Vicious Panda 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (119)

タイムライン

言語

en82
zh16
de8
fr8
es4

国・地域

us62
cn24
vn14
ru2

アクター

Vicious Panda8
Purple Fox2
RedLine Stealer2
Ave Maria1
Farseer1

アクティビティ

関心

タイムライン

タイプ

Not Defined44
Programming Language Software14
Content Management System6
Application Server Software4
Operating System4

ベンダー

Not Defined42
FasterXML4
IBM4
Cisco4
Tribal Systems2

製品

PHP6
FasterXML jackson-databind4
IBM WebSphere Application Server4
Tribal Systems Zenario CMS2
OpenSSH2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2Tiki Wiki CMS Groupware tiki-jsplugin.php 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.026750.05CVE-2010-4239
3Tabit API 情報の漏洩4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.001500.00CVE-2022-34776
4Phplinkdirectory PHP Link Directory conf_users_edit.php 未知の脆弱性6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.05CVE-2011-0643
5PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.24CVE-2015-4134
6FasterXML jackson-databind Default Typing 情報の漏洩7.46.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004150.03CVE-2019-12086
7DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.57CVE-2010-0966
8UliCMS index.php クロスサイトスクリプティング5.75.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.009360.04CVE-2019-11398
9D-Link DIR-865L register_send.php 弱い認証7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.04CVE-2013-3096
10WebCalendar settings.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030930.00CVE-2005-2717
11Cisco ASR901 IPv4 Packet サービス拒否5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.022640.00CVE-2014-3293
12Earl Miles Views Filters SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003610.00CVE-2011-4113
13Linux Kernel mvpp2 Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.05CVE-2024-35837
14Microsoft IIS Frontpage Server Extensions shtml.dll Username 情報の漏洩5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.159580.04CVE-2000-0114
15MikroTik RouterOS 特権昇格7.47.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.059230.00CVE-2019-3924
16Google Chrome Downloads Remote Code Execution7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004970.06CVE-2023-5857
17DHIS 2 API Endpoint trackedEntityInstances SQLインジェクション7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2021-41187
18DHIS2 Core Web API 弱い認証5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000960.00CVE-2023-31139
19ALPACA 弱い認証5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.28CVE-2021-3618
20Bomgar Remote Support Portal JavaStart.jar Applet ディレクトリトラバーサル9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.001950.03CVE-2017-12815

キャンペーン (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.76.34.14745.76.34.147.vultrusercontent.comVicious PandaRussian Research Institutes2022年05月01日verified
295.179.156.9795.179.156.97.vultr.comVicious PandaCOVID-192022年02月10日verified
3XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx2022年02月10日verified
4XX.XXX.XXX.Xxx.xxx.xxx.x.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx2022年02月10日verified
5XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx2022年02月10日verified
6XXX.XX.XX.XXXxxx-xxxxxxxxx.xxxxxxx.xxxXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx2022年05月01日verified
7XXX.XX.XXX.XXXxx-xxx.xxxxxxx.xxXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx2022年05月01日verified
8XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxx.xxxXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx2022年05月01日verified
9XXX.XX.XXX.XXXXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx2022年05月01日verified
10XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx2022年02月10日verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
11TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (64)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/api/trackedEntityInstancespredictive
2File/cgi-bin/luci/api/diagnosepredictive
3File/cgi-bin/mesh.cgi?page=upgradepredictive
4File/guest_auth/cfg/upLoadCfg.phppredictive
5File/phppath/phppredictive
6File/uncpath/predictive
7File/WEB-INF/web.xmlpredictive
8Fileabook_database.phppredictive
9Filexxxxxxx.xxxpredictive
10Filexxxxx.xxxpredictive
11Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
12Filexxxxx/xxxxx.xxxpredictive
13Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictive
14Filexxxx.xxxpredictive
15Filexxxxxxxx.xxxpredictive
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
17Filexx_xxxxxx.xxxpredictive
18Filexxxx_xxxx.xxxxpredictive
19Filexxxxxxxxxx.xxxpredictive
20Filexxxxx.xxxpredictive
21Filexxx_xxxxxxx.xxxpredictive
22Filexxxx.xxxpredictive
23Filexxxx_xxxxxxx.xxx.xxxpredictive
24Filexxxx/xxx-xxxxxxxx.xxxpredictive
25Filexxx/xxxxxx.xxxpredictive
26Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
27Filexxxxx.xxxpredictive
28Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictive
29Filexxxxx.xxx?xxx=xxxx&xxx=xxxx_xxxxxxxpredictive
30Filexxxxxxxx/xxxx?xxxxxx=xxpredictive
31Filexxxxxxx.xxxpredictive
32Filexxxxxx.xpredictive
33Filexxxxxxxx_xxxx.xxxpredictive
34Filexxxx/xxx/xxx_xxxx.xpredictive
35Filexxxxxxxx.xxxpredictive
36Filexxxxx.xxxpredictive
37Filexxxx-xxxxxxxx.xxxpredictive
38Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
39Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictive
40Library/_xxx_xxx/xxxxx.xxxpredictive
41Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictive
42Argument$_xxxxxx['xxxxx_xxxxxx']predictive
43Argumentxxxxxxx_xxpredictive
44Argumentxxxxxxxxxxxxxx[xxx][x][xxxxxxxx]predictive
45Argumentxxxxxxxxpredictive
46Argumentxxxpredictive
47Argumentxxx_xxxxxxx_xxxpredictive
48Argumentxxxxpredictive
49Argumentxxxxxxxxpredictive
50Argumentxxxxxpredictive
51Argumentxxpredictive
52Argumentxxpredictive
53Argumentxxpredictive
54Argumentxxxpredictive
55Argumentxxxxxxxxpredictive
56Argumentxxxx_xxxxpredictive
57Argumentxxpredictive
58Argumentxxxxxxxxpredictive
59Argumentxxxxxxxxpredictive
60Argumentxxxpredictive
61Input Value-xpredictive
62Pattern|xx xx xx xx xx xx xx xx|predictive
63Network Portxxx/xx (xxx xxxxxxxx)predictive
64Network Portxxx/xxxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!