UNC4736 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (20)

言語

en	20

国・地域

us	10

アクター

Sofacy	1
APT28	1
Grizzly Steppe	1
UNC4736	1

関心

タイプ

Not Defined	6
Content Management System	6
Smartphone Operating System	4
Project Management Software	2
Policy Management Software	2

ベンダー

Not Defined	10
LG	4
Projects World	2
IBM	2
AnyMacro	2

製品

LG Mobile Devices	4
WordPress	4
Projects World Travel Management System	2
Boa	2
IBM Security Guardium Insights	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	WordPress class-wp-customize-widgets.php 特権昇格	7.3	6.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.07158	0.03	CVE-2014-5203
2	LG Mobile Devices 特権昇格	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00082	0.00	CVE-2020-25063
3	LG Mobile Devices VZW Network 特権昇格	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00106	0.00	CVE-2020-25061
4	LG Mobile Devices Automated Testing 未知の脆弱性	7.5	7.5	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00066	0.00	CVE-2020-25064
5	LG Mobile Devices Privileges 特権昇格	6.5	6.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2020-25060
6	IBM Security Guardium Insights 弱い暗号化	6.4	6.4	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00107	0.00	CVE-2020-4169
7	Projects World Travel Management System Pic Upload updatesubcategory.php 特権昇格	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01520	0.05	CVE-2020-24203
8	WordPress pluggable.php 未知の脆弱性	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00154	0.00	CVE-2014-5204
9	Boa Terminal 特権昇格	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02395	0.07	CVE-2009-4496
10	tibbr Community/tibbr Enterprise SAML 特権昇格	7.2	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00065	0.00	CVE-2017-5530
11	VMware Zimbra Collaboration Suite Ajx%20TemplateMsg.js.zgz ディレクトリトラバーサル	5.3	5.3	$5k-$25k	$0-$5k	High	Not Defined	0.97337	0.00	CVE-2013-7091
12	TP-Link TL-WR840N Administration Console 未知の脆弱性	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00166	0.00	CVE-2014-9510
13	AnyMacro AnyMacro Mail System ディレクトリトラバーサル	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00248	0.00	CVE-2011-2468
14	Com Yvcomment index.php SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00107	0.00	CVE-2008-2692
15	WPML Comment feed SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01262	0.05	CVE-2015-2314
16	WordPress ZipArchive/PclZip ディレクトリトラバーサル	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00474	0.03	CVE-2017-14719
17	Drupal System Module Reflected 特権昇格	6.4	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00263	0.00	CVE-2016-3168
18	Drupal File Module 特権昇格	8.1	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00180	0.00	CVE-2016-3162
19	Martin Diphoorn Com Ds-syndicate index2.php SQLインジェクション	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00212	0.00	CVE-2008-4623

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	89.45.67.160		UNC4736		2023年12月27日	verified	高

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1068	CAPEC-122	CWE-264, CWE-269, CWE-284	Execution with Unnecessary Privileges	predictive	高
3	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
5	TXXXX	CAPEC-20	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
6	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	comments/feed	predictive	高
2	File	index.php	predictive	中
3	File	xxxxxx.xxx	predictive	中
4	File	xxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxx	predictive	高
5	File	xxxxxxxxxxxxxxxxx.xxx	predictive	高
6	File	xx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxx	predictive	高
7	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	高
8	Argument	xxxxxxxxx	predictive	中
9	Argument	xxxx_xx	predictive	低
10	Argument	xxxx	predictive	低
11	Argument	xxxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!