Torii 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (146)

言語

en	76
it	48
fr	16
de	4
pl	2

国・地域

us	146

アクター

Torii	3
StrikeSuit Gif	1
APT32	1
APT29	1
Quasar RAT	1

関心

タイプ

Not Defined	66
Programming Tool Software	10
Bug Tracking Software	8
Content Management System	6
Web Browser	6

ベンダー

Not Defined	46
Apple	18
IBM	8
GitLab	8
Google	6

製品

GitLab Community Edition	8
Google Android	6
Leptonica	4
IBM Capacity Management Analytics	4
Apple Safari	4

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Microsoft IIS WebDAV ScStoragePathFromUrl Immortal/ExploidingCan メモリ破損	8.5	8.4	$25k-$100k	$0-$5k	High	Official Fix	0.97121	0.00	CVE-2017-7269
2	Apple Mac OS X Server Wiki Server クロスサイトスクリプティング	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00263	0.05	CVE-2009-2814
3	Ghostscript JBIG2 Image jbig2_decode_gray_scale_image メモリ破損	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00184	0.00	CVE-2016-9601
4	Apple watchOS WebKit メモリ破損	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00627	0.00	CVE-2017-7165
5	IBM Rational License Key Server Administration/Reporting Tool 情報の漏洩	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2015-5045
6	Eaton ELCSoft 特権昇格	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00604	0.00	CVE-2018-7511
7	Mozilla Firefox メモリ破損	8.0	7.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00768	0.03	CVE-2018-5145
8	Amazon Music Player 特権昇格	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02593	0.00	CVE-2018-1169
9	GNU binutils libbfd coffgen.c coff_pointerize_aux 特権昇格	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00861	0.00	CVE-2018-7208
10	Microsoft Power BI Report Server クロスサイトスクリプティング	5.2	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00168	0.04	CVE-2019-1332
11	Siemens Mendix Forgot Password 情報の漏洩	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00050	0.00	CVE-2023-27464
12	TikiWiki tiki-register.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01075	10.00	CVE-2006-6168
13	SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php SQLインジェクション	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00220	0.00	CVE-2023-2090
14	DZCP deV!L`z Clanportal config.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.63	CVE-2010-0966
15	Indexu suggest_category.php クロスサイトスクリプティング	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.51
16	MilliScripts register.php クロスサイトスクリプティング	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00518	0.04	CVE-2005-4161
17	AlstraSoft AskMe Pro forum_answer.php SQLインジェクション	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02
18	Linux Kernel FXSAVE x87 Register 弱い暗号化	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00101	0.04	CVE-2006-1056
19	Phorum register.php SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00183	0.04	CVE-2004-2110
20	Expinion.net News Manager Lite comment_add.asp クロスサイトスクリプティング	4.3	3.8	$0-$5k	$0-$5k	Unproven	Official Fix	0.00607	0.00	CVE-2004-1845

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	66.85.157.90	ip-66-85-157-90.billpaysolution.com	Torii	2022年03月27日	verified	高
2	XXX.XXX.XXX.XX	xxxxxx.xxxxxxxxxxx.xxx	Xxxxx	2022年03月27日	verified	高
3	XXX.XXX.XXX.XX	xxxxxx.xxxxxxxxxxx.xxx	Xxxxx	2022年03月27日	verified	高
4	XXX.XX.XX.XX	xxxxxx.xxxxxxxxxxxxxxxxxxxx.xxx	Xxxxx	2022年03月27日	verified	高

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
7	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
9	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
10	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
11	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
12	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高

IOA - Indicator of Attack (53)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/admin/index.php	predictive	高
2	File	/admin/maintenance/view_designation.php	predictive	高
3	File	/cgi-bin/cgiServer.exx	predictive	高
4	File	add_vhost.php	predictive	高
5	File	adv2.php?action=modify	predictive	高
6	File	asm/float.c	predictive	中
7	File	asm/nasm.c	predictive	中
8	File	xxxxxx/xxx.x	predictive	中
9	File	xxxxxx/xxxx.x	predictive	高
10	File	xxxxxxx.x	predictive	中
11	File	xxxxxxx_xxx.xxx	predictive	高
12	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
13	File	xxxxxxx/xxx/xxx/xxx/xxx_xx.x	predictive	高
14	File	xxx.x	predictive	低
15	File	xxxxxx-xxxxxxx.xx	predictive	高
16	File	xxxx.xxx	predictive	中
17	File	xxxxx_xxxxxx.xxx	predictive	高
18	File	xxxxxxxxx.xxx	predictive	高
19	File	xxx/xxxxxx.xxx	predictive	高
20	File	xxxxx.xxx	predictive	中
21	File	xxxx.x	predictive	低
22	File	xxxxx.x	predictive	低
23	File	xxxxxxxxxxx.xx	predictive	高
24	File	xxxxxx/xxxxxx/xxxx.x	predictive	高
25	File	xxxx/xxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxxxx.xxxxx	predictive	高
26	File	xxxx/xxxxxxxxxx.x	predictive	高
27	File	xxxxx.xxx	predictive	中
28	File	xxxxxx/xxxxx.xxx/xxxx	predictive	高
29	File	xxxxxx/xxxxx.xxx/xxxx/xxxxxxxxxxxxxxx/xxxxxxxx.xxxx	predictive	高
30	File	xxxxxxxx.xxx	predictive	中
31	File	xxxxxx.xx	predictive	中
32	File	xxxxxxx_xxxxxxxx.xxx	predictive	高
33	File	xxxx_xxxx_xxxxxx.xxx	predictive	高
34	File	xxxx-xxxxxxxx.xxx	predictive	高
35	Library	xxxxxxxxxxxxx.xxx	predictive	高
36	Library	xx/xxxxx/xxxxxx_xxxxxx.x	predictive	高
37	Library	xxxxxxx_xxxx_xxx.xxx	predictive	高
38	Library	xxxxxxx_xxx.xxx	predictive	高
39	Argument	%x	predictive	低
40	Argument	xxxxxxxx	predictive	中
41	Argument	xxxxxxxxxx	predictive	中
42	Argument	xxxxx_xxx	predictive	中
43	Argument	xxxx_xxxxx	predictive	中
44	Argument	xx	predictive	低
45	Argument	x/xx/xxx	predictive	中
46	Argument	xxxxxxxx	predictive	中
47	Argument	xxxx	predictive	低
48	Argument	xxx_xx	predictive	低
49	Argument	xxx	predictive	低
50	Argument	xxx	predictive	低
51	Argument	_xxxxxxxxx	predictive	中
52	Pattern	\|xx\|xx\|xx\|	predictive	中
53	Network Port	xxxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!