Sandman 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

en942
ru26
zh16
fr6
sv4

国・地域

us142
ru76
cn30
gb24
to4

アクター

Cobalt Strike9
Sandman9
ISFB8
RedLine Stealer7
TrickBot6

アクティビティ

関心

タイムライン

タイプ

Not Defined228
Content Management System42
Operating System38
WordPress Plugin12
Database Software10

ベンダー

Not Defined130
Microsoft38
Adobe20
SourceCodester12
Apache12

製品

Microsoft Windows32
Adobe Experience Manager20
Simmeth Lieferantenmanager8
Netgear SRX53086
WordPress6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1p4 run 特権昇格7.27.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000930.00CVE-2022-25171
2bradleyfalzon ghinstallation JWT Error Response 情報の漏洩4.03.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-39304
3Netatalk appl.c copyapplfile メモリ破損5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.029880.04CVE-2022-23125
4Netatalk libatalk adouble.h ad_entry 情報の漏洩3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.025610.04CVE-2022-23123
5Microchip RN4870 PairCon_rmSend Privilege Escalation6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2022-46402
6Microchip RN4870 Message Reject Privilege Escalation7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000910.00CVE-2022-46403
7Rainrocka Xinhu SQLインジェクション6.56.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001670.00CVE-2022-45041
8Patchelf patchelf.cc modifyRPath 情報の漏洩6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001860.00CVE-2022-44940
9pdftojson makeFilter メモリ破損7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001570.00CVE-2022-44109
10Softr Account Page クロスサイトスクリプティング6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001480.00CVE-2022-40434
11SilverwareGames.io URL クロスサイトスクリプティング5.15.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2022-23543
12pdftojson Object.cc copy(Object*) メモリ破損7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001570.00CVE-2022-44108
13Apache Airflow Hive Provider. 特権昇格7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.005620.00CVE-2022-46421
14Microchip RN4870 Legacy Pairing 弱い認証5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000530.04CVE-2022-46400
15Microchip RN4870 弱い暗号化4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2022-46401
16Microchip RN4870 ConReqTimeoutZero サービス拒否5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2022-46399
17easy-static-server ディレクトリトラバーサル6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.001330.00CVE-2022-25931
18lite-server Control Character decodeURI サービス拒否6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.02CVE-2022-25940
19Zoho ManageEngine Device Control Plus Endpoint Protection Agent 特権昇格7.97.9$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2022-47577
20Zoho ManageEngine Device Control Plus Endpoint Protection Agent 特権昇格7.97.9$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2022-47578

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.2.67.176Sandman2023年12月14日verified
25.2.72.130Sandman2023年12月14日verified
35.255.88.188Sandman2023年12月14日verified
4XX.XXX.XXX.XXXXxxxxxx2023年12月14日verified
5XX.XX.XXX.XXXXxxxxxx2023年12月14日verified
6XX.XX.XX.XXxxxxxxxxxx.xxxxxx-xx-xxxxx.xxxXxxxxxx2023年12月14日verified
7XX.XXX.XXX.XXXXxxxxxx2023年12月14日verified
8XX.XXX.XX.XXXXxxxxxx2023年12月14日verified
9XXX.XX.XXX.XXXxxxxxx2023年12月14日verified
10XXX.XX.XXX.XXXxxxxxx2023年12月14日verified
11XXX.XX.XXX.XXXxx.xxxxxxx.xxxXxxxxxx2023年12月14日verified
12XXX.XX.XXX.XXXxxxxxx2023年12月14日verified
13XXX.XX.XXX.XXXxxx.xxxxxx.xxxXxxxxxx2023年12月14日verified

