Socks 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

言語

de	18
en	4

国・地域

us	20

アクター

TrickBot	1

関心

タイプ

Not Defined	14
Router Operating System	2
Endpoint Management Software	2
Virtualization Software	2
Software Library	2

ベンダー

Not Defined	6
McAfee	4
Riverbed	2
Devolutions	2
HashiCorp	2

製品

Riverbed RIOS	2
Devolutions SERVER	2
HashiCorp Vault	2
HashiCorp Vault Enterprise	2
McAfee Advanced Threat Defense	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	HashiCorp Vault/Vault Enterprise 特権昇格	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00161	0.05	CVE-2022-36129
2	Blue Prism Enterprise 特権昇格	4.7	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00082	0.00	CVE-2022-36117
3	Devolutions SERVER Password List Entry 特権昇格	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00168	0.00	CVE-2021-23921
4	D-Link DIR-816 A2 dir_setWanWifi 特権昇格	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00559	0.00	CVE-2021-26810
5	Django django.views.static.serve Redirect	6.2	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00160	0.00	CVE-2017-7234
6	Xen Memory 特権昇格	6.9	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00101	0.00	CVE-2017-7228
7	Riverbed RIOS Bootloader 特権昇格	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00062	0.00	CVE-2017-7305
8	Riverbed RIOS Single-User Mode cli 特権昇格	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00077	0.00	CVE-2017-7307
9	OpenDaylight Plugin SDN Topology 特権昇格	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00338	0.00	CVE-2015-1612
10	OpenDaylight Plugin SDN Topology 特権昇格	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00288	0.00	CVE-2015-1611
11	Horde Groupware Webmail Edition Horde_Crypt 特権昇格	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.94773	0.00	CVE-2017-7413
12	Go SSH Library Host Key Remote Code Execution	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00237	0.03	CVE-2017-3204
13	Linux Kernel Filesystem policy.c fscrypt_process_policy 特権昇格	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2016-10318
14	Intel Advanced Threat Defense Malware Detection 特権昇格	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00061	0.00	CVE-2015-8986
15	McAfee Advanced Threat Defense Malware Detection 弱い認証	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00138	0.00	CVE-2016-3983
16	McAfee Vulnerability Manager Enterprise Manager 未知の脆弱性	8.8	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00085	0.00	CVE-2016-2199
17	Intel McAfee Vulnerability Manager Enterprise Manager Password 弱い暗号化	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00070	0.00	CVE-2015-8989
18	Intel McAfee Email Gateway File Extension Filter 特権昇格	6.9	6.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2016-8005
19	Intel McAfee Host Intrusion Prevention Services Registry Key 特権昇格	5.7	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2016-8007
20	Intel Advanced Threat Defense ATD Detection 特権昇格	7.4	7.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00096	0.00	CVE-2015-8990

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	23.20.239.12	ec2-23-20-239-12.compute-1.amazonaws.com	Socks	2022年05月05日	verified	中
2	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxxxx	2022年05月05日	verified	高
3	XXX.XXX.XX.XXX	xxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxx	Xxxxx	2022年04月29日	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1068	CAPEC-19	CWE-264, CWE-284	Execution with Unnecessary Privileges	predictive	高
2	T1202	CAPEC-136	CWE-77	Command Shell in Externally Accessible Directory	predictive	高
3	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
4	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
7	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/goform/dir_setWanWifi	predictive	高
2	File	/xxx/xxx/xxx/xxx	predictive	高
3	File	xx/xxxxxx/xxxxxx.x	predictive	高
4	Argument	xxxxxxxxxxxxxxxxxxxx	predictive	高

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!