NetSupport 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (204)

タイムライン

言語

en180
zh12
fr4
ar2
de2

国・地域

us92
cn54
ce6
tr4
gb2

アクター

Cobalt Strike12
NetSupportManager RAT11
Raccoon9
SideWinder8
RecordBreaker8

アクティビティ

関心

タイムライン

タイプ

Not Defined80
Firewall Software12
Router Operating System12
WordPress Plugin12
Content Management System6

ベンダー

Not Defined60
Microsoft12
Cisco6
Hikvision6
Siemens6

製品

WordPress4
Microsoft Exchange Server4
F5 BIG-IP4
Siemens SPPA-T3000 Application Server4
Sophos Cyberoam Firewall2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.17CVE-2010-0966
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
3Palo Alto PAN-OS GlobalProtect Clientless VPN メモリ破損8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
4WordPress SQLインジェクション6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.07CVE-2022-21664
5VeronaLabs wp-statistics Plugin API Endpoint Blind SQLインジェクション8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
6Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
7Linksys WRT54GL Web Management Interface SysInfo1.htm 情報の漏洩4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.07CVE-2024-1406
8Teclib GLPI unlock_tasks.php SQLインジェクション8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.03CVE-2019-10232
9Sophos Firewall User Portal/Webadmin 弱い認証8.58.5$0-$5k$0-$5kHighNot Defined0.974180.00CVE-2022-1040
10CutePHP CuteNews 特権昇格7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.04CVE-2019-11447
11WordPress Object 特権昇格5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.00CVE-2022-21663
12Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.070840.03CVE-2022-26923
13QNAP QTS Media Library 特権昇格8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
14OpenSSH Authentication Username 情報の漏洩5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.59CVE-2016-6210
15Samurai Build File util.c canonpath メモリ破損6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2019-19795
16Phpsugar PHP Melody page_manager.php クロスサイトスクリプティング5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2017-15648
17MikroTik RouterOS FTP Request メモリ破損4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001070.06CVE-2020-22845
18Simple and Beautiful Shopping Cart System uploadera.php 特権昇格7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.00CVE-2023-1558
19RealNetworks RealServer Port 7070 Service サービス拒否7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.021160.15CVE-2000-0272
20Microsoft Windows Themes 情報の漏洩5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.001280.04CVE-2024-21320

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1185.225.17.53xyftjms.cnNetSupport2019年10月20日verified
2XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx2019年10月20日verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-23Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (94)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/api/RecordingList/DownloadRecord?file=predictive
2File/apply.cgipredictive
3File/netflow/jspui/editProfile.jsppredictive
4File/php/ping.phppredictive
5File/rapi/read_urlpredictive
6File/scripts/unlock_tasks.phppredictive
7File/SysInfo1.htmpredictive
8File/sysinfo_json.cgipredictive
9File/system/user/modules/mod_users/controller.phppredictive
10File/wp-admin/admin-post.php?es_skip=1&option_namepredictive
11Fileappserv/main.phppredictive
12Filexxx-xxx/xxxxx_xxx_xxxpredictive
13Filexxxxxx/xxx.xpredictive
14Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
15Filexxxxxxxxx.xxx.xxxpredictive
16Filexxxxx/xxxxx.xxxpredictive
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
18Filexxxx_xxxxx.xxxpredictive
19Filexxxxx.xxxpredictive
20Filexxxxxx.xxxpredictive
21Filexx/xx-xx.xpredictive
22Filexxx/xxxx_xxxx.xpredictive
23Filexxxxxx/xxxxxxxxxxxpredictive
24Filexxxx_xxxxxx.xpredictive
25Filexxxx/xxxxxxx.xpredictive
26Filexxx/xxxxxx.xxxpredictive
27Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
28Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictive
29Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictive
30Filexxxxx.xxxpredictive
31Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictive
32Filexxxxxxxxxx.xxxpredictive
33Filexxxxxx_xxxx_xxxxxxx.xxxpredictive
34Filexxxxx.xxxpredictive
35Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictive
36Filexxx/xxx.xxxpredictive
37Filexxxx_xxxxxxx.xxxpredictive
38Filexxx%xx.xxxpredictive
39Filexxxxxx.xpredictive
40Filexxxx.xxxpredictive
41Filexxxxx.xxxpredictive
42Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
43Filexxxxxxxx.xxxpredictive
44Filexxxx.xxxpredictive
45Filexxxxx/xxxxx.xxxpredictive
46Filexxxxxxxx.xxxpredictive
47Filexxxxxxxxx.xxxpredictive
48Filexxxxxxxxx.xxxpredictive
49Filexxxx.xpredictive
50Filexxxxxxxxxxpredictive
51Filexxxxxxx/xxxxx.xxxpredictive
52Argumentxxxxxxpredictive
53Argumentxxxxxxx_xxxxpredictive
54Argumentxxxxxx_xxxxpredictive
55Argumentxxxxxxxxpredictive
56Argumentxxxpredictive
57Argumentxxxxxxxxxxxxxxxxxpredictive
58Argumentxxxxxpredictive
59Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictive
60Argumentxxxxxx_xxpredictive
61Argumentxxxxpredictive
62Argumentxxxxxxpredictive
63Argumentxxxxpredictive
64Argumentxxxxpredictive
65Argumentxxpredictive
66Argumentxxxxx_xxxxpredictive
67Argumentxxxxxxxx[xx]predictive
68Argumentxxxpredictive
69Argumentxxxxxxxpredictive
70Argumentxxx_xxxxpredictive
71Argumentxxxx_xxxxxpredictive
72Argumentxxxxxxxxpredictive
73Argumentxxxxxxx/xxxxxpredictive
74Argumentxxxxxxxxxxpredictive
75Argumentxxxxxx_xxxpredictive
76Argumentxxxx_xxpredictive
77Argumentxxxxxxxx_xxxxxxxxpredictive
78Argumentxxxxxxxxxxxxxxxxxxxxxpredictive
79Argumentxxxx_xxpredictive
80Argumentxxxpredictive
81Argumentxxxxpredictive
82Argumentxxxxxxxxpredictive
83Argumentxxxxxxxxpredictive
84Argumentxxxx/xx/xxxx/xxxpredictive
85Input Value.%xx.../.%xx.../predictive
86Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictive
87Input Valuexxxxxxx -xxxpredictive
88Input Valuexxxxxxxxxxpredictive
89Network Portxxxxpredictive
90Network Portxxxxpredictive
91Network Portxxxx xxxxpredictive
92Network Portxxx/xxxpredictive
93Network Portxxx/xxxpredictive
94Network Portxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!