenceapplication2
Microsoft Exchange Server2
SourceCodester Lead Management System2
SourceCodester Online School Fees System2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1SourceCodester Medical Certificate Generator App action.php SQLインジェクション8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001160.04CVE-2023-0774
2Microsoft Exchange Server Remote Code Execution7.67.1$25k-$100k$0-$5kFunctionalOfficial Fix0.234410.04CVE-2021-31206
3SmarterTools SmarterMail Service Port 17001 Remote Code Execution8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.803500.07CVE-2019-7214
4Sony Playstation 3 Save Game PARAM.SFO 特権昇格7.47.0$25k-$100k$0-$5kProof-of-ConceptNot Defined0.000000.02
5VUBB usercp.php SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
6WordPress SQLインジェクション6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
7PowerDNS Authoritative Server/PowerDNS Recursor Zone Transfer Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002600.04CVE-2022-27227
8SourceCodester Online School Fees System GET Parameter ajx.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.07CVE-2023-3340
9SourceCodester Theme Park Ticketing System GET Parameter print_ticket.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.03CVE-2023-2865
10ampleShop youraccount.cfm SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.006210.00CVE-2006-2038
11X-Man SQLインジェクション6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.001400.00CVE-2022-46021
12Ebay Feeds Plugin magpie_slashbox.php クロスサイトスクリプティング5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001450.00CVE-2014-4525
13SourceCodester Music Gallery Site view_category.php SQLインジェクション6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001320.03CVE-2023-1053
14SourceCodester Simple Payroll System POST Parameter クロスサイトスクリプティング3.23.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000600.00CVE-2023-1113
15Netgear WNDR3700v2 Web Management Interface サービス拒否6.05.8$5k-$25k$5k-$25kProof-of-ConceptWorkaround0.001140.04CVE-2023-0848
16Netgear WNDR3700v2 Web Interface サービス拒否4.34.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.001350.06CVE-2023-0850
17Xoslab Easy File Locker xlkfs.sys MessageNotifyCallback サービス拒否6.36.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.03CVE-2023-0908
18SourceCodester Simple Food Ordering System process_order.php クロスサイトスクリプティング3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.001280.00CVE-2023-0902
19tinymighty WikiSEO Meta Property Tag WikiSEO.body.php modifyHTML クロスサイトスクリプティング5.55.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001520.06CVE-2015-10073
20NYUCCL psiTurk experiment.py Privilege Escalation6.66.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000880.03CVE-2021-4315

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
131.41.244.231ModernLoader2022年12月21日verified
231.41.244.235ModernLoader2022年12月21日verified
3XX.XXX.XX.XXXxxxxxxxxxxx2023年05月06日verified
4XX.XXX.XX.XXXxxxxxxxxxxx2023年04月07日verified
5XX.XXX.XX.XXXxxxxxxxxxxx2022年12月21日verified
6XX.XXX.XX.XXXXxxxxxxxxxxx2022年12月21日verified
7XX.XXX.XX.XXXXxxxxxxxxxxx2023年01月03日verified
8XX.XXX.XX.XXXXxxxxxxxxxxx2022年12月27日verified
9XXX.XXX.XX.XXXxxxxxxxxxxx2023年04月20日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-0CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-0CWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx Xxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (72)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/ajax.php?action=save_windowpredictive
2File/admin/api/theme-edit/predictive
3File/face-recognition-php/facepay-master/camera.phppredictive
4File/forum/PostPrivateMessagepredictive
5File/home/masterConsolepredictive
6File/hrm/employeeadd.phppredictive
7File/hrm/employeeview.phppredictive
8Fileaction.phppredictive
9Fileadmin.php&r=article/AdminContent/editpredictive
10Filexxxxx/?xxxx=xxxxxpredictive
11Filexxxx/xx_*.xxxpredictive
12Filexxx.xxxpredictive
13Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxx.xxxpredictive
14Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictive
15Filexxxxxx.xxxxpredictive
16Filexxxxx_xxxx.xpredictive
17Filexxxx_xxxxxxxxx.xxxxxpredictive
18Filexxx/xxxxx.xxxxxxxxxxx.xxxpredictive
19Filexxxxx.xxxpredictive
20Filexxxxx.xxx?xxxx=xxxxxpredictive
21Filexxxxxx.xxxxxxxxxx.xxpredictive
22Filexxx/xxxxxxx/xxxxxx.xxpredictive
23Filexxx/xxxxxx.xxpredictive
24Filexxxxx.xxxpredictive
25Filexxxxxx/xxxxxxx/xxxxxx_xxxxxxxx.xxxpredictive
26Filexxxx/xxx/xxxx/xxxx/xxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
27Filexxxx/xxx/xxxx/xxxxxx/xxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictive
28Filexxxxx.xxxpredictive
29Filexxxxx_xxxxxx.xxxpredictive
30Filexxxxx.xpredictive
31Filexxxxxxx_xxxxx.xxxpredictive
32Filexxxxxxx/xxxxxxxxxx.xxpredictive
33Filexxxxxx-xxxxxxxx.xxxpredictive
34Filexxxxxxxxx/xxxx/xxxxxxxx+xxxxxxxxx.xpredictive
35Filexxx/xxxx/xxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxx.xxxxpredictive
36Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictive
37Filexxx/xxxxxxxxx.xpredictive
38Filexxxxxx-xxxxxx.xxxpredictive
39Filexxx/xxx.xxxxx.xxxpredictive
40Filexxxxxx.xxxpredictive
41Filexxxx_xxxxxxxx.xxxpredictive
42Filexxxxxxx.xxxx.xxxpredictive
43Filexxxxxxxxxxx.xxxpredictive
44Libraryxxxxx.xxxpredictive
45Argumentxxxxxpredictive
46Argumentxxpredictive
47Argumentxxxxxxxpredictive
48Argumentxxxxxxxpredictive
49Argumentxxxxxpredictive
50Argumentxxxxxxxxpredictive
51Argumentxxpredictive
52Argumentxx_xxxxxpredictive
53Argumentxxxxxxxxpredictive
54Argumentxxxxx/xxxxxxpredictive
55Argumentxxxxpredictive
56Argumentxxx_xxxxpredictive
57Argumentxxxxpredictive
58Argumentxxxx_xxxxxxxxxxpredictive
59Argumentxxxxxpredictive
60Argumentxxxxxxxxpredictive
61Argumentxxx_xxxpredictive
62Argumentxxxxxxpredictive
63Argumentxxxxxx_xxxxxxxxpredictive
64Argumentxxxxxxx/xxxxxxxpredictive
65Argumentxxxx/xxxxxx xxxxpredictive
66Argumentxxxx_xxxpredictive
67Argumentxxxpredictive
68Argumentxxxxxxpredictive
69Argumentxxxxxxxxpredictive
70Argumentxxxxxpredictive
71Argumentxxxxpredictive
72Network Portxxxxxpredictive

参考 (7)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!