PowerShell Empire 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (77)

言語

en	76
zh	2

国・地域

us	64
cn	6
gr	2

アクター

PowerShell Empire	2
ISFB	1
APT29	1
APT28	1
Lookback	1

関心

タイプ

Multimedia Processing Software	12
Not Defined	12
Smartphone Operating System	10
Operating System	8
Multimedia Player Software	6

ベンダー

Not Defined	28
Apple	8
Mozilla	6
Sun	4
Cisco	4

製品

FFmpeg	12
Apple iOS	8
Wireshark	6
Mozilla Firefox	6
Sun MySQL	4

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Fishbowl Inventory XML 特権昇格	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00642	0.00	CVE-2022-29805
2	Itech Movie Portal Script movie.php Reflected クロスサイトスクリプティング	4.9	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00293	0.04	CVE-2017-20140
3	Hindu Matrimonial Script communitymanagement.php 特権昇格	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00167	0.04	CVE-2017-20070
4	Microsoft Windows wcmsvc.dll 特権昇格	6.7	6.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2019-1180
5	czproject git-php isRemoteUrlReadable 特権昇格	6.8	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00134	0.03	CVE-2022-25866
6	Kubernetes kubelet pprof 情報の漏洩	7.3	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.55625	0.04	CVE-2019-11248
7	Joomla! Blacklist SQLインジェクション	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00196	0.04	CVE-2020-35613
8	Eclipse Theia Mini-Browser 弱い認証	6.2	6.2	$0-$5k	計算中	Not Defined	Not Defined	0.00257	0.00	CVE-2019-17636
9	Lexmark Product Embedded Web Server Stored クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.04	CVE-2019-19773
10	Open-Xchange App Suite クロスサイトスクリプティング	4.5	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00106	0.00	CVE-2018-9997
11	HPE Intelligent Management Center PLAT 特権昇格	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01888	0.00	CVE-2019-5347
12	SaltStack Salt Salt-api minion 特権昇格	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00234	0.00	CVE-2017-5200
13	SaltStack Salt Incomplete Fix ディレクトリトラバーサル	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00751	0.00	CVE-2017-14695
14	Cisco libsrtp srtp.c メモリ破損	5.3	5.3	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.01571	0.00	CVE-2013-2139
15	Synology DiskStation Manager SYNO.API.Encryption 弱い暗号化	7.4	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00089	0.02	CVE-2017-9553
16	cURL file:/ file.c file_do Memory 情報の漏洩	4.9	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00216	0.00	CVE-2017-1000099
17	FFmpeg wmalosslessdec.c メモリ破損	5.3	4.6	$0-$5k	$0-$5k	Unproven	Official Fix	0.00338	0.06	CVE-2014-2098
18	FFmpeg jpeg2000dec.c get_siz メモリ破損	5.3	4.6	$0-$5k	$0-$5k	Unproven	Official Fix	0.00055	0.08	CVE-2014-125003
19	FFmpeg dnxhdenc.c dnxhd_init_rc メモリ破損	5.3	4.6	$0-$5k	$0-$5k	Unproven	Official Fix	0.00055	0.04	CVE-2014-125002
20	FFmpeg takdec.c tak_decode_frame 特権昇格	5.3	4.6	$0-$5k	$0-$5k	Unproven	Official Fix	0.00293	0.00	CVE-2014-2097

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	80.209.252.70	8ogp6xm.leadtechrevolution.com	PowerShell Empire		2022年03月27日	verified	高
2	XXX.XXX.XX.XX		Xxxxxxxxxx Xxxxxx		2022年03月27日	verified	高

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-137	CWE-88, CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
8	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	高
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
10	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/admin/communitymanagement.php	predictive	高
2	File	/debug/pprof	predictive	中
3	File	/movie.php	predictive	中
4	File	/var/log/salt/minion	predictive	高
5	File	xxxx/xxxxxxxxxx/xxxxxx-xxxx.x	predictive	高
6	File	xxxx/xxxxxxxxxx/xxxxxx-xxx	predictive	高
7	File	xxxx.x	predictive	低
8	File	xxxxxxxxxx/xxxxxxxx.x	predictive	高
9	File	xxxxxxxxxx/xxxx.x	predictive	高
10	File	xxxxxxxxxx/xxxxxxxx_xxxxxxxx.x	predictive	高
11	File	xxxxxxxxxx/xxxxxxxxxxx.x	predictive	高
12	File	xxxxxxxxxx/xxxxxxxxxxxxx.x	predictive	高
13	File	xxxxxxxxxx/xxxxxx.x	predictive	高
14	File	xxxxxxxxxx/xxxx.x	predictive	高
15	File	xxxxxxxxxxx/xxxxxxxxxxxxxx.x	predictive	高
16	File	xxxxxx-xxx.xx	predictive	高
17	File	xxxxxxxxxxxxxxxx.xxx	predictive	高
18	File	xxxxxxxx.xxx	predictive	中
19	File	xxxx.x	predictive	低
20	File	xxxxx.xxx	predictive	中
21	File	xxxx.xxx.xxxxxxxxxx	predictive	高
22	File	xxxxxxx/xxxx.x	predictive	高
23	File	xxxxxxxxxxxxxx.x	predictive	高
24	Library	xxxxxxxx.xxx	predictive	中
25	Library	xxxxxx	predictive	低
26	Library	xxxxxx.xxx	predictive	中
27	Argument	xxx	predictive	低
28	Argument	xxxxxxxx_xxx	predictive	中
29	Argument	xxxxxxxx/xxxxxxxxx	predictive	高
30	Argument	xxx/xxxx	predictive	中
31	Argument	xxxxxxx	predictive	低
32	Input Value	<xxx xxx=x xxxxxxx=xxxxxx(x)>	predictive	高
33	Input Value	xxxxxx xxxxxxxxx xxxxx	predictive	高
34	Pattern	xxxxxxxxxxx/xxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!