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-23, CWE-24, CWE-38Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94, CWE-1321Argument Injectionpredictive
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-220CWE-XXXXxxxxxxxx Xxxxxxxxxpredictive
17TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
18TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
19TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
20TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
21TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (227)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/predictive
2File/admin/action/new-feed.phppredictive
3File/admin/action/update-deworm.phppredictive
4File/admin/add_postlogin.phppredictive
5File/admin/admin_cl.php?mudi=revPwdpredictive
6File/admin_ping.htmpredictive
7File/admin_route/dec_service_credits.phppredictive
8File/app/options.pypredictive
9File/application/index/controller/Databasesource.phppredictive
10File/application/index/controller/Screen.phppredictive
11File/application/pay/controller/Api.phppredictive
12File/apps/login_auth.phppredictive
13File/apps/reg_go.phppredictive
14File/assets/php/upload.phppredictive
15File/boafrm/formMapDelDevicepredictive
16File/catalog/all-productspredictive
17File/cgi-bin/cstecgi.cgipredictive
18File/cgi-bin/nas_sharing.cgipredictive
19File/contact.phppredictive
20File/debuginfo.htmpredictive
21File/devinfopredictive
22File/DS/LM_API/api/ConfigurationService/GetImagespredictive
23File/DS/LM_API/api/SelectionService/GetPaggedTabpredictive
24File/DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnIdpredictive
25File/Employee/apply_leave.phppredictive
26File/xxx/xxxxxxxpredictive
27File/xxxxx/xxxxx-xxxxxxxxpredictive
28File/xxxxx/xxxxxxxpredictive
29File/xxx.xxxpredictive
30File/xxxxxx/xxxxxxxxxxxxxxxpredictive
31File/xxxxxx/xxxxxxxxxxxxxxxxxxxxpredictive
32File/xxxxxx/xxxxxxxxxxpredictive
33File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictive
34File/xxxxxx.xxxpredictive
35File/xxx/xx/#xxxxpredictive
36File/xxxxxxxx/xxxxx_xxxxxxxx.xxxpredictive
37File/xxxxxxx/xxxxx-xxx.xpredictive
38File/xxxxx/xxxxxxxxxxx/xxxxpredictive
39File/xxxxxxxx/xxxxxpredictive
40File/xxx/xxxxx/xxxxxx/xxxxxx_xxxxx.xxxpredictive
41File/xxxxxxxpredictive
42File/xxxxxxx.xxxpredictive
43File/xxx-xpredictive
44File/xxxxxxxxxx/xxxxxxxx/xxxxxpredictive
45File/xxxxxx.xxxpredictive
46File/xxxxxxxx/xxxxx/xxxxxx.xxxxpredictive
47File/xx/xxx/xx/xxxxxxxx/xxxx/xxxxxxxxpredictive
48File/xxxx/xxxx?xx=xpredictive
49File/xx-xxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxxxxxx/xxxxxx/xxxxx/predictive
50Filexxxxxxx.xxxpredictive
51Filexxx.xxxpredictive
52Filexxxxx_xxxxx.xxxpredictive
53Filexxx/xxxx/xxxx.xxx?xxxxxx=xxxxxx_xxxxxx_xxxxpredictive
54Filexxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictive
55Filexxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictive
56Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/xxx/xxxxx/xxxxx.xxxpredictive
57Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictive
58Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/xxx/xxxxx.xxxpredictive
59Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxxx.xxxpredictive
