Tortoiseshell 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

言語

en	16
fr	2
pl	2

国・地域

us	16

アクター

Tortoiseshell	2
Cobalt Strike	1

関心

タイプ

Not Defined	4
Log Management Software	2
Image Processing Software	2
Solution Stack Software	2
E-Commerce Management Software	2

ベンダー

Not Defined	6
SAP	2
Ecommerce Online	2
F5	2
Thomas R. Pasawicz	2

製品

AWStats	2
ImageMagick	2
SAP NetWeaver AS JAVA	2
Sitecore	2
Ecommerce Online Store Kit	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	計算中	High	Workaround	0.02016	0.00	CVE-2007-1192
2	Google Chrome Flash Player メモリ破損	9.9	9.5	$100k 以上	$5k-$25k	Not Defined	Official Fix	0.00645	0.07	CVE-2012-0724
3	AWStats awstats.pl Path 情報の漏洩	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00183	0.06	CVE-2018-10245
4	ADTRAN Netvanta 7060/Netvanta 7100 DNS Privilege Escalation	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.03253	0.00	CVE-2021-25681
5	Apache HTTP Server HTTP/2 Request 特権昇格	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00606	0.00	CVE-2020-9490
6	Microsoft IIS クロスサイトスクリプティング	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.00	CVE-2017-0055
7	ImageMagick heic.c ReadHEICImageByID 情報の漏洩	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.04	CVE-2020-10251
8	SAP NetWeaver AS JAVA LM Configuration Wizard RECON 弱い認証	10.0	9.8	$25k-$100k	$0-$5k	High	Official Fix	0.97502	0.04	CVE-2020-6287
9	Media Library Assistant Plugin クロスサイトスクリプティング	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00115	0.05	CVE-2020-11731
10	media-library-assistant Plugin mla_gallery 特権昇格	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01356	0.07	CVE-2020-11928
11	Wechat Broadcast Plugin Image.php ディレクトリトラバーサル	8.1	8.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.25721	0.05	CVE-2018-16283
12	Ecommerce Online Store Kit shop.php SQLインジェクション	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03763	0.00	CVE-2004-0300
13	Microsoft Windows Remote Desktop/Terminal Services Web Connection 弱い認証	6.3	6.2	$25k-$100k	$0-$5k	Not Defined	Workaround	0.00000	0.00
14	F5 BIG-IP ASM pl_tree.php クロスサイトスクリプティング	4.3	4.2	$5k-$25k	$0-$5k	High	Unavailable	0.00220	0.00	CVE-2014-9342
15	Sitecore IDE.aspx ディレクトリトラバーサル	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00130	0.04	CVE-2017-11440
16	Coppermine Photo Gallery ディレクトリトラバーサル	4.2	3.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01312	0.00	CVE-2007-4976

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	64.235.39.45	lasvegas-nv-datacenter.serverpoint.com	Tortoiseshell	2021年06月01日	verified	高
2	XX.XXX.XX.XXX	xxxxxxxx-xx-xxxxxxxxxx.xxxxxxxxxxx.xxx	Xxxxxxxxxxxxx	2021年06月01日	verified	高
3	XXX.XXX.XX.XXX		Xxxxxxxxxxxxx	2022年04月28日	verified	高
4	XXX.XX.XXX.XXX		Xxxxxxxxxxxxx	2022年04月28日	verified	高

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	TXXXX	CAPEC-10	CWE-XX	Xxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx Xxxxxxxxxxx	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/uncpath/	predictive	中
2	File	awstats.pl	predictive	中
3	File	xxxxxx\xxxx.x	predictive	高
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
5	File	xxxxx.xxx	predictive	中
6	File	xx_xxxx.xxx	predictive	中
7	File	xxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxx	predictive	高
8	File	xxxx.xxx	predictive	中
9	Argument	xxxxxxxxx/xxxxxx	predictive	高
10	Argument	xx	predictive	低
11	Argument	xxxxxxxxx	predictive	中
12	Argument	xxx_xxxxx/xxxx_xxxxx/xxxx_xxxxx	predictive	高
13	Argument	xxx	predictive	低

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!