SharpPanda 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (140)

タイムライン

言語

en110
zh20
it6
jp4

国・地域

us84
cn28
sg24
jp4

アクター

SharpPanda11
Cobalt Strike5
Meterpreter1
Pikabot1
Mustang Panda1

アクティビティ

関心

タイムライン

タイプ

Not Defined34
Programming Language Software10
Firewall Software8
Network Management Software6
Content Management System6

ベンダー

Not Defined34
Oracle10
Microsoft8
Palo Alto6
Citrix6

製品

Palo Alto PAN-OS6
PHP6
Oracle MySQL Server4
MantisBT4
Oracle WebLogic Server4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2vu Mass Mailer Login Page redir.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.04CVE-2007-6138
3PHP phpinfo クロスサイトスクリプティング6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
4vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.04CVE-2018-6200
5Cisco ASA バージョン 情報の漏洩5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.002880.04CVE-2014-3398
6Apache HTTP Server mod_ssl ap_hook_process_connection サービス拒否7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.011660.05CVE-2017-3169
7PHP phpinfo クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.05CVE-2007-1287
8Serendipity exit.php 特権昇格6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.27
9WoltLab Burning Book addentry.php SQLインジェクション7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
10Linux Foundation Xen EFLAGS Register SYSENTER 特権昇格6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
11AXIS 2110 Network Camera editcgi.cgi ディレクトリトラバーサル5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.014920.00CVE-2004-2426
12Synology DiskStation Manager SliceUpload imageSelector.cgi 特権昇格6.56.2$0-$5k$0-$5kHighOfficial Fix0.972960.05CVE-2013-6955
13Hestia Control Panel Domain Name Privilege Escalation5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001390.00CVE-2021-27231
14Bitrix Site Manager redirect.php 特権昇格5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.00CVE-2008-2052
15PHP Link Directory Administration Page index.html クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.27CVE-2007-0529
16Moodle 特権昇格6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000600.00CVE-2023-35133
17Extreme Networks ExtremeWireless Aerohive HiveOS/IQ Engine NetConfig UI Administrative Interface 特権昇格8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.851390.02CVE-2020-16152
18Advance B2B Script tradeshow-list-detail.php SQLインジェクション8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002420.00CVE-2017-17602
19Asus NAS-M25 Cookie 特権昇格9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.916470.04CVE-2022-4221
20Apache Log4j Socket Server 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.873840.02CVE-2017-5645

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • G20 Nations

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
113.236.189.80ec2-13-236-189-80.ap-southeast-2.compute.amazonaws.comSharpPandaG20 Nations2023年06月02日verified
245.76.190.21045.76.190.210.vultrusercontent.comSharpPanda2023年03月10日verified
345.91.225.139SharpPanda2022年02月10日verified
4XX.XXX.XXX.XXxxxxxxx-xxxxxxxx.xxxxxxxx.xxxXxxxxxxxxx2022年02月10日verified
5XX.XXX.XXX.XXXxxxxxxxxx2023年03月10日verified
6XX.XXX.XXX.XXXxxxxxxxxx2023年03月10日verified
7XXX.XX.XXX.XXXxxxxxxxxx2023年03月10日verified
8XXX.XXX.XXX.XXXxxxxxxxxx2023年03月10日verified
9XXX.XXX.XXX.XXXXxxxxxxxxx2023年03月10日verified
10XXX.XXX.XXX.XXXxxxxxxxxx2023年03月10日verified
11XXX.XXX.XXX.XXXxxxxx.xxxxxxx.xxxXxxxxxxxxx2022年02月10日verified
12XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2023年03月10日verified
13XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2023年03月10日verified
14XXX.XX.XXX.XXXxxxxxxxxx2023年03月10日verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-23Path Traversalpredictive
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4TXXXXCAPEC-137CWE-XX, CWE-XXXxxxxxxx Xxxxxxxxxpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
12TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/system_mgr.cgipredictive
2File/data/config.ftp.phppredictive
3File/forum/away.phppredictive
4File/modules/profile/index.phppredictive
5File/out.phppredictive
6File/tmppredictive
7File/uncpath/predictive
8Filexxxxxxx.xxxpredictive
9Filexxxxxxxx.xxxpredictive
10Filexxxxx_xxxxx.xxxpredictive
11Filexxxx-xxxxxxx.xpredictive
12Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictive
13Filexxx-xxx/xxxxxx.xxxpredictive
14Filexxxxxxx.xxxpredictive
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
16Filexxxxxxx.xxxxx.xxxpredictive
17Filexxxxxxx.xxxpredictive
18Filexxxx.xxxpredictive
19Filexxx_xxxx.xpredictive
20Filexxxx.xxxpredictive
21Filexxxx_xxxxx.xpredictive
22Filexxx/xxxxxx.xxxpredictive
23Filexxxxx.xxxxpredictive
24Filexxxxx.xxxpredictive
25Filexxx-xxx.xxxx.xxpredictive
26Filexxxxx.xxxpredictive
27Filexxxxxxxx.xxxpredictive
28Filexxxxxxxxxx.xxxpredictive
29Filexxxxxxxxx-xxxx-xxxxxx.xxxpredictive
30Filexxx.xxxpredictive
31Filexxxxxx/xxxxxxxxxxxxx.xxxpredictive
32Libraryxxxxxxxx.xxxpredictive
33Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictive
34Libraryxxxxxxxxxxx.xxxpredictive
35Argument--xxxxxx/--xxxxxxxxpredictive
36Argumentxxxxxxpredictive
37Argumentxxxxxx/xxxx/xxxx/xxxxx/xxxxxx/x_xxxxxxx/x_xxxxxxxx/x_xxxxxxx/x_xxxxxpredictive
38Argumentxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxpredictive
39Argumentxxxxxxxxxxxpredictive
40Argumentxxx_xxxxx_xxxxpredictive
41Argumentxxxxxxxxpredictive
42Argumentxxxxxxxpredictive
43Argumentxxxxxxpredictive
44Argumentxxxxpredictive
45Argumentxxxxpredictive
46Argumentxxxxxxxxpredictive
47Argumentxxpredictive
48Argumentxxpredictive
49Argumentxxxxxxpredictive
50Argumentxxxxxxxxpredictive
51Argumentxxxxpredictive
52Argumentxxxxxxxpredictive
53Argumentxxxx_xxpredictive
54Argumentxxxpredictive
55Argumentxxxpredictive
56Argumentxxxxxxxxpredictive
57Argumentxxxxxxxx/xxxxxxxxpredictive
58Input Value../predictive
59Input Valuex' xx x=x--predictive
60Network Portxxx xxxxxx xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!