60Filexxxx/xxxx.xxxxpredictive
61Filexxxxxxxxx.xxxpredictive
62Filexxxxxxxx/xxx/xxxxxxxxxxx/__xxxx__.xxpredictive
63Filexxxx_xx_xxxx.xxxpredictive
64Filexxxxxxxxxx/xxxxxxxxxx.xxx/xxxxxxx/xxx/xxxxxxxxxxxxxxxx.xxpredictive
65Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxpredictive
66Filexxxxx.xxxpredictive
67Filexxx/xxxxxx/xxxxxxx/xx/xxxxxx/xxxxx/xxxxxxxxxxxxx.xxxxpredictive
68Filexxxxxxx.xxxpredictive
69Filexxx_xxxxxxx_xxxxxxxxx_xxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictive
70Filexxxxxxx.xxxpredictive
71Filexxxxxxxxxxx/xxxxx/xxxxxxx.xxxpredictive
72Filexxxxxxxx/xxxxxxxxxx.xxxpredictive
73Filexxxxxx/xxxxxxx/xxx_xxx.xpredictive
74Filexxxxxxxxxx.xxxpredictive
75Filexxxxxx-xxxxxxxxxxx.xxxpredictive
76Filexxxx-xxxxxxx.xxxpredictive
77Filexxx/xxxx/xxxx.xpredictive
78Filexxx/xxxxxxx/xxxxxxxxxxxxxx.xpredictive
79Filexxxxxxxxx/xxxxxxx.xxpredictive
80Filexxxx/xxxxxxx?xxxxx=xpredictive
81Filexxxxx.xxxpredictive
82Filexxxxxxxx/xxxx_xxxxpredictive
83Filexxxxxxxxxxxx.xxxpredictive
84Filexxxxxxx/xxxxx/xxxxxxx.xpredictive
85Filexxxxxxxx/xxxxxxxxx/xxxxxx.xxx.xxxpredictive
86Filexxxxxxxx/xxxxxx/xxxxxx.xxxpredictive
87Filexxxxxxx/xxxxxxxx.xxxpredictive
88Filexxxx_xxxxxxxx_xxxxxxx_xxxxxxxx_xxxxxx.xxpredictive
89Filexxxxxxx.xxxpredictive
90Filexxxxxxxx/xxxxxxxxxpredictive
91Filexx/xxxxxxxxxxxx.xxpredictive
92Filexxx/xxxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictive
93Filexxxxxxxx/xxxxxxx/xx_xxxx.xpredictive
94Filexxxxx.xxxpredictive
95Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictive
96Filexxxxxxxxxxx/xxxx.xxpredictive
97Filexxxxxxxx_xxxx.xxxpredictive
98Filexxxxxx.xxpredictive
99Filexxxxxx/xx/xxxxxxx/xxxxxxx.xxpredictive
100Filexxxxx_xxxxxx_xxx.xxxpredictive
101Filexxxxxxxxx.xxxxpredictive
102Filexxxxxxxx.xxxpredictive
103Filexxxxxxxxxxxxxxxxx.xxxpredictive
104Filexxxxxxxxxxxxxxxxxxx.xxxxpredictive
105Filexxxxxx_xxxxxx.xxxpredictive
106Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxxxxxxx_xxxx_xxxxx.xxxpredictive
107Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxx_xxxxxxxx.xxxpredictive
108Filexxxx_xxxxxxx.xxxpredictive
109Filexxx/xxx/xxxxxxx.xpredictive
110Filexxx/xxxx/xxxx/xxx/xxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictive
111Filexxx/xxxxxxx/xxx_xxx/xxxxxx/xxxxxxxxx.xpredictive
112Filexxx/xxxxxxxx.xxpredictive
113Filexxxxxx/xx/xxxxx.xxpredictive
114Filexxxxxx_xxx.xxxpredictive
115Filexxxx-xxxxx.xxxpredictive
116Filexxxxxxxxxx.xxxpredictive
117Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictive
118Filexxxxxxxxx.xxx?xxxxxx=xxxxxxpredictive
119Filexxxx\xxxxxx_xxxx.xxxpredictive
120Filexxxx.xxxpredictive
121Filexxxxxxxxx.xxxpredictive
122Filexxxx_xxxxxxx.xxxpredictive
123Filexxxxxx/xxx.xxxpredictive
124Filexxxxxx.xxxpredictive
125Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictive
126Filexxxxxxxxxx.xxxpredictive
127File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictive
128Libraryxxxxxxxxxxx.xxxpredictive
129Libraryxxx/xxxx_xxxxxx/xxxxx.xxpredictive
130Libraryxxxxpredictive
131Libraryxxx/xxx/xxxx/predictive
132Argumentxxxxxxxxxxxpredictive
133Argumentxxxxxxxpredictive
134Argumentxxxxpredictive
135Argumentxxxpredictive
136Argumentxxxxxxxxxxpredictive
