Prolific Puma 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

言語

en	16
zh	6

国・地域

cn	16
us	6

アクター

Prolific Puma	4
Cobalt Strike	1
Quasar RAT	1

関心

タイプ

Not Defined	8
Database Software	2
Web Server	2
Customer Relationship Management System	2
Vehicle Software	2

ベンダー

Not Defined	4
Oracle	2
Sitecore	2
Weaver	2
Tesla	2

製品

Oracle MySQL Enterprise Monitor	2
nginx	2
Sitecore CRM	2
Weaver E-Office	2
Tesla SolarCity Solar Monitoring Gateway	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Digi ConnectPort X2e Python S50dropbear.sh 特権昇格	8.3	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00080	0.00	CVE-2020-12878
2	cURL tool_cb_wrt.c tool_cb_wrt メモリ破損	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.02	CVE-2023-52071
3	Oracle MySQL Enterprise Monitor Monitoring Remote Code Execution	9.6	9.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00205	0.04	CVE-2023-34034
4	Oracle MySQL Server cURL サービス拒否	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00492	0.00	CVE-2021-22926
5	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00111	0.04	CVE-2023-28310
6	Pivotal Spring Framework 特権昇格	9.8	9.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02444	0.03	CVE-2016-1000027
7	Weaver E-Office 特権昇格	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00073	0.14	CVE-2023-2523
8	Email Extension Plugin Template 特権昇格	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00118	0.00	CVE-2023-25765
9	AdRem NetCrunch Credential Manager 特権昇格	2.3	2.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00088	0.00	CVE-2019-14483
10	Sitecore CRM download.aspx ディレクトリトラバーサル	4.6	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00350	0.00	CVE-2017-5966
11	VNC RealVNC 弱い認証	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.97198	0.05	CVE-2006-2369
12	Yamaha Rtx1100 Management Interface 未知の脆弱性	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.00231	0.02	CVE-2008-0524
13	Tesla SolarCity Solar Monitoring Gateway Digi ConnectPort X2e 弱い認証	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00132	0.07	CVE-2020-9306
14	Juniper Junos Kernel サービス拒否	5.9	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02791	0.00	CVE-2018-0049
15	Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Computational Graph 情報の漏洩	9.1	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00340	0.00	CVE-2020-10271
16	OpenSSH Authentication Username 情報の漏洩	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.28	CVE-2016-6210
17	Boa Terminal 特権昇格	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02395	0.02	CVE-2009-4496
18	D-Link DIR-645 Authentication getcfg.php 情報の漏洩	8.6	8.2	$5k-$25k	$0-$5k	High	Official Fix	0.00000	0.02
19	nginx SPDY メモリ破損	7.3	6.4	$0-$5k	$0-$5k	Unproven	Official Fix	0.03711	0.04	CVE-2014-0133
20	Data Format Extension XmlMapper XML External Entity	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00217	0.04	CVE-2016-3720

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	45.32.147.158	45.32.147.158.vultrusercontent.com	Prolific Puma	2023年11月02日	verified	高
2	XX.XX.XXX.XX	xx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxx Xxxx	2023年11月02日	verified	高
3	XX.X.XX.XX	xxxxxx.xxx.xxxxxxx	Xxxxxxxx Xxxx	2023年11月02日	verified	高
4	XXX.XXX.X.XX	xxx.xxx.x.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxx Xxxx	2023年11月02日	verified	高

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1068	CAPEC-19	CWE-284	Execution with Unnecessary Privileges	predictive	高
3	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
4	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
6	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/etc/init.d/S50dropbear.sh	predictive	高
2	File	/getcfg.php	predictive	中
3	File	xxx/xxxx/xxxx.xxx?xxxxxx=xxxxxx_xxxxxx_xxxx	predictive	高
4	File	xxxxxxxx/xxxxx/xxxxxxxx.xxxx	predictive	高
5	File	xxx/xxxx_xx_xxx.x	predictive	高
6	Argument	xxxx	predictive	低
7	Argument	xxxxxxxx	predictive	中
8	Argument	xxxxxxxx	predictive	中
9	Argument	xxxxxx_xxxxx	predictive	中
10	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	高
11	Network Port	xxx xxxxxx xxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!