Ngoiweb 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (134)

タイムライン

言語

en116
zh6
fr6
ru2
ja2

国・地域

us56
gb52
cn6
be2
de2

アクター

Ngoiweb9
APT282
TA5052
Necurs (.iqy)1
Silence1

アクティビティ

関心

タイムライン

タイプ

Not Defined58
Content Management System18
Web Browser6
Operating System6
WordPress Plugin4

ベンダー

Not Defined30
Oracle6
Google4
Totolink4
Linux4

製品

WordPress4
Google Chrome4
Linux Kernel4
Atmail2
GE Voluson S82

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1PHP phpinfo クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.00CVE-2007-1287
2Linux Kernel IPsec nfp_cppcore.c area_cache_get メモリ破損6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-3545
3e-Quick Cart shoptellafriend.asp クロスサイトスクリプティング3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.04
4Anserv PHP LOW BIDS viewfaqs.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.000870.00CVE-2011-0646
5Adobe Dreamweaver 特権昇格5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000570.03CVE-2021-21055
6Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu メモリ破損6.36.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.14CVE-2022-3564
7Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
8X.org Server xkb.c _GetCountedString メモリ破損6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.005230.07CVE-2022-3550
9LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000005.90
10Google Chrome Animation メモリ破損6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.041900.00CVE-2022-0609
11DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.19CVE-2010-0966
12WSO2 API Manager File Upload 特権昇格9.89.8$0-$5k$0-$5kHighNot Defined0.973060.07CVE-2022-29464
13Keysight IXIA Hawkeye licenses クロスサイトスクリプティング4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000830.07CVE-2023-1860
14Totolink LR1200GB Web Interface cstecgi.cgi loginAuth メモリ破損9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-1783
15Google Chrome Index DB メモリ破損6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002380.00CVE-2022-1853
16Totolink T6 HTTP POST Request main メモリ破損9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000720.07CVE-2023-7221
17Zoom Desktop Client/VDI Client/Meeting SDK/Rooms Client Zoom Meeting 特権昇格7.97.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-24691
18Fortinet FortiSIEM API Request 特権昇格9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2024-23108
19PHPmybibli cart.php 特権昇格7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.053940.05CVE-2006-5402
20PHPGurukul Dairy Farm Shop Management System add-category.php SQLインジェクション6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.09CVE-2024-0355

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
11.125.125.5Ngoiweb2019年06月23日verified
25.135.35.160ip160.ip-5-135-35.euNgoiweb2019年06月23日verified
35.135.58.119u.competitionhumourumbrella.cityNgoiweb2019年06月23日verified
45.135.58.121760.impulseratecloud.storeNgoiweb2019年06月23日verified
55.135.58.12395p0.impulseratecloud.storeNgoiweb2019年06月23日verified
65.135.58.124pwtu32k.groupsensefixed.meNgoiweb2019年06月23日verified
75.196.194.209ip209.ip-5-196-194.euNgoiweb2019年06月23日verified
8XX.XX.XX.XXXxxxxxx.xxxxxxxxxxxx.xxxXxxxxxx2019年06月23日verified
9XX.XXX.XXX.XXxxxxxxxxxxxxx.xxxxxxx.xxxx.xxxx.xx.xxXxxxxxx2019年06月23日verified
10XX.XX.XXX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxxx2019年06月23日verified
11XX.XXX.XX.XXxxxx.xx-xx-xxx-xx.xxXxxxxxx2019年06月23日verified
12XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxx2019年06月23日verified
13XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxx2019年06月23日verified
14XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxx2019年06月23日verified
15XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxx2019年06月23日verified
16XX.XX.XX.XXxxxxxx.xxxxxx.xxxXxxxxxx2019年06月23日verified
17XX.XX.XXX.XXxxxxxx.xx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx2019年06月23日verified
18XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxxx2019年06月23日verified
19XX.XXX.XXX.XXXxxxxx.xx-xx-xxx-xxx.xxXxxxxxx2019年06月23日verified
20XX.XXX.XXX.XXxxx.xxxxx.xxxxXxxxxxx2019年06月23日verified
21XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxxxx2019年06月23日verified
22XXX.XXX.XXX.XXXXxxxxxx2019年06月23日verified
23XXX.XXX.XXX.XXXxxxxxxx-xxx.xxxxxxxxxxx.xxxXxxxxxx2019年06月23日verified
24XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxx2019年06月23日verified
25XXX.XXX.XXX.XXXxxx.xx.xxxxxxxxxx.xxxXxxxxxx2019年06月23日verified
26XXX.XX.XXX.XXXxxxxx.xxxxx.xxxXxxxxxx2019年06月23日verified
27XXX.XX.XXX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxx2019年06月23日verified
28XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxxxx2019年06月23日verified
29XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxxxx2019年06月23日verified
30XXX.XXX.XXX.XXxxxxxxxxxx.xxxxXxxxxxx2019年06月23日verified
31XXX.XXX.X.XXXxxxxx.xx-xxx-xxx-x.xxXxxxxxx2019年06月23日verified
32XXX.XXX.XXX.XXxxxx.xx-xxx-xxx-xxx.xxXxxxxxx2019年06月23日verified
33XXX.XX.XX.XXXxxxxx.xx-xxx-xx-xx.xxXxxxxxx2019年06月23日verified
34XXX.XXX.XXX.XXxxxxxx.xxxxxxxxx.xxxXxxxxxx2019年06月23日verified

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-24Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
10TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/apply/index.phppredictive
2File/catcompany.phppredictive
3File/cgi-bin/adm.cgipredictive
4File/cgi-bin/cstecgi.cgipredictive
5File/cgi-bin/cstecgi.cgi?action=loginpredictive
6File/eclime/manufacturers.phppredictive
7File/forum/away.phppredictive
8File/include/file.phppredictive
9File/licensespredictive
10File/Loginpredictive
11File/xxxxxxx/predictive
12File/xxx/xxx/xxxxxxpredictive
13Filexxx-xxxxxxxx.xxxpredictive
14Filexxxxx/xxx/xxxx.xxx.xxxpredictive
15Filexxxxxxxxx.xxxpredictive
16Filexxxx_xxxxxxx.xxxpredictive
17Filexxxx_xxxxxxx.xxxpredictive
18Filexxx/xxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxxx.xxxpredictive
19Filexxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictive
20Filexxxxxxxxxxxx/xxxx-xxx-xxxx/xxxxxx/xxxxx/xxx/xxxx/xxxxxx.xxxpredictive
21Filexxxxxxx.xxpredictive
22Filexxxxx.xxxpredictive
23Filexxx_xxxxxxxxx.xxxpredictive
24Filexxxx.xxxpredictive
25Filexxxxx.xxxxxxxxxx-xxxxxxxx.xxxpredictive
26Filexxxxx.xxxpredictive
27Filexxxxxxxx.xxxpredictive
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
29Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxxx/xxx_xxxxxxx.xpredictive
30Filexxxx.xxxpredictive
31Filexxx/xxxx/xxxx.xpredictive
32Filexxxxx.xxxpredictive
33Filexxxxx.xxx?xxx=xxxx&xxxxxx=xxxxxxxxxpredictive
34Filexxxx.xpredictive
35Filexxx/xxxxxx.xxxpredictive
36Filexxxxx.xxpredictive
37Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictive
38Filexxxxx.xxxpredictive
39Filexxxxx.xxxpredictive
40Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictive
41Filexxx-xxx.xxxx.xxpredictive
42Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictive
43Filexxxx_xxx_xx.xpredictive
44Filexxxxxx.xxpredictive
45Filexxxxx.xxxpredictive
46Filexxxxxxxxxxxxxxx.xxxpredictive
47Filexxxxxxxxx/xxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictive
48Filexxxxxxxx.xxxpredictive
49Filexxx/xxx.xpredictive
50Filexx/xxx.xxxpredictive
51Argumentxxxxxxxxxpredictive
52Argumentxxxxpredictive
53Argumentxxxxxxxxpredictive
54Argumentxxxxxxxxpredictive
55Argumentxxxxxxxxxxxxxpredictive
56Argumentxxxpredictive
57Argumentxxxxxxxxpredictive
58Argumentxxxxxxxxxxpredictive
59Argumentxxxxxxpredictive
60Argumentxxxxxxpredictive
61Argumentxxxxxxxxpredictive
62Argumentxxxx_xxxxxxxxpredictive
63Argumentxxxxxpredictive
64Argumentxxxxpredictive
65Argumentxxxxxpredictive
66Argumentxxxxxpredictive
67Argumentxxxx_xxxxpredictive
68Argumentxxpredictive
69Argumentxxxxxxx_xxxxpredictive
70Argumentxxxxpredictive
71Argumentxxxxxxxxxxxxx_xxpredictive
72Argumentxxxxxxpredictive
73Argumentxxpredictive
74Argumentxx_xxpredictive
75Argumentxxxxpredictive
76Argumentxxxxxxxxpredictive
77Argumentxxxxxxpredictive
78Argumentxxxxxxxpredictive
79Argumentxxxxxxpredictive
80Argumentxxxxxpredictive
81Argumentxxxxpredictive
82Argumentxxxxxxxxxxx/xxxxxxxxxpredictive
83Argumentxxxpredictive
84Argumentxxxxpredictive
85Argumentxxxpredictive
86Argumentxxxxpredictive
87Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictive
88Input Valuexxxxx%'/**/xxx/**/(xxxxxx/**/xxxx/**/xxxx/**/(xxxxxx(xxxxx(x)))xxxx)/**/xxx/**/'xxxx%'='xxxxpredictive
89Input Valuexxxxx"><xxxxxx>xxxxx(%xxxxxxxxxxxx%xx)</xxxxxx>predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!