Ostap 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

en110
zh96
ar94
ja90
pl86

国・地域

ar94
pl86
ru84
fr78
it78

アクター

Unknown1

アクティビティ

関心

タイムライン

タイプ

Not Defined60
WordPress Plugin40
E-Commerce Management Software6
Content Management System6
Web Server4

ベンダー

Not Defined38
Tenda18
Kashipara4
Apache4
GOG4

製品

Tenda W15E8
MailCleaner6
Kashipara Online Furniture Shopping Ecommerce Webs ...4
Tenda 4G3004
Apache HTTP Server4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Apryse WebViewer PDF Document クロスサイトスクリプティング3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.07CVE-2024-4327
2MailCleaner Email 特権昇格9.89.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.07CVE-2024-3191
3osCommerce all-products クロスサイトスクリプティング4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.04CVE-2024-4348
4MailCleaner Admin Interface クロスサイトスクリプティング5.85.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.07CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.21CVE-2024-4349
6MailCleaner Admin Endpoints 特権昇格8.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.00CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin 特権昇格6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
8Extend Themes Teluro Plugin 未知の脆弱性4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33688
9Apache HTTP Server mod_lua Multipart Parser r:parsebody メモリ破損8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.088080.03CVE-2021-44790
10Elementor ImageBox Plugin クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-3074
11Dell Wyse Proprietary OS Telemetry Dashboard 情報の漏洩4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-28963
12Apache Parquet Parquet-MR サービス拒否3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2021-41561
13Foliovision FV Flowplayer Video Player Plugin 特権昇格5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-32955
14Dell Repository Manager API Module 特権昇格8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-28976
15Jegstudio Financio Plugin 未知の脆弱性4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-33690
16Pavex Embed Google Photos Album Plugin 特権昇格5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32775
17ThemeNcode Fan Page Widget by Plugin クロスサイトスクリプティング4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
18AnnounceKit Plugin クロスサイトスクリプティング2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
19Repute Infosystems ARMember Plugin 特権昇格7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948
20Dell Repository Manager Logger Module 特権昇格3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-28977

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.4.8.3dynamic-005-004-008-003.5.4.pool.telefonica.deOstap2019年09月11日verified
2185.130.104.149customer.clientshostname.comOstap2019年09月11日verified
3XXX.XXX.XXX.XXXxxxx.xxx-xxxxx.xxXxxxx2019年09月11日verified
4XXX.XXX.XXX.XXX.Xxxxx2019年09月11日verified
5XXX.XXX.XX.XX.Xxxxx2019年09月11日verified
6XXX.XXX.XX.XXxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxx2019年09月11日verified
7XXX.XXX.XXX.XXX.Xxxxx2019年09月11日verified
8XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xxXxxxx2019年09月11日verified

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/catalog/all-productspredictive
2File/changePasswordpredictive
3File/forum/away.phppredictive
4File/goform/addIpMacBindpredictive
5File/goform/DelDhcpRulepredictive
6File/goform/delIpMacBindpredictive
7File/goform/DelPortMappingpredictive
8File/goform/modifyDhcpRulepredictive
9File/goform/modifyIpMacBindpredictive
10File/xxxxxx/xxxxxxxxxxxxpredictive
11File/xxxxxx/xxxxxxxxxxpredictive
12File/xxxxxx/xxxxxxxxxpredictive
13File/xxxxxx/xxxxxxxxxxxxxxxxpredictive
14File/xxxxxx/xxxxxxxxxxxxxxpredictive
15File/xxxxxx/xxxxxxxxxxxxxxpredictive
16File/xxxxxx/xxxxxxxxxxxxxpredictive
17File/xxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
18File/xxxxxx/xxxxxxxxxxxpredictive
19File/xxxxxx/xxxxxxxxxx.xxxpredictive
20File/xxxxxxxxxxx.xxx/xxxxxxxxpredictive
21File/xxxxxx_xx.xxxpredictive
22File/xxxxxxxx.xxxpredictive
23File/xxx/xxxxxxx/xxxpredictive
24File/xxxx.xxxpredictive
25File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictive
26File/xxxx/xxxxxx_xxx.xxxpredictive
27Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictive
28Filexxxxxxxxxxxx.xxxpredictive
29Filexxxxxxxxxxxxxxxxxxx.xxxpredictive
30Filexxxxxxx/xxxxxxxx.xxxpredictive
31Filexx/xxxxxx/xxxxxxxxxxpredictive
32Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictive
33Filexxxxx.xxxpredictive
34Filexxxxxxxx.xxxpredictive
35Filexxx.xxpredictive
36Filexxxxxxxx.xxxpredictive
37Filexxxxxxxx.xxxpredictive
38Filexxxxxxxxxxxxxxx.xxxpredictive
39Argumentxxxxx_xxxxxpredictive
40Argumentxxxxxxxxxxxxxpredictive
41Argumentxxxpredictive
42Argumentxxxxxxxxxpredictive
43Argumentxxxxxxxxxxxxpredictive
44Argumentxxxxxxxxxxpredictive
45Argumentxxxxxxxpredictive
46Argumentxxxxpredictive
47Argumentxxxxxxxxxxxxxxxxxxxxxxpredictive
48Argumentxx/xxxxpredictive
49Argumentxxxxxxxpredictive
50Argumentxxpredictive
51Argumentxxpredictive
52Argumentxxxxxxxxxxxxxxpredictive
53Argumentxxxxxxxxxxxxxpredictive
54Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
55Argumentxxxxpredictive
56Argumentxxxxxxxxxxpredictive
57Argumentxxxxxxxxxxxxpredictive
58Argumentxx_xxxxxx_xxxxxxxxxxxxpredictive
59Argumentxx_xxxxxpredictive
60Argumentxxxxpredictive
61Argumentxxxx/xxxxxx/xxxxxxxpredictive
62Argumentxxxxxxxxxxxxxxxxpredictive
63Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictive
64Argumentxxxxxxpredictive
65Argumentxxxxxxxxpredictive
66Argumentxxxxxxxxxxxxxxxxxxpredictive
67Argumentxxxxxxxxxxpredictive
68Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictive
69Argumentxxxxxxxxxpredictive
70Argumentxxxxxxxxxxxxxxxxpredictive
71Argumentxxxxpredictive
72Argumentxxxxxxxxxxpredictive
73Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!