SpyAgent 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

言語

en	32

国・地域

co	22
cn	2
gb	2

アクター

Cobalt Strike	3
SpyAgent	3
BumbleBee	2
TrickBot	2
Remcos	2

関心

タイプ

Not Defined	12
Content Management System	4
Office Suite Software	2
Access Management Software	2
Automation Software	2

ベンダー

Interspire	6
Not Defined	4
Sonus	2
Microsoft	2
IBM	2

製品

Interspire Email Marketer	6
Sonus SBC 1000	2
Sonus SBC 2000	2
Sonus SBC SWe Lite	2
Sales	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Interspire Email Marketer Dynamiccontenttags.php SQLインジェクション	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.07	CVE-2018-19551
2	Sales / Company Management System member_order.php SQLインジェクション	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00172	0.00	CVE-2018-19925
3	Interspire Email Marketer Dynamiccontenttags.php SQLインジェクション	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.00	CVE-2018-19549
4	VMware vCenter Server/Cloud Foundation vSphere Client Privilege Escalation	8.0	7.9	$5k-$25k	$0-$5k	High	Official Fix	0.97299	0.09	CVE-2021-21972
5	Advanced Comment System admin.php SQLインジェクション	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00230	0.02	CVE-2018-18619
6	Interspire Email Marketer Dynamiccontenttags.php SQLインジェクション	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.02	CVE-2018-19553
7	IBM Security Identity Manager メモリ破損	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00071	0.00	CVE-2021-20494
8	Void Aural Rec Monitor svc-login.php SQLインジェクション	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.51506	0.00	CVE-2021-25899
9	SolarWinds Advanced Monitoring Agent 特権昇格	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2020-13912
10	Mitsubishi Electric MELSEC iQ-F FX5U(C) ARP Packet Remote Code Execution	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00176	0.00	CVE-2020-5665
11	Sonus SBC 1000/SBC 2000/SBC SWe Lite Web Interface ディレクトリトラバーサル	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00172	0.02	CVE-2018-11543
12	Sonus SBC 1000/SBC 2000/SBC SWe Lite Web Interface 特権昇格	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00245	0.03	CVE-2018-11541
13	Softing Industrial Automation メモリ破損	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00544	0.00	CVE-2020-14524
14	ISC BIND QNAME サービス拒否	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00737	0.00	CVE-2020-8621
15	MetalGenix GeniXCMS User.class.php SQLインジェクション	8.5	8.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00219	0.02	CVE-2015-3933
16	Interspire Email Marketer Dynamiccontenttags.php SQLインジェクション	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.02	CVE-2018-19552
17	Microsoft Office RTF メモリ破損	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.10418	0.00	CVE-2018-0797
18	Microsoft Windows OpenType Font Parser メモリ破損	7.6	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.05608	0.04	CVE-2019-1456
19	STDU Viewer xps File メモリ破損	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2017-14574
20	WordPress Static Query 情報の漏洩	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01557	0.00	CVE-2019-17671

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	23.19.227.217		SpyAgent	2024年04月08日	verified	高
2	XX.XX.XXX.XXX		Xxxxxxxx	2024年04月08日	verified	高
3	XXX.XX.XXX.XX	xxxxxx-xxx-xx-xxx-xx.xxxxxxxxx.xx	Xxxxxxxx	2024年04月08日	verified	高

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
3	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	Dynamiccontenttags.php	predictive	高
2	File	internal/advanced_comment_system/admin.php	predictive	高
3	File	member/member_order.php	predictive	高
4	File	xxx-xxxxx.xxx	predictive	高
5	Library	xxx/xxx/xxxx.xxxxx.xxx	predictive	高
6	Argument	xxxxxxx[]	predictive	中
7	Argument	xxxxx/xxxxxx	predictive	中
8	Argument	xx	predictive	低
9	Argument	xxxx	predictive	低
10	Argument	xxxxxx	predictive	低
11	Argument	xxxxxxxxx	predictive	中
12	Argument	xxxx/x_xxxxx	predictive	中

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!