TimbreStealer 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (304)

タイムライン

言語

en268
de22
es10
fr4

国・地域

us74
de14
es10
cn10
id4

アクター

TimbreStealer16
Cobalt Strike1
Responder1
Indexsinas1
Bashlite1

アクティビティ

関心

タイムライン

タイプ

Not Defined138
Content Management System14
Network Management Software12
Backup Software8
Operating System8

ベンダー

Not Defined74
Insteon12
Quest8
Intel8
Oracle8

製品

Insteon Hub12
Quest DR Series Disk Backup8
Tongda OA 20176
Microsoft Windows6
Intel Quartus Prime Standard4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Bitcoin Core bitcoin-qt 特権昇格6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010050.00CVE-2021-3401
2D-Link DAR-7000/DAR-8000 web.php 特権昇格7.17.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.001140.00CVE-2023-5150
3GE Voluson S8 Service Browser users.cgi 弱い認証5.95.8$0-$5k$0-$5kFunctionalUnavailable0.000440.07CVE-2020-36548
4SourceCodester Simple Chat System POST Parameter SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.00CVE-2023-3004
5SourceCodester Local Service Search Engine Management System POST Parameter クロスサイトスクリプティング4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000720.07CVE-2023-3005
6SourceCodester Online Flight Booking Management System POST Parameter review_search.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001340.15CVE-2023-0283
7nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.22CVE-2020-12440
8request-baskets API Request {name} 特権昇格6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.07CVE-2023-27163
9Moodle Lesson Question Import ディレクトリトラバーサル6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002930.00CVE-2022-35650
10Genetechsolutions Pie Register User Account pie-register.php 特権昇格5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.088230.04CVE-2014-8802
11RedKernel Referrer Tracker rkrt_stats.php Stored クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.003150.04CVE-2006-0317
12dns-stats hedgehog DSCIOManager.cpp dsc_import_input_from_source SQLインジェクション [係争状態]5.75.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001450.08CVE-2021-4276
13TP-Link WRD4300 Web Interface 情報の漏洩4.34.3$0-$5k$0-$5kNot DefinedOfficial Fix0.194930.03CVE-2020-35575
14WoltLab Burning Book addentry.php SQLインジェクション7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.03CVE-2006-5509
15Kentico CMS 特権昇格6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003880.00CVE-2018-7046
16Parsedown Safe Mode 特権昇格6.26.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002240.00CVE-2019-10905
17nginx HTTP/2 サービス拒否6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.083940.03CVE-2018-16843
18Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
19Apache HTTP Server mod_cache サービス拒否5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.041470.06CVE-2013-4352
20SourceCodester Engineers Online Portal 弱い認証4.24.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000540.07CVE-2024-0350

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
124.144.96.15TimbreStealer2024年02月27日verified
224.199.98.128TimbreStealer2024年02月27日verified
345.55.65.159TimbreStealer2024年02月27日verified
464.225.29.249TimbreStealer2024年02月27日verified
5104.131.67.109TimbreStealer2024年02月27日verified
6XXX.XXX.XXX.XXXXxxxxxxxxxxxx2024年02月27日verified
7XXX.XXX.XXX.XXXxxxxxxxxxxxx2024年02月27日verified
8XXX.XXX.XXX.XXXXxxxxxxxxxxxx2024年02月27日verified
9XXX.XXX.XX.XXXXxxxxxxxxxxxx2024年02月27日verified
10XXX.XX.XX.XXXXxxxxxxxxxxxx2024年02月27日verified
11XXX.XXX.XXX.XXXXxxxxxxxxxxxx2024年02月27日verified
12XXX.XXX.XXX.XXXXxxxxxxxxxxxx2024年02月27日verified
13XXX.XXX.XXX.XXXxxxxxxxxxxxx2024年02月27日verified
14XXX.XXX.XXX.XXXXxxxxxxxxxxxx2024年02月27日verified
15XXX.XXX.X.XXxxxxxxxxxxxx.xxxXxxxxxxxxxxxx2024年02月27日verified
16XXX.XX.XX.XXXxxx-xxxxxxxxxxx-xx-xxxxxxxx.xxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxxxxx2024年02月27日verified
17XXX.XX.XX.XXXXxxxxxxxxxxxx2024年02月27日verified
18XXX.XX.XXX.XXXXxxxxxxxxxxxx2024年02月27日verified
19XXX.XXX.XX.XXXXxxxxxxxxxxxx2024年02月27日verified
20XXX.XXX.XXX.XXXXxxxxxxxxxxxx2024年02月27日verified
21XXX.XX.XX.XXXxxxxxxxxxxxx2024年02月27日verified
22XXX.XX.XXX.XXXXxxxxxxxxxxxx2024年02月27日verified
23XXX.XX.XXX.XXXXxxxxxxxxxxxx2024年02月27日verified
24XXX.XX.XXX.XXXXxxxxxxxxxxxx2024年04月23日verified
25XXX.XXX.XXX.XXXXxxxxxxxxxxxx2024年02月27日verified

