theMx0nday 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

タイムライン

言語

en18
zh4

国・地域

us12
id6
cn4

アクター

theMx0nday3
RedLine Stealer1
Nobelium1
REvil1
Quasar RAT1

アクティビティ

関心

タイムライン

タイプ

Operating System4
Programming Language Software2
Connectivity Software2
Web Server2
Router Operating System2

ベンダー

Not Defined10
Microsoft4
Tim Kosse2
TP-LINK2
Joomla2

製品

Microsoft Windows4
Python2
Tim Kosse FileZilla2
nginx2
TP-LINK TL-WR840N v42

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1PRTG Network Monitor login.htm 特権昇格8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002880.04CVE-2018-19410
2nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.71CVE-2020-12440
3Microsoft Windows SMB 情報の漏洩6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.008940.00CVE-2021-36960
4Microsoft Windows SMB 特権昇格7.77.5$25k-$100k$0-$5kHighOfficial Fix0.974270.00CVE-2017-0144
5Microsoft Windows SMB Client Security Feature 情報の漏洩4.33.8$25k-$100k$0-$5kUnprovenOfficial Fix0.005390.00CVE-2021-31205
6Microsoft Office PowerPoint Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.003830.04CVE-2022-37962
7Python ディレクトリトラバーサル7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.024310.00CVE-2007-4559
8Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash 特権昇格6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.04CVE-2017-6342
9Microsoft Windows TIFF Image 特権昇格9.08.6$25k-$100k$0-$5kHighOfficial Fix0.970250.00CVE-2013-3906
10PHP EXIF exif_process_IFD_in_MAKERNOTE メモリ破損7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.004770.00CVE-2019-9639
11WBCE CMS クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001180.00CVE-2017-2118
12Tapatalk Plugin XML-RPC classTTForum.php SQLインジェクション8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002270.00CVE-2017-14652
13XenForo Admin Panel クロスサイトスクリプティング4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2021-43032
14JFrog Artifactory upload 特権昇格8.57.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.113830.02CVE-2016-10036
15Kyland KPS2204 webadminget.cgi 情報の漏洩4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.004110.05CVE-2020-25011
16TP-LINK TL-WR840N v4 traceroute 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002870.03CVE-2019-15060
17osTicket main.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010600.00CVE-2005-1438
18Exim EHLO Command string.c string_vformat メモリ破損8.58.5$0-$5k$0-$5kHighOfficial Fix0.914660.05CVE-2019-16928
19Tim Kosse FileZilla Format String7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.033390.04CVE-2007-2318
20Joomla CMS weblinks-categories SQLインジェクション7.37.1$5k-$25k$0-$5kHighUnavailable0.001190.04CVE-2014-7981

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Ukraine Universities

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1159.223.64.156theMx0ndayUkraine Universities2022年03月05日verified
2XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxxxXxxxxxx Xxxxxxxxxxxx2022年03月05日verified
3XXX.XX.XXX.XXXxxxx.xxxx.xxx.xxXxxxxxxxxxXxxxxxx Xxxxxxxxxxxx2022年03月05日verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/webadminget.cgipredictive
2File/index.php/weblinks-categoriespredictive
3File/xxxxxx/xxxxx.xxxpredictive
4Filexxxx.xxxpredictive
5Filexxxxxx.xpredictive
6Filexx/xxxxxxxx/xxxxxxpredictive
7Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictive
8Argumentxxxx_xxxpredictive
9Argumentxxpredictive
10Argumentxxxxxxx_xxxpredictive
11Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!