137Argumentxxxpredictive
138Argumentxxxpredictive
139Argumentxxxxxxxpredictive
140Argumentxxxxxx_xxxx_xxxxpredictive
141Argumentxxxxxxxpredictive
142Argumentxxxxpredictive
143Argumentxxxxxpredictive
144Argumentxxxxpredictive
145Argumentxxxxxxxx/xxxx/xxxxpredictive
146Argumentxxxx_xxxxxx=xxxxpredictive
147Argumentxxxxxxxx xxpredictive
148Argumentxxxxxxpredictive
149Argumentxxxxxxxxxxxxpredictive
150Argumentxxxxxxxpredictive
151Argumentxxxx_xxxxpredictive
152Argumentxxxxxxxx/xxxxx/xxxx xx xxxxx/xxxxxxx/xxxx xx xxxxxxxxxxxpredictive
153Argumentxxxxpredictive
154Argumentxxxxxxxxxpredictive
155Argumentxxxxxxxxxxxxx/xxxxxxxpredictive
156Argumentxxxxxpredictive
157Argumentxxxxpredictive
158Argumentxxxx_xxxxpredictive
159Argumentxxpredictive
160Argumentxxxxxxxxxxpredictive
161Argumentxxx_xxxxxxxxpredictive
162Argumentxxpredictive
163Argumentxxxxxxpredictive
164Argumentxxxxxxxxxxxxxx.xxxxxxxxxxxxxpredictive
165Argumentxxxx_xxxx/xxxx_xxxxpredictive
166Argumentxxxxxxxxxxpredictive
167Argumentxxxxxxxpredictive
168Argumentxxxxxxpredictive
169Argumentxxxx/xxx_xxxxxxxxxpredictive
170Argumentxxxpredictive
171Argumentxxxxxxpredictive
172Argumentxxxxxpredictive
173Argumentxxxpredictive
174Argumentxxxxxxpredictive
175Argumentxxxxxxxxxxpredictive
176Argumentxxxxpredictive
177Argumentxxxx/xxxxxxxpredictive
178Argumentxxxx/xxxxpredictive
179Argumentxxxx/xxxpredictive
180Argumentxxxxxxxpredictive
181Argumentxxxxpredictive
182Argumentxxxx_xxxxxxpredictive
183Argumentxxxxxxx xxxx/xxxxxxxx xxxx/xxxxxxxx xxxxx xxxxxx/xxxx/xxxxx/xxxxxxxpredictive
184Argumentxxxxxxxxxxxxxxxxxxxxpredictive
185Argumentxxxxxxxxxxxxxpredictive
186Argumentxxxxxxxxxxpredictive
187Argumentxxxxpredictive
188Argumentxxxxxx/xxxxxx_xxxxxxpredictive
189Argumentxxxxxxxpredictive
190Argumentxxxxxxxxxxxxxpredictive
191Argumentxxxxxxxxxx.xxxxxxxxxxxpredictive
192Argumentxxxxpredictive
193Argumentxxxxxxxxxpredictive
194Argumentxxxxxpredictive
195Argumentxxxxxxxxxxx/xxxxxxxxxxxxpredictive
196Argumentxxxxxxxpredictive
197Argumentxxxxxxxpredictive
198Argumentxxx_xxxx[x][]predictive
199Argumentxxxxxxxxxpredictive
200Argumentxxxxpredictive
201Argumentxxxpredictive
202Argumentxxxpredictive
203Argumentxxxxxxxxxpredictive
204Argumentxxxxxxxx_xxxx/xxxxxx_xxxxpredictive
205Argumentxxxx_xxxxpredictive
206Argumentxxxxxx_xxxxxpredictive
207Argumentxxxpredictive
208Argumentxxxxx_xxxxxxpredictive
209Argumentxxxxpredictive
210Argumentxxxxxxxxxxx.xxxxxxxxpredictive
211Argumentxxxxxxxxpredictive
212Argumentxxxxxxxx/xxxxxxxxpredictive
213Argumentxxxxxxxx_xxxxxpredictive
214Argumentxxxxxxxx_xxxpredictive
215Argumentxxxxxpredictive
216Argumentxxxxxxxpredictive
217Argumentxxxxpredictive
218Input Value../../../../xxxxxx/xxxxxx/xxxxxx/xxxxxx.xxxxxx-x.xxxpredictive
219Input Value//xxxxxxx.xxxpredictive
220Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictive
221Input Valuexxxxxxxxxxpredictive
222Input Valuexxxxxx|xxx|xxxxxxxpredictive
223Input Valuexxxx%xx%xxxxxxxx%xxxxxxx(%xxxxxxxx%xx)%xx/xxxxxx%xxpredictive
224Input Valuexxxxxx%xx+xx+%xxx%xx+%xx+%xxx%xx+--+-predictive
225Input Value|<xxxxxxx>predictive
226Network Portxxxxxpredictive
227Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!