VPNFilter 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

en864
fr126
es4
ru2
de2

国・地域

us762
fr122
de24
ir6
tr4

アクター

VPNFilter5
Wannacry1
FIN71
Upatre1
Cobalt Strike1

アクティビティ

関心

タイムライン

タイプ

Not Defined122
Hosting Control Software24
Web Browser16
Forum Software12
WordPress Plugin12

ベンダー

Not Defined114
Google18
Adobe8
Synology8
Huawei6

製品

cPanel22
Google Chrome14
WordPress10
Adobe Acrobat Reader8
Huawei FusionCompute6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Discuz! admin.php クロスサイトスクリプティング3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.06CVE-2018-19464
2Simple Machines Forum Access Restriction PersonalMessage.php MessageSearch2 特権昇格8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.00CVE-2018-10305
3DM Guestbook guestbook.php ディレクトリトラバーサル7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.044030.00CVE-2007-5821
4PHPNews news.php SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001560.00CVE-2005-2156
5University of Cambridge Exim Batched SMTP Mode Format String7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.196070.04CVE-2001-0690
6phpBB Redirect6.15.7$0-$5k$0-$5kUnprovenOfficial Fix0.002560.05CVE-2015-3880
7Discuz!ML Cookie 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040150.02CVE-2019-13956
8phpBB startup.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002870.02CVE-2015-1431
9Dokeos Open Source Learning And Knowledge Management Tool viewthread.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004090.00CVE-2007-6574
10Microsoft Windows NTFS Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.002510.00CVE-2023-29346
11Revive Adserver afr.php クロスサイトスクリプティング4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.006050.03CVE-2021-22872
12Trojan-Proxy.Win32.Ranky.dh Service Port 17503 特権昇格7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
13WordPress XML-RPC 特権昇格7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002880.00CVE-2020-28035
14Plesk Obsidian Reflected クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2020-11583
15PHPList template.php クロスサイトスクリプティング5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000770.00CVE-2020-12639
16Kunena news.php SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001350.04CVE-2012-4868
17PHP http_fopen_wrapper.c php_stream_url_wrap_http_ex メモリ破損8.07.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.798890.05CVE-2018-7584
18WP GDPR Plugin controller-comments.php Stored クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2020-20628
19Advanced Guestbook admin.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003270.04CVE-2005-3588
20phpBB sessions.php 情報の漏洩7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.049210.00CVE-2005-0614

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.149.250.54columb.dp.uaVPNFilter2018年06月10日verified
246.151.209.33timelypromotions.netVPNFilter2018年06月10日verified
362.210.180.229sully.siptology.comVPNFilter2018年06月10日verified
4XX.XXX.XXX.XXXXxxxxxxxx2018年06月10日verified
5XX.XXX.XXX.XXXxxxxxxxxx.xx-xx-xxx-xxx.xxXxxxxxxxx2018年06月10日verified
6XX.XXX.XX.XXXxxxxxxxx2018年06月10日verified
7XX.XXX.XXX.XXXXxxxxxxxx2018年06月10日verified
8XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xxxx.xxxxxxxxxx.xxxXxxxxxxxx2018年06月10日verified
9XX.XXX.XXX.XXXxxxxxxxx2018年06月10日verified
10XX.XXX.XXX.XXXxxxxxxxxxx.xxxXxxxxxxxx2018年06月10日verified
11XXX.XXX.XXX.XXxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx2018年06月10日verified
12XXX.XX.XXX.XXxxx-xx.xxxxxx.xxxXxxxxxxxx2018年06月10日verified
13XXX.XX.XXX.XXXxxxxxxxx2018年06月10日verified

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
12TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
13TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
15TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
18TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
19TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
20TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
21TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
22TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
23TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
24TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (126)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/markdownpredictive
2File/atheme/src/crypto-benchmark/main.cpredictive
3File/cgi-bin/kerbynetpredictive
4File/cgi-bin/touchlist_sync.cgipredictive
5File/Core/Ap4Stz2Atom.cpppredictive
6File/etc/config/cameopredictive
7File/etc/fstabpredictive
8File/goform/aspFormpredictive
9File/ofrs/admin/?page=user/manage_userpredictive
10File/user/dls_download.phppredictive
11File/xxl-job-admin/jobinfopredictive
12FileAAVCAssembler.cpppredictive
13Fileadmin.phppredictive
14FileAdmin.phppredictive
15Fileadmin/admin.guestbook.phppredictive
16Fileadmin/comment.phppredictive
17Filexxx.xxxpredictive
18Filexxxxx_xxx.xxxpredictive
19Filexxxxxxxxxx.xxxpredictive
20Filexxxx.xxxpredictive
21Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictive
22Filexxx-xxxx.xxxpredictive
23Filexxx.xxxpredictive
24Filexxxxxxxxx/xxxxxx/xxxxxxx/xxxx/xxxxx.xpredictive
25Filexxxxxxx.xxxpredictive
26Filexxxxxxxxxx/xxxxxxxxxx-xxxxxxxx.xxxpredictive
27Filexxxxxxx_xxxxx.xxxpredictive
28Filexxxxxx.xxxpredictive
29Filexxx/xxxxxxxxxxx.xxxpredictive
30Filexxxxxxxxxxxxx.xxxpredictive
31Filex-xxxxx_xxxx.xxpredictive
32Filexxxxxxx/xxxxxxxxxxxxxxxxxxx.xxpredictive
33Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictive
34Filexxxxx/xxxxxxxxxx.xxxpredictive
35Filexx/xx_xxxxx.xpredictive
36Filexxxxxxx.xxxpredictive
37Filexxxxxxxxx.xxxpredictive
38Filexxxxxxxxx.xxpredictive
39Filexxxxxxxxxxxxxxx.xxxpredictive
40Filexxxxxxx/xxxxxxx.xxxpredictive
41Filexxxxx.xxxpredictive
42Filexxxxx.xxxpredictive
43Filexxxxxxxxxxxx.xxxxx.xxxpredictive
44Filexxxxxxxx/xxxxxxxxx.xxxpredictive
45Filexxxxxxxx/xxxxxxx.xxxpredictive
46Filexxxxx.xxxpredictive
47Filexxxxxxx.xxxpredictive
48Filexxxxxx\xxx\xxxxxxxx\xxxx.xxxpredictive
49Filexxxxx/xxxxx/xxxxxxxx.xxxpredictive
50Filexxxxx.xxxpredictive
51Filexxx_xxxxx_xxxxxx_xxxxx.xxxpredictive
52Filexxxxxxxx.xxxpredictive
53Filexxxx.xxxpredictive
54Filexxxxxxxxxxxxxxx.xxxpredictive
55Filexxxxxx.xxxpredictive
56Filexxxxxxxx.xxxpredictive
57Filexxxxx/xxxxx.xxxpredictive
58Filexxxxxxxxxxxxxxxxxx/xxx.xxpredictive
59Filexxxxxxxx.xxxpredictive
60Filexxxx/xx.xxxpredictive
61Filexxxx/xxxxxxxpredictive
62Filexxxx.xxxpredictive
63Filexxxxxxxxx.xxxpredictive
64Filexxxxxxxxxxx.xxxpredictive
65Filexxxxxxxxxxxxxxx.xxxxpredictive
66Filexxxxxxxxxxxxxxxxx.xxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
67Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictive
68Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
69Filexx-xxxxxxxx/xxxx.xxxpredictive
70File~/xxxxxxxx-xxxxxxxx.xxxpredictive
71Libraryxxxxxxxx/xxx/xxxxxxxx.xxxpredictive
72Argument$xxxxpredictive
73Argument(xxxxxx)predictive
74Argumentxx_xxpredictive
75Argumentxxxxxxxxxxxxxxxxpredictive
76Argