Tofsee 解析
IOB - Indicator of Behavior (1000)
アクティビティ
関心
脆弱性
IOC - Indicator of Compromise (711)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (10)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | クラス | 脆弱性 | アクセスベクター | タイプ | 信頼度 |
---|---|---|---|---|---|---|
1 | T1006 | CAPEC-126 | CWE-22 | Path Traversal | predictive | 高 |
2 | T1059.007 | CAPEC-209 | CWE-79, CWE-80 | Cross Site Scripting | predictive | 高 |
3 | TXXXX | CAPEC-19 | CWE-XXX | Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx | predictive | 高 |
4 | TXXXX | CAPEC-136 | CWE-XX, CWE-XX | Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx | predictive | 高 |
5 | TXXXX | CAPEC- | CWE-XXX | Xxxxxxxxxx Xxxxxx | predictive | 高 |
6 | TXXXX | CAPEC-108 | CWE-XX | Xxx Xxxxxxxxx | predictive | 高 |
7 | TXXXX.XXX | CAPEC-1 | CWE-XXX | Xxxxxxxx Xxxxxxxxxxxxx | predictive | 高 |
8 | TXXXX | CAPEC-37 | CWE-XXX | Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx | predictive | 高 |
9 | TXXXX | CAPEC-116 | CWE-XXX, CWE-XXX, CWE-XXX | Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx | predictive | 高 |
10 | TXXXX.XXX | CAPEC-1 | CWE-XXX | Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx | predictive | 高 |
IOA - Indicator of Attack (69)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | クラス | Indicator | タイプ | 信頼度 |
---|---|---|---|---|
1 | File | /catalog/all-products | predictive | 高 |
2 | File | /changePassword | predictive | 高 |
3 | File | /goform/addIpMacBind | predictive | 高 |
4 | File | /goform/AdvSetMacMtuWan | predictive | 高 |
5 | File | /goform/DelDhcpRule | predictive | 高 |
6 | File | /goform/delIpMacBind | predictive | 高 |
7 | File | /goform/DelPortMapping | predictive | 高 |
8 | File | /goform/modifyDhcpRule | predictive | 高 |
9 | File | /goform/modifyIpMacBind | predictive | 高 |
10 | File | /xxxxxx/xxxxxxxxxxxx | predictive | 高 |
11 | File | /xxxxxx/xxxxxxxxxxxx | predictive | 高 |
12 | File | /xxxxxx/xxxxxxxxxx | predictive | 高 |
13 | File | /xxxxxx/xxxxxxxxx | predictive | 高 |
14 | File | /xxxxxx/xxxxxxxxxxxxxxxx | predictive | 高 |
15 | File | /xxxxxx/xxxxxxxxxxxxxx | predictive | 高 |
16 | File | /xxxxxx/xxxxxxxxxxxxxxxxxx | predictive | 高 |
17 | File | /xxxxxx/xxxxxxxxxxxxxx | predictive | 高 |
18 | File | /xxxxxx/xxxxxxxxxxxxx | predictive | 高 |
19 | File | /xxxxxx/xxxxxxxxxxxxxxxxxxx | predictive | 高 |
20 | File | /xxxxxx/xxxxxxxxxxx | predictive | 高 |
21 | File | /xxxxxx/xxxxxxxxxxxx | predictive | 高 |
22 | File | /xxxxxx/xxxxxxxxxx.xxx | predictive | 高 |
23 | File | /xxxxxxxxxxx.xxx/xxxxxxxx | predictive | 高 |
24 | File | /xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxx | predictive | 高 |
25 | File | /xxxx/xxxxxxx_xxxxxx_xxxxxxx.xxx | predictive | 高 |
26 | File | /xxx/xxxxxxxxxxx.xxx | predictive | 高 |
27 | File | xxx/xxx-xx.x | predictive | 中 |
28 | File | xxxxx/xxxxxxx/xxxxxxxxxxxxx.xx | predictive | 高 |
29 | File | xxxxxxxxxxxx.xxx | predictive | 高 |
30 | File | xxxxxxxxxxxxxxxxxxx.xxx | predictive | 高 |
31 | File | xx/xxxxxx/xxxxxxxxxx | predictive | 高 |
32 | File | xxxxx.xxx | predictive | 中 |
33 | File | xxxxxxxx.xxx | predictive | 中 |
34 | File | xxxxxxxx.xxx | predictive | 中 |
35 | Argument | xxxxx_xxxxx | predictive | 中 |
36 | Argument | xxxxxxxxxxxxx | predictive | 高 |
37 | Argument | xxx | predictive | 低 |
38 | Argument | xxxxxxxxx | predictive | 中 |
39 | Argument | xxxxxxxxxxxx | predictive | 中 |
40 | Argument | xxxxxxxxxx | predictive | 中 |
41 | Argument | xxxxxxx | predictive | 低 |
42 | Argument | xxxxxxxxxxxxxxxx | predictive | 高 |
43 | Argument | xxxx | predictive | 低 |
44 | Argument | xxxxxxxxxxxxxxxxxxxxxx | predictive | 高 |
45 | Argument | xx/xxxx | predictive | 低 |
46 | Argument | xx | predictive | 低 |
47 | Argument | xxxxx | predictive | 低 |
48 | Argument | xxxxxxxxxxxxxx | predictive | 高 |
49 | Argument | xxxxxxxxxxxxx | predictive | 高 |
50 | Argument | xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx | predictive | 高 |
51 | Argument | xxxx xxxxxx | predictive | 中 |
52 | Argument | xxxx | predictive | 低 |
53 | Argument | xxxxxxxxxx | predictive | 中 |
54 | Argument | xxxxxxxxxxxx | predictive | 中 |
55 | Argument | xxxx | predictive | 低 |
56 | Argument | xxxxxxxxxxxxxxxx | predictive | 高 |
57 | Argument | xxx | predictive | 低 |
58 | Argument | xxxxxx | predictive | 低 |
59 | Argument | xxxxxxxx | predictive | 中 |
60 | Argument | xxxxxxxxxxxxxxxxxx | predictive | 高 |
61 | Argument | xxxxxxxxxx | predictive | 中 |
62 | Argument | xxxxxxxx | predictive | 中 |
63 | Argument | xxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxx | predictive | 高 |
64 | Argument | xxxxxxxxx | predictive | 中 |
65 | Argument | xxxxxxxxxxxxxxxx | predictive | 高 |
66 | Argument | xxxx | predictive | 低 |
67 | Argument | xxxxxxxxxx | predictive | 中 |
68 | Argument | xxxxxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxxxxxxx/xxxxxxxxxx | predictive | 高 |
69 | Argument | xxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxx | predictive | 高 |
参考 (98)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.talosintelligence.com/2018/04/threat-round-up-0406-0413.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0412-0419.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0419-to-0426.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
- https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
- https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
- https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxx-xxxx-x-xx-xxxx-xx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx-x/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx-x/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx-x/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx-xx/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx-x/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx-x/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxx-xx-xxxxx-x-xxxx/
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxxxx
- xxxxx://xxxxxxxxx.xxxxx.xx
- xxxxx://xxxxxxx.xxx/xxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
Samples (2)
The following list contains associated samples: