NDSW 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

タイムライン

言語

en62
ru14
it4
de4
zh2

国・地域

ru72
us10
hr2
fr2

アクター

NDSW3
Locky2
Emotet (Trickbot + Zeus Panda)1
Hancitor (HelloFax Theme)1
YKCOL (Locky Variant)1

アクティビティ

関心

タイムライン

タイプ

Not Defined16
Forum Software6
WordPress Plugin4
Router Operating System4
Programming Language Software4

ベンダー

Not Defined20
D-Link4
Microsoft2
TBDev2
DZCP2

製品

Microsoft Office2
Add Comments Plugin2
TBDev TBDev.NET2
D-Link DIR-865L2
WordPress2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1PHP Link Directory Administration Page index.html クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.29CVE-2007-0529
2MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013021.15CVE-2007-0354
3LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.59
4Esoftpro Online Guestbook Pro ogp_show.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.19CVE-2009-4935
5phpMyAdmin phpinfo.php 情報の漏洩5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001420.05CVE-2016-9848
6DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.48CVE-2010-0966
7LushiWarPlaner register.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.007840.06CVE-2007-0864
8Flat PHP Board ディレクトリトラバーサル3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.05
9Simple PHP Guestbook guestbook.php クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
10212cafe 212cafeboard view.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.000640.06CVE-2008-4713
11Microsoft Office Object Remote Code Execution7.06.9$5k-$25k$0-$5kHighOfficial Fix0.973390.07CVE-2017-8570
12Lars Ellingsen Guestserver guestbook.cgi クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.10CVE-2005-4222
13Huawei SmartCare Dashboard Stored クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2017-15312
14Flat PHP Board ディレクトリトラバーサル3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
15Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
16TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010756.18CVE-2006-6168
17Apple Mac OS X Server Wiki Server SQLインジェクション5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003391.66CVE-2015-5911
18DZCP deV!L`z Clanportal browser.php 情報の漏洩5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.91CVE-2007-1167
19D-Link DIR-865L register_send.php 弱い認証7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.04CVE-2013-3096
20jforum User 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1109.234.35.249v1020533.hosted-by-vdsina.ruNDSW2022年07月29日verified
2XXX.XX.XXX.XXXxxx2022年07月29日verified
3XXX.XXX.XXX.XXXxxxx.xxXxxx2022年07月29日verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/forum/away.phppredictive
2Fileadmin/conf_users_edit.phppredictive
3Fileadmin/index.phppredictive
4Fileblog.phppredictive
5Filecomments/feedpredictive
6Filedata/gbconfiguration.datpredictive
7Filexxxxxxxx.xxxpredictive
8Filexxx/xxx/xxxxxpredictive
9Filexxxxx.xxxpredictive
10Filexxxxx.xxxpredictive
11Filexxxxxxxxx.xxxpredictive
12Filexxxxxxxxx.xxxpredictive
13Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictive
14Filexxx/xxxxxx.xxxpredictive
15Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
16Filexxxxx.xxxxpredictive
17Filexxxxxxxx.xxxpredictive
18Filexxxx.xxxpredictive
19Filexxx_xxxx.xxxpredictive
20Filexxxxxxx.xxxpredictive
21Filexxxxxxxx.xxxpredictive
22Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
23Filexxxxxxxx_xxxx.xxxpredictive
24Filexxx.xpredictive
25Filexxxx-xxxxxxxx.xxxpredictive
26Filexxxxxx.xxxpredictive
27Filexxxx.xxxpredictive
28Filexxxxxx.xxxpredictive
29Argumentxxxxxxpredictive
30Argumentxxxxxxxxpredictive
31Argumentxxxpredictive
32Argumentxxxxxxxxxxxpredictive
33Argumentxxxxxxxpredictive
34Argumentxxxxpredictive
35Argumentxxpredictive
36Argumentxxxxpredictive
37Argumentxxxpredictive
38Argumentxxxxxxxxpredictive
39Argumentxxxxxxxxpredictive
40Argumentxxxxxxxxpredictive
41Argumentxxxxxxpredictive
42Argumentxxxxpredictive
43Argumentxxxxxpredictive
44Argumentxxxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!