Packrat 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

言語

en	60
pt	18
es	8

国・地域

br	40
es	8
us	4
cl	4

アクター

Packrat	3

関心

タイプ

Not Defined	10
Smartphone Operating System	6
Office Suite Software	6
SSH Server Software	4
Operating System	4

ベンダー

Not Defined	18
Microsoft	8
Google	6
HP	4
Corega	2

製品

Google Android	6
Dropbear SSH	4
Microsoft Office	4
libmspack	2
Corega CG-WLR300NX	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Dropbear SSH 特権昇格	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02911	0.03	CVE-2016-7406
2	OpenSSL Non-prime Moduli BN_mod_sqrt サービス拒否	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01342	0.00	CVE-2022-0778
3	VMware ESXi Host Client Stored クロスサイトスクリプティング	5.2	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00076	0.00	CVE-2017-4940
4	HP Integrated Lights-Out IPMI Protocol 特権昇格	8.2	8.0	$5k-$25k	$0-$5k	High	Workaround	0.27196	0.09	CVE-2013-4786
5	Apache HTTP Server mod_reqtimeout サービス拒否	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01696	0.05	CVE-2007-6750
6	Linux Kernel Socket Buffer virtio_bt.c サービス拒否	5.7	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.02	CVE-2022-26878
7	Microsoft Windows LSA 情報の漏洩	6.4	6.0	$25k-$100k	$5k-$25k	High	Official Fix	0.85287	0.06	CVE-2021-36942
8	Dropbear SSH dbclient/server Memory 情報の漏洩	4.4	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.01	CVE-2016-7409
9	Dropbear SSH dropbearconvert 特権昇格	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00956	0.02	CVE-2016-7407
10	phpMyAdmin grab_globals.lib.php ディレクトリトラバーサル	4.8	4.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02334	0.25	CVE-2005-3299
11	Ietf MD5 弱い暗号化	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01224	0.00	CVE-2004-2761
12	Sun Solaris Authentication 弱い認証	9.8	9.6	$5k-$25k	$0-$5k	High	Workaround	0.01297	0.00	CVE-1999-0502
13	TP-LINK TL-WR840N メモリ破損	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00092	0.00	CVE-2022-26642
14	HP Intelligent Management Center tftpserver.exe 特権昇格	10.0	9.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.05750	0.00	CVE-2011-1853
15	Microsoft Windows SMB Processor EducatedScholar サービス拒否	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.97266	0.06	CVE-2009-3103
16	avahi socket.c サービス拒否	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.07514	0.00	CVE-2011-1002
17	OpenSSL EC 情報の漏洩	3.1	3.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00386	0.00	CVE-2021-4160
18	Linux Kernel KVM 特権昇格	7.6	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00056	0.03	CVE-2021-3653
19	Fortinet FortiMail ディレクトリトラバーサル	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00093	0.00	CVE-2021-24013
20	Fortinet FortiMail Identity-Based Encryption Service 弱い暗号化	4.0	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00060	0.00	CVE-2021-26099

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	46.246.89.246	joana.homework.space	Packrat	2020年12月24日	verified	高
2	50.62.133.49	ip-50-62-133-49.ip.secureserver.net	Packrat	2020年12月24日	verified	高
3	XXX.XXX.X.XX	xxxxxxxx.xxxxxx.xxx.xx	Xxxxxxx	2020年12月24日	verified	高
4	XXX.XXX.XX.XX	xxxxxxxx.xxxxxx.xxx.xx	Xxxxxxx	2020年12月24日	verified	高
5	XXX.XXX.XXX.XXX	xxxxxxxx.xxxxxx.xxx.xx	Xxxxxxx	2020年12月24日	verified	高
6	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxx.xxxxxxxx.xx	Xxxxxxx	2020年12月24日	verified	高
7	XXX.XXX.XXX.XXX	xxxxxxxx-xxxxxx-xxx-xxx-xxx.xxxxxxxxxxxxx.xxx	Xxxxxxx	2020年12月24日	verified	高
8	XXX.XXX.XXX.XX	xx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxx	Xxxxxxx	2020年12月24日	verified	高
9	XXX.XX.XXX.XXX	xx-xxx-xx-xxx-xxx.xx.xxxxxxxxxxxx.xxx	Xxxxxxx	2020年12月24日	verified	高

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
9	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	api/sms_check.php	predictive	高
2	File	avahi-core/socket.c	predictive	高
3	File	chmextract.c	predictive	中
4	File	xxxxxxx/xxxxxxxxx/xxxxxx_xx.x	predictive	高
5	File	xxxx_xxxxxxx.xxx.xxx	predictive	高
6	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	高
7	File	xxxxx.xxx	predictive	中
8	File	xxxxxx_xxx.x	predictive	中
9	File	xxxxx-xxx.x	predictive	中
10	File	xxxxxxxxxx.xxx	predictive	高
11	Library	xxxxxxxx.xxx	predictive	中
12	Argument	-x	predictive	低
13	Argument	xxxx	predictive	低
14	Argument	xxx_xxx	predictive	低
15	Argument	xxxxx	predictive	低
16	Argument	xxxxxxxx	predictive	中
17	Argument	xxxxxxxx	predictive	中
18	Argument	xxxx	predictive	低
19	Argument	xxxxxxxx/xxxx	predictive	高
20	Argument	x_xx_xxxxxxxxxxxxxxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!