Storm-0978 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (12)

タイムライン

言語

en10
it2

国・地域

us12

アクター

Storm-09783
RMS1

アクティビティ

関心

タイムライン

タイプ

Content Management System4
Cloud Software2
Web Browser2
Programming Language Software2
Not Defined2

ベンダー

Not Defined6
Microsoft2
Google2
LogicBoard2

製品

Microsoft Azure CLI2
MyBB2
Google Chrome2
LogicBoard CMS2
Python2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000005.90
2vu Mass Mailer Login Page redir.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.07CVE-2007-6138
3Bitrix Site Manager redirect.php 特権昇格5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
4Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.49CVE-2007-2046
5DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.19CVE-2010-0966
6Rocklobster Contact Form 7 特権昇格6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.817280.07CVE-2020-35489
7Microsoft Azure CLI 特権昇格8.17.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.003840.03CVE-2022-39327
8Tritanium Bulletin Board register.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.006770.00CVE-2006-1815
9Phorum register.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.00CVE-2005-2836
10Python メモリ破損6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.127770.00CVE-2005-0089
11MyBB Login 弱い暗号化4.33.9$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.00
12Google Chrome Windows Sandbox 特権昇格7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.002410.04CVE-2014-3196

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-36884

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
166.23.226.102node4d.rrtoolandgage.comStorm-0978CVE-2023-368842024年02月28日verified
2XX.XX.XX.XXXxxxxxxxxxx.xxxxxxx-xxxx.xxxXxxxx-xxxxXxx-xxxx-xxxxx2024年02月28日verified
3XX.XXX.XX.XXXxxxx-xxxxXxx-xxxx-xxxxx2024年02月28日verified
4XXX.XXX.XXX.XXXxxxx-xxxxXxx-xxxx-xxxxx2024年02月28日verified
5XXX.XXX.XXX.XXXxx-xx.xxxxxxxxxxx.xxxXxxxx-xxxxXxx-xxxx-xxxxx2024年02月28日verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1059CAPEC-242CWE-94Argument Injectionpredictive
2T1059.007CAPEC-18CWE-80Cross Site Scriptingpredictive
3TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
5TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
6TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/forum/away.phppredictive
2Fileadclick.phppredictive
3Filexxx/xxxxxx.xxxpredictive
4Filexxxxx.xxxpredictive
5Filexxxxxxxx.xxxpredictive
6Filexxxxxxxx.xxxpredictive
7Argumentxxxxxxxxpredictive
8Argumentxxxxpredictive
9Argumentxxxxxxxxpredictive
10Argumentxxxxpredictive
11Argumentxxxxxxxxpredictive
12Argumentxxxxxxxxpredictive
13Argumentxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!