NOTROBIN 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

タイムライン

言語

en22
de2

国・地域

cn20
us2

アクター

NOTROBIN2
Gafgyt_tor1
Mirai1
RedLine Stealer1
Quasar RAT1

アクティビティ

関心

タイムライン

タイプ

Content Management System6
Not Defined4
Project Management Software2
Web Server2
WordPress Plugin2

ベンダー

Allegro4
Not Defined4
Intelliants2
CodeCanyon2
Thomas R. Pasawicz2

製品

Allegro RomPager2
Intelliants Subrion CMS2
CodeCanyon RISE Rise Ultimate Project Manager2
Allegro RomPager Embedded Web Server2
Thomas R. Pasawicz HyperBook Guestbook2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Intelliants Subrion CMS Salt Cookie SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001340.00CVE-2015-4129
2Hibernate-Validator SafeHtml Validator クロスサイトスクリプティング5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.002320.02CVE-2019-10219
3Allegro RomPager HTTP POST Request 未知の脆弱性5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.07CVE-2024-0522
4CodeCanyon RISE Rise Ultimate Project Manager signin Redirect5.65.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.03CVE-2024-0545
5Page View Count Plugin REST Endpoint SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040320.00CVE-2022-0434
6Intelliants Subrion CMS ia.core.users.php 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003140.02CVE-2017-5543
7Intelliants Subrion CMS SQLインジェクション8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001960.00CVE-2017-6013
8Subrion CMS 特権昇格6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001120.03CVE-2020-12468
9Subrion CMS blocks.php 特権昇格6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2020-12469
10Subrion CMS PDO Connection SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.002030.00CVE-2020-18155
11Subrion CMS Visual-Mode SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001140.07CVE-2021-41947
12Intelliants Subrion CMS Search search.php SQLインジェクション8.58.1$0-$5k$0-$5kNot DefinedOfficial Fix0.018000.00CVE-2017-11444
13SonarQube values 弱い暗号化5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.368800.01CVE-2020-27986
14Google Chrome Prompts メモリ破損6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003630.00CVE-2022-1635
15Google Android ParsedIntentInfo.java ParsedtentInfo 特権昇格6.56.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-0685
16PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.07CVE-2015-4134
17Allegro RomPager Embedded Web Server rom-0 情報の漏洩5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
18Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
19Oracle E-Business Suite 特権昇格5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005190.03CVE-2018-3167
20Cisco ASA WebVPN Login Page logon.html クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001920.03CVE-2014-2120

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
180.240.31.21880.240.31.218.vultrusercontent.comNOTROBIN2020年01月17日verified
2XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx2020年01月17日verified
3XXX.X.X.Xxxxxxxxxx.xxx.xxxXxxxxxxx2020年01月17日verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/+CSCOE+/logon.htmlpredictive
2File/front/search.phppredictive
3File/index.php/signinpredictive
4File/xxx-xpredictive
5Filexxxxx/xxxxxx.xxxpredictive
6Filexxxxx/xxxxxxxx/predictive
7Filexxx/xxxxxxxx/xxxxxxpredictive
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
9Filexxxx.xxxpredictive
10Filexxxxxxxx/xxxxxxx/xx.xxxx.xxxxx.xxxpredictive
11Filexxxxxxxxxxxxxxxx.xxxxpredictive
12Filexxxxxxx/xxx/predictive
13Filexxxxxxxxx.xxx?xxxxxx=xxxxxxpredictive
14Argument$_xxxpredictive
15Argumentxxxx_xxxpredictive
16Argumentxxxxxpredictive
17Argumentxxxxxxxxpredictive
18Argumentxxxpredictive
19Argumentxxxxxxxxpredictive
20Input Valuexxxx://xxxx.xxxpredictive
21Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!