Tranchulas 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (230)

タイムライン

言語

en218
es10
de2

国・地域

us40
gb20
ru16
es8
mm8

アクター

Tranchulas1

アクティビティ

関心

タイムライン

タイプ

Not Defined42
Firewall Software18
Router Operating System18
Smartphone Operating System16
Hardware Driver Software14

ベンダー

Not Defined34
Cisco32
Microsoft20
NVIDIA14
Apple14

製品

NVIDIA Windows GPU Display Driver12
Juniper Junos10
Apple iOS10
Cisco Firepower Threat Defense8
WordPress8

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Magento PageBuilder Template 特権昇格8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006690.02CVE-2019-8144
2Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.04CVE-2017-0055
3Apache HTTP Server HTTP Digest Authentication Challenge 弱い認証8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018150.08CVE-2018-1312
4WordPress Metadata 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018290.00CVE-2018-20148
5Juniper Junos jdhcpd サービス拒否6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002680.00CVE-2017-2301
6Subrion CMS クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2019-11406
7Apache HTTP Server mod_proxy_fcgi.c handle_headers メモリ破損5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.009530.05CVE-2014-3583
8Apple iOS WebKit 特権昇格7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.067770.00CVE-2019-8506
9Microsoft IIS File Name Tilde 特権昇格6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.968170.04CVE-2005-4360
10Cisco Firepower Threat Defense Data Acquisition 特権昇格7.97.9$5k-$25k$5k-$25kNot DefinedNot Defined0.001490.00CVE-2019-1669
11Zeescripts ZeeBuddy bannerclick.php SQLインジェクション8.58.3$0-$5k$0-$5kHighUnavailable0.001670.00CVE-2008-3604
12PHP Scripts Mall PHP Multivendor Ecommerce my_wishlist.php クロスサイトスクリプティング5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2017-17958
13Aj Square Ajauction subcat.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.008210.03CVE-2007-1298
14WordPress User Search REST Endpoint 情報の漏洩4.44.3$5k-$25k$0-$5kNot DefinedNot Defined0.000630.05CVE-2023-5561
15Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track 未知の脆弱性4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
16janobe Online Ordering System SQLインジェクション6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-31356
17Adobe InDesign メモリ破損7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000850.00CVE-2021-40727
18Ubiquiti EdgeMAX EdgeRouter Firmware Update 特権昇格8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003150.04CVE-2021-22909
19Verbatim Keypad Secure USB Lockout 情報の漏洩5.04.8$0-$5k$0-$5kNot DefinedNot Defined0.001000.00CVE-2022-28386
20Micro CMS Comments クロスサイトスクリプティング3.53.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Bitterbug

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
146.4.139.224static.224.139.4.46.clients.your-server.deTranchulasBitterbug2021年01月01日verified
246.4.139.225static.225.139.4.46.clients.your-server.deTranchulasBitterbug2021年01月01日verified
3XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx2021年01月01日verified
4XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx2021年01月01日verified
5XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx2021年01月01日verified
6XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx2021年01月01日verified
7XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxx2021年01月01日verified

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
4T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
5TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictive
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
16TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
19TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (74)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi/loginDefaultUserpredictive
2File/contentshare/image/data/user/0/com.sony.dtv.photosharingplus/files/_BRAVPSS.TMP/LJYT0010.JPGpredictive
3File/etc/shadowpredictive
4File/ordering/admin/store/index.php?view=editpredictive
5File/proc/ioportspredictive
6File/uncpath/predictive
7File/webconsole/APIControllerpredictive
8File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictive
9FileAccountStatus.jsppredictive
10Filexxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxpredictive
11Filexxxxxxxxx/xxxxxxxxxxxxxpredictive
12Filexxx/xxxxx/xxxxxx.xxxpredictive
13Filexxxxxxxxxxx.xxxpredictive
14Filexxxxxx_xxxxx.xpredictive
15Filexxxxxx/xxx-xxxxx.xpredictive
16Filexxxx/xx-xxxx-xx/xx-xxxx-xx.xpredictive
17Filexxxxxx_xxxx.xpredictive
18Filexxxxxxx/xxx/xxxxx/xxx-xxxxx.xpredictive
19Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xpredictive
20Filexxxxxxx/xxxxx/xxxxx/xxxxxxx.xpredictive
21Filexxxxxxxx.xxxpredictive
22Filexxxx/xxxx/xxxx/xxxx.xxxpredictive
23Filexxxxx/xxxx/xxxx.xxxpredictive
24Filexxxxxxx/xxxxx/xxx_xxxx.xpredictive
25Filexxxxx.xxxpredictive
26Filexxxx.xxxpredictive
27Filexxxxxx.xpredictive
28Filexxxxxxxxxxxxx.xxxpredictive
29Filexxx_xxxxx_xxxx.xpredictive
30Filexxxxxxxx.xpredictive
31Filexx_xxxxxxxx.xxxpredictive
32Filexxxxxxxx_xxxxxx.xxxpredictive
33Filexxx/xxxx/xx_xxxxxxxx.xpredictive
34Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictive
35Filexxxxxxxxx.xxxxx.xxxpredictive
36Filexxxxxxx.xxxpredictive
37Filexxxxx.xxxpredictive
38Filexxxxxpredictive
39Filexxxxxxxx.xxxpredictive
40Filexxxxxx.xxxpredictive
41Filexxxxxxxxxxxxxxxxx.xxxxpredictive
42Filexx/x.x.xx.xxxxxx/xxxxxxx/xx/xxxxx.xx.xxxxxxxxxpredictive
43Filexxxxxxxxxxxxxxx.xxxxpredictive
44Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictive
45File_xxxx/xx/xxxxxxxx/predictive
46File_xx_xxxxxpredictive
47Libraryxxxxxxxxxxxxxxxx.xxxpredictive
48Libraryxxxxxxxx.xxxpredictive
49Libraryxxx/xxx/xxxx/predictive
50Argumentxxxxpredictive
51Argumentxxxx_xxpredictive
52Argumentxxxpredictive
53Argumentxxxxxpredictive
54Argumentxxxpredictive
55Argumentxxxxpredictive
56Argumentxxxx_xxxxxxxpredictive
57Argumentxxpredictive
58Argumentxxxx/xxxxx/xxxxxpredictive
59Argumentxxxxxxx=xxxxxxxxxxxxxxpredictive
60Argumentxxxxxxxxpredictive
61Argumentxxxxxxxxpredictive
62Argumentxxpredictive
63Argumentxxxxpredictive
64Argumentxxxxxx[xxx][xxxx]predictive
65Argumentxxxxxxxxxpredictive
66Argumentxxxxxxxxpredictive
67Argumentxxxx->xxxxxxxpredictive
68Argumentx-xxxxxxxxx-xxxpredictive
69Input Value-x/xxxxxxxxxxpredictive
70Input Value::$xxxxx_xxxxxxxxxxpredictive
71Input Valuexxpredictive
72Network Portxxx/xx (xxx)predictive
73Network Portxxx/xxxxxpredictive
74Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!