South Asia Unknown 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (114)

タイムライン

言語

en98
de6
ja4
es4
ru2

国・地域

us70
de6
tr4
ru4
cn4

アクター

Patchwork6
Hackers-for-Hire3
AsyncRAT3
Remcos3
Meterpreter3

アクティビティ

関心

タイムライン

タイプ

Not Defined46
Content Management System10
Router Operating System8
Programming Language Software4
Web Server4

ベンダー

Not Defined42
D-Link6
Alan Ward4
Microsoft4
Google4

製品

Alan Ward A-CART4
WordPress4
PHP2
ThinkSAAS2
Cisco ASA2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Secomea GateManager 特権昇格5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.04CVE-2022-25782
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
3Alt-N MDaemon Worldclient 特権昇格4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.04CVE-2021-27182
4TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose メモリ破損7.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.054510.00CVE-2019-6989
5Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.08CVE-2017-0055
6GPAC mpd.c gf_mpd_parse_string サービス拒否4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2023-48039
7Trellix ePolicy Orchestrator URL Parameter Redirect4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.00CVE-2023-5445
8ethyca Fides 弱い暗号化7.97.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000880.00CVE-2023-48224
9Totolink X6000R sub_4155DC 特権昇格7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001760.00CVE-2023-46413
10Oracle Siebel CRM EAI Open UI サービス拒否7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000940.00CVE-2023-1370
11D-Link DIR-820L 特権昇格7.67.5$5k-$25k$5k-$25kNot DefinedNot Defined0.004730.02CVE-2023-44809
12Apache Airflow DAG 情報の漏洩5.04.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000590.00CVE-2023-42663
13MediaTek MT6885 Video メモリ破損5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-32821
14Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.44CVE-2020-15906
15Joomla CMS gmail.php 情報の漏洩3.33.3$5k-$25k$0-$5kNot DefinedNot Defined0.000000.00
16Joomla CMS GMail Authentication 特権昇格5.34.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004370.03CVE-2014-7984
17TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010757.32CVE-2006-6168
18PHP PHAR phar_dir_read メモリ破損8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000830.04CVE-2023-3824
19Zammad 情報の漏洩6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.002010.04CVE-2022-35490
20Debian Linux smokeping smokeping_cgi Remote Code Execution7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.008630.00CVE-2015-0859

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
123.82.19.250South Asia Unknown2022年08月10日verified
245.89.175.206South Asia Unknown2022年08月10日verified
345.138.172.54South Asia Unknown2022年08月10日verified
469.175.35.9898.35.175.69.unassigned.ord.singlehop.netSouth Asia Unknown2022年08月10日verified
5XX.XX.XXX.XXXxxxx.xxxxxx.xxXxxxx Xxxx Xxxxxxx2021年06月01日verified
6XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx2021年06月01日verified
7XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx2021年06月01日verified
8XXX.XXX.XX.XXXxxxxx.xx-xxx-xxx-xx.xxxXxxxx Xxxx Xxxxxxx2022年08月10日verified
9XXX.XX.XX.XXXxxxx Xxxx Xxxxxxx2022年08月10日verified
10XXX.XXX.XX.XXXxxxx Xxxx Xxxxxxx2021年06月01日verified
11XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxx.xxxXxxxx Xxxx Xxxxxxx2022年08月10日verified
12XXX.XX.XX.XXxx-xx-xx.xxxxxxxx.xxXxxxx Xxxx Xxxxxxx2021年06月01日verified
13XXX.XXX.XXX.XXxxxx Xxxx Xxxxxxx2021年06月01日verified
14XXX.XXX.XXX.Xxxx.xxx.xxx.x.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx2021年06月01日verified
15XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx2021年06月01日verified
16XXX.XX.XX.XXXXxxxx Xxxx Xxxxxxx2022年08月10日verified
17XXX.XXX.XX.XXXxxxx Xxxx Xxxxxxx2022年08月10日verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
14TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/EXCU_SHELLpredictive
2File/my_photo_gallery/image.phppredictive
3File/phppath/phppredictive
4File/real-estate-script/search_property.phppredictive
5File/reps/classes/Users.php?f=delete_agentpredictive
6File/uncpath/predictive
7FileAdmin/edit-admin.phppredictive
8Fileapp/topic/action/admin/topic.phppredictive
9Filecategory.asppredictive
10Filexxxxxxxx.xxxpredictive
11Filexxxxxxxxxx_xxxxx.xxxpredictive
12Filexxxxxxx/xxxx@/xxxxx/xxxxxxxxxx/xxxxxxxx.xxxxpredictive
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
14Filexxxxxxx.xxxpredictive
15Filexxxxxxx.xxxxx.xxxpredictive
16Filexxxxxxxxx/xxxxxxxxx.xxxpredictive
17Filexxxxx_xxx_xxxxx.xxxpredictive
18Filexxxxxxxxx.xxxpredictive
19Filexxxxxxx.xxxpredictive
20Filexxxxx.xxxpredictive
21Filexxxx/xxxx/xxxxxxx/xxx/xxxxxxxxxxxxxx.xxxx.xxxpredictive
22Filexxxx/xxxxxxx.xxxpredictive
23Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
24Filexxxxx.xxxpredictive
25Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictive
26Filexxxx_xxxx.xxxpredictive
27Filexxxxx_xxxxx/xxx.xpredictive
28Filexxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxxx.xpredictive
29Filexxx_xxxx_xxxxx.xpredictive
30Filexxxxxxx.xxxpredictive
31Filexxxxxxxxxxxxx.xxxpredictive
32Filexxxxxxxxxxxxxx.xxxpredictive
33Filexxxxxxxxxx.xxxpredictive
34Filexxxx.xxxpredictive
35Filexxxxxxxxx.xxxpredictive
36Filexxxxxxxxx_xxxpredictive
37Filexxxx-xxxxx.xxxpredictive
38Filexxxx-xxxxxxxx.xxxpredictive
39Filexxxx_xxxxxx.xxxpredictive
40Filexxxxx.xpredictive
41Filexxxxx/xxxxx.xxpredictive
42Filexxxxxxx/xxxxxx/xxxxxxxxxxx.xxxpredictive
43Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
44Argumentxxxxxxxpredictive
45Argumentxxx_xxxxx_xxxxpredictive
46Argumentxxxxxxxpredictive
47Argumentxxx_xxpredictive
48Argumentxxxx_xxpredictive
49Argumentxxxxxpredictive
50Argumentxxpredictive
51Argumentxxxpredictive
52Argumentxxxxxpredictive
53Argumentxxxxxxxxxpredictive
54Argumentxxxxxxxx_xxxpredictive
55Argumentxxxxxxxxpredictive
56Argumentxxxpredictive
57Argumentxxxxxxxx_xxxpredictive
58Argumentxxx_xxxxpredictive
59Argumentxxxxpredictive
60Argumentxxxxxxxpredictive
61Argumentxxxxxxpredictive
62Argumentxxxxx_xxxpredictive
63Argumentxxxxx_xxxxpredictive
64Argumentxxxxxpredictive
65Argumentxxxxxxxxpredictive
66Argumentxxxx->xxxxxxxpredictive
67Argument_xxxxpredictive
68Input Value%xxpredictive
69Input Value.%xx.../.%xx.../predictive
70Input Value../predictive
71Input Valuexxx xxxxxxxxpredictive
72Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictive
73Network Portxxx/xx (xxxxxx)predictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!