Valak 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

タイムライン

言語

en38
pl4
de4
es4
fr2

国・地域

ru26
ca20
us6

アクター

Valak3
Stantinko1
MuddyWater1
APT411
Cobalt Strike1

アクティビティ

関心

タイムライン

タイプ

Not Defined24
Router Operating System4
Content Management System4
Policy Management Software2
Log Management Software2

ベンダー

Not Defined12
Cisco6
NetIQ2
Acresso2
Ivanti2

製品

Cisco IOS4
NetIQ Security Solutions for iSeries2
StoreSprite2
Cisco Identity Services Engine2
Acresso FLEXnet Connect2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Red Hat JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL 情報の漏洩5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002810.00CVE-2012-4529
2Fortinet FortiOS sslvpnd メモリ破損9.89.6$0-$5k$0-$5kHighOfficial Fix0.382590.04CVE-2022-42475
3Cisco IOS/IOS XE Cluster Management Protocol 特権昇格9.89.7$25k-$100k$0-$5kHighWorkaround0.974810.03CVE-2017-3881
4Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.00CVE-2017-0055
5Cisco Prime License Manager Web Framework SQLインジェクション8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.001890.00CVE-2018-15441
6The Everything Development Company The Everything Development Engine User Account 特権昇格5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.002990.00CVE-2008-0724
7AOL Client Software ActiveX Control cddbcontrolaol.cddbaolcontrol setclientinfo メモリ破損10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.113900.00CVE-2006-6442
8Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
9Rarlab WinRar Recovery Volume メモリ破損6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000530.06CVE-2023-40477
10LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000007.10
11IBM InfoSphere Master Data Management 特権昇格6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001450.00CVE-2017-1523
12Bitrix Site Manager redirect.php 特権昇格5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
13FortiLogger SaveUploadedHotspotLogoFile 特権昇格7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.685530.00CVE-2021-3378
14Dell Precision Optimizer DLL poaService.exe 特権昇格6.56.5$5k-$25k$0-$5kNot DefinedNot Defined0.001110.04CVE-2017-2802
15Google Mini Search Appliance Error Message ディレクトリトラバーサル5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.019250.00CVE-2005-3755
16Red Hat JBoss Operations Network Remote Code Execution6.26.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000920.02CVE-2019-3834
17Cisco IOS Common Industrial Protocol 特権昇格6.46.3$5k-$25k$5k-$25kHighWorkaround0.004300.00CVE-2017-12234
18Cisco IOS Common Industrial Protocol 特権昇格6.46.3$5k-$25k$5k-$25kHighWorkaround0.004300.00CVE-2017-12233
19Cisco Identity Services Engine ERS API 特権昇格6.06.0$5k-$25k$5k-$25kNot DefinedNot Defined0.000800.00CVE-2019-1851
20Cisco IOS ICMP Redirect Routing Table 情報の漏洩9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005840.04CVE-2003-1398

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
12.57.184.111ryw3.ruValak2020年06月07日verified
251.75.41.185ip185.ip-51-75-41.euValak2020年06月07日verified
3XX.XXX.XXX.XXXxxxx2020年06月07日verified
4XX.XXX.XXX.XXXxxx.xxxXxxxx2020年06月07日verified
5XX.XXX.XXX.Xxxxx.xxxXxxxx2020年06月07日verified
6XX.XXX.XX.Xxxxxxxxxx-xx.xxXxxxx2020年06月07日verified
7XX.XXX.XX.XXXXxxxx2020年06月07日verified
8XXX.XXX.XXX.Xxxxxxxxxxxxxxx.xxxXxxxx2020年06月07日verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
5TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
6TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
8TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (41)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/forum/away.phppredictive
2File/uncpath/predictive
3Fileadclick.phppredictive
4FileAppCompatCache.exepredictive
5Fileauth.phppredictive
6Filexxxxxxxxxxxxxx.xxxxxxxxxxxxxxpredictive
7Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxpredictive
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
9Filexx_xxxxxxxxxxxxxx.xxxpredictive
10Filexxxxxxxxx.xxxpredictive
11Filexxxxxx.xxxpredictive
12Filexxxx.xxxpredictive
13Filexxxx_xxxx.xxxpredictive
14Filexxx_xxxxx_xxxx.xpredictive
15Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictive
16Filexxxxxxxxxx.xxxpredictive
17Filexxxxx.xxxpredictive
18Filexxxxx.xxxpredictive
19Filexxxxxxxx.xxxpredictive
20Filexxxxxx/xxxxxxxx.xxxpredictive
21Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
22Libraryxxxxxxxxxxx.xxxpredictive
23Libraryxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx.xpredictive
24Libraryxxxxxxxxx.x.x.xxx.xxxpredictive
25Libraryxxxxxxxx.xxxpredictive
26Libraryxxxxxxxxx.xxxpredictive
27Argumentxxxxxxxxpredictive
28Argumentxxx_xxpredictive
29Argumentxxxxxxxxpredictive
30Argumentxxxx_xxpredictive
31Argumentxxxxxxpredictive
32Argumentxxxxpredictive
33Argumentxxpredictive
34Argumentxxxx_xxpredictive
35Argumentxxxxpredictive
36Argumentxxxxxxxxpredictive
37Argumentxxxxpredictive
38Argumentxxxxxxxxxxxxxxxpredictive
39Argumentxxxpredictive
40Argumentxxxpredictive
41Network Portxxx/xx (xxxxxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!