Peach Sandstorm 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

言語

en	28
zh	12
es	4
ru	2
de	2

国・地域

co	26
us	10
cn	10

アクター

Cobalt Strike	4
Peach Sandstorm	4
BianLian	2
Carbanak	1
DEV-1084	1

関心

タイプ

Not Defined	18
Bug Tracking Software	4
Network Encryption Software	2
Firewall Software	2
WordPress Plugin	2

ベンダー

Not Defined	12
Interspire	4
SonicWALL	2
Dialogic	2
Omeka	2

製品

Interspire Email Marketer	4
OpenSSL	2
SonicWALL SMA1000	2
Dialogic PowerMedia XMS	2
Omeka Classic	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Interspire Email Marketer Dynamiccontenttags.php SQLインジェクション	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.07	CVE-2018-19551
2	Sales / Company Management System member_order.php SQLインジェクション	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00172	0.00	CVE-2018-19925
3	Interspire Email Marketer Dynamiccontenttags.php SQLインジェクション	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.00	CVE-2018-19549
4	All-in-One WP Migration Plugin class-ai1wm-backups.php ディレクトリトラバーサル	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00097	0.04	CVE-2022-1476
5	VMware vCenter Server/Cloud Foundation vSphere Client Privilege Escalation	8.0	7.9	$5k-$25k	$0-$5k	High	Official Fix	0.97299	0.09	CVE-2021-21972
6	Advanced Comment System admin.php SQLインジェクション	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00230	0.02	CVE-2018-18619
7	Interspire Email Marketer Dynamiccontenttags.php SQLインジェクション	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.02	CVE-2018-19553
8	SonicWALL SMA1000 HTTP Connection 特権昇格	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00238	0.03	CVE-2022-22282
9	Omeka Classic クロスサイトスクリプティング	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00110	0.00	CVE-2021-26799
10	AgileConfig JWT Secret 弱い暗号化	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00329	0.00	CVE-2022-35540
11	Apache Airflow UI 特権昇格	7.1	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.36372	0.02	CVE-2022-40127
12	Support Board Plugin SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00211	0.00	CVE-2021-24741
13	GitLab Project Import 特権昇格	8.7	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.63436	0.04	CVE-2022-2185
14	cPanel cpsrvd クロスサイトスクリプティング	5.0	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00345	0.03	CVE-2023-29489
15	Labstack Echo Static 特権昇格	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02933	0.02	CVE-2022-40083
16	GitLab Community Edition/Enterprise Edition Runner Registration Token 情報の漏洩	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03278	0.04	CVE-2022-0735
17	Git Plugin Build 特権昇格	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01156	0.08	CVE-2022-36883
18	Z-BlogPHP action_crawler.php 特権昇格	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00319	0.05	CVE-2022-40357
19	Dialogic PowerMedia XMS Administrative Console default.db Password 特権昇格	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.06	CVE-2018-11634
20	Extreme EXOS File 情報の漏洩	3.4	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.04	CVE-2017-14327

キャンペーン (1)

These are the campaigns that can be associated with the actor:

Holmium

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	64.52.80.30		Peach Sandstorm		2024年02月01日	verified	高
2	XX.X.XX.XX		Xxxxx Xxxxxxxxx	Xxxxxxx	2023年10月19日	verified	高
3	XXX.XXX.XXX.XX	xxxxxxxxxxxxx.xxx	Xxxxx Xxxxxxxxx	Xxxxxxx	2023年10月19日	verified	高
4	XXX.XX.XXX.XXX	xxxxxx-xxx-xx-xxx-xxx.xxxxxxxxx.xx	Xxxxx Xxxxxxxxx	Xxxxxxx	2023年10月19日	verified	高
5	XXX.XX.XXX.XX	xxxx-xxxxxxxx.xxxxxxxxxx.xxx	Xxxxx Xxxxxxxxx	Xxxxxxx	2023年10月19日	verified	高

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
8	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/var/www/xms/xmsdb/default.db	predictive	高
2	File	Dynamiccontenttags.php	predictive	高
3	File	internal/advanced_comment_system/admin.php	predictive	高
4	File	xxxxxx/xxxxxx_xxxxx.xxx	predictive	高
5	File	xxxxxxxx.xx	predictive	中
6	File	xx_xxxxx/xxxxxx/xxxxxxx/xxx/xxxxxx_xxxxxxx.xxx	predictive	高
7	Library	/xxxxxxx/xxxxx/xxx.xxx	predictive	高
8	Library	xxx/xxx/xxxx.xxxxx.xxx	predictive	高
9	Library	~/xxx/xxxxx/xxxxx-xxxxx-xxxxxxx.xxx	predictive	高
10	Argument	xxxxxxx[]	predictive	中
11	Argument	xxxxx/xxxxxx	predictive	中
12	Argument	xx	predictive	低
13	Argument	xxxx	predictive	低
14	Argument	xxx_xx	predictive	低
15	Argument	xxxxxxxxx	predictive	中
16	Argument	xxxxxx	predictive	低
17	Argument	xxxxxx_xxxx/xxxxxxxxxx/xxxx_xx/xxxxxxxxxxxx_xx/xxxxxxxxxxxx_xxxxxx_xxxx/xxxxxxxxx_xx	predictive	高
18	Argument	xxxx/x_xxxxx	predictive	中

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!