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-24Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94, CWE-1321Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
14TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (161)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/?page=user/listpredictive
2File/admin/action/delete-vaccine.phppredictive
3File/admin/action/new-feed.phppredictive
4File/admin/action/update-deworm.phppredictive
5File/admin/ajax.php?action=save_areapredictive
6File/admin/pages/yearlevel.phppredictive
7File/admin/upload/imgpredictive
8File/admin1/file/downloadpredictive
9File/ajax.php?action=read_msgpredictive
10File/api/baskets/{name}predictive
11File/api/public/register/familypredictive
12File/application/index/controller/Databasesource.phppredictive
13File/application/index/controller/Datament.phppredictive
14File/application/index/controller/File.phppredictive
15File/application/index/controller/Pay.phppredictive
16File/ext/collect/filter_text.dopredictive
17File/file-manager/rename.phppredictive
18File/file-manager/upload.phppredictive
19File/xxxxx/xxxxx-xxxxxxxxpredictive
20File/xxxxx/xxxx.xxxpredictive
21File/xxxxxxx/xxxxx/xxxxxx/xxxxxx.xxxpredictive
22File/xxxx.xxxpredictive
23File/xxx/xxxxxxxx.xxxpredictive
24File/xxxxxxxxxxxx/xxxxxxxxpredictive
25File/xxxxxxx/xxxxxxx/xxxxx.xxxpredictive
26File/xxxxx/xxxxxxxxxxx/xxxxpredictive
27File/xxxxxxxx/xxxx_xxxxxxx.xxxpredictive
28File/xxxxxxxx/xxxxxx_xxxxpredictive
29File/xxxxxxxx/xxxx_xxxxxxpredictive
30File/xxxxxxx.xxxpredictive
31File/xxxxxx/xxxxxxxxxx.xxxpredictive
32File/xxxx/xxx/xxxxxxxxxxxpredictive
33File/xxxxx-xxx/xxxxx.xxxpredictive
34File/xxxxxxxx/xxx.xxxpredictive
35File/xxxxxpredictive
36File/xxx/xxx/xxxxxpredictive
37File/xxxxxxxpredictive
38File/xxxxxxxxx/xxxxxxxxxxxxxxxx/predictive
39File/xxxxxx/xxxxx.xxx/xxxxx/xxxxx/xxx_xxxxxx_xxxxxxxx.xxxxpredictive
40Filexxxxxxxx.xxxpredictive
41Filexxxxx.xxxpredictive
42Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxx.xxxpredictive
43Filexxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictive
44Filexxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxx.xxxpredictive
45Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/xxx/xxxxx.xxxpredictive
46Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxx.xxxpredictive
47Filexxxxxxxx\xxxxx.xxxpredictive
48Filexxxxxxx.xxpredictive
49Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
50Filexxxxxx.xxxpredictive
51Filexxxxx.xxxpredictive
52Filexxxxxx/xxx.xpredictive
53Filexxxxxx/xxx.xpredictive
54Filexxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictive
55Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictive
56Filexxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictive
57Filexxxxxxx.xpredictive
58Filexxxx/xxxxxxxxxx.xxxpredictive
59Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
60Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxx/xxxxx_xxxxxxx.xpredictive
61Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictive
62Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
63Filexxxxxxxxxxxxxx.xxxpredictive
64Filexxxxxxxxxxxx.xxxpredictive
65Filexxx/xxx.xpredictive
66Filexxxx.xxxpredictive
67Filexxxxxxx/xxxxxxx/xxxxxxx/xxxxxx_xxxxxx.xxxpredictive
68Filexxxxxxx/xxxx/xxxxxx/xxxxxx.xxxpredictive
69Filexxxxxxx/xxxx_xxxx/xxxxxx/xxxxxx_xxx.xxxpredictive
70Filexxxxxx\xxxxx\xxxxxx_xxxx.xxpredictive
71Filexx.xxxpredictive
72Filexxx/xxxxxx.xxxpredictive
73Filexxxxx.xxxpredictive
74Filexxxxxxxxx/xxxxx/xxx/xxx.xxxpredictive
75Filexxx/xxxxxxx/xxxxx-xxxxxxxx.xxxpredictive
76Filexxxxxx_xxxx.xxxpredictive
77Filexxxxxxx.xxxpredictive
78Filexxx_xxxx.xxxpredictive
79Filexxxxxxxx\xxxxxxxx\xxxxxxxxx\xxxx.xxxpredictive
80Filexxxxxxxx/xxxxx.xxxpredictive
81Filexxx-xxxxxxxx.xxxpredictive
82Filexxxxxxx/xxxxxxx/xxx.xxxpredictive
83Filexxxxxxx.xxxpredictive
84Filexxx.xpredictive
85Filexxxxxx/xxxxxxx.xxxpredictive
86Filexxxxxxxxxx.xxxpredictive
87Filexxxxxx_xxxxxx.xxxpredictive
88Filexxxx_xxxxx.xxxpredictive
89Filexxxxxx_xxxx.xxxpredictive
90Filexxxxxxxxxxx.xxxpredictive
91Filexxxxxx-xxxxxxx.xxxpredictive
92Filexxxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictive
93Filexxxxxxxx.xxxpredictive
94Filexxx/xxxxxxxxxxxx.xxxpredictive
95Filexxx/xxxxxxx.xpredictive
96Filexxxx-xxxxxxxx.xxxpredictive
97Filexxxx-xxxxxxxx.xxxpredictive
98Filexxx/xx/xxx.xpredictive
99Filexxxx.xxxpredictive
100Filexxxxxxxxxxxpredictive
101Filexxxx/xxxxxxx.xxxpredictive
102Filexxxx/xxxxxxxxx.xpredictive
103Filexxx.xxxpredictive
104Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxx.xpredictive
105Libraryxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
106Libraryxxxxxxxx.xxxpredictive
107Argument$xxxxpredictive
108Argumentxxxxxxxpredictive
109Argumentxxxxxxpredictive
110Argumentxxxpredictive
111Argumentxxxxpredictive
112Argumentxxxxxxxxpredictive
113Argumentxxxxxxxx_xxxxxpredictive
114Argumentxxxpredictive
115Argumentxxxxxxxxxxpredictive
116Argumentxxxpredictive
117Argumentxxxxx_xxpredictive
118Argumentxxxxxxxxxpredictive
119Argumentxxxxxx_xxxpredictive
120Argumentxxxxxxxpredictive
121Argumentxxxxpredictive
122Argumentxxxxxxxxpredictive
123Argumentxxxxxxxxpredictive
124Argumentxxxx_xxxxpredictive
125Argumentxxxx_xxxxxxpredictive
126Argumentxxxxx xxxx/xxxx xxxx/xxxxxxxxpredictive
127Argumentxxxxxxxxpredictive
128Argumentxxxpredictive
129Argumentxxpredictive
130Argumentxxxxxxxxxpredictive
131Argumentxxxxxpredictive
132Argumentxxxpredictive
133Argumentxxxxpredictive
134Argumentxxxxxxxpredictive
135Argumentxxxx/xxxxxpredictive
136Argumentxxx_xxxxxxpredictive
137Argumentxxxxxxxpredictive
138Argumentxxxxxpredictive
139Argumentxxxxxxxpredictive
140Argumentxxxxxxxx/xxxx/xxxxx/xxxx/xxxxxxxxx/xxxxxxxxxxxx/xxpredictive
141Argumentxxxxxxxxxxxxxxxxxxpredictive
142Argumentxxxxx_xxxxxxpredictive
143Argumentxxxpredictive
144Argumentxxxxxxxxxxpredictive
145Argumentxxxxxxxxpredictive
146Argumentxxxxxxxxpredictive
147Argumentxxxxpredictive
148Argumentxxxxxxxxxpredictive
149Argumentxxxxxxxpredictive
150Argumentxxxxxxxxpredictive
151Argumentxxxxxpredictive
152Argumentxxxpredictive
153Argumentxxxxxxxxxpredictive
154Argumentxxxx_xxxxpredictive
155Argumentxxxpredictive
156Argumentxxxxx_xxxxxxpredictive
157Argumentxxxxx_xxxxxxxxpredictive
158Argumentxx_xxpredictive
159Argumentxxxx xxxxx/xxxxxxxpredictive
160Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictive
161Input Valuexxx.xxx[xxxxx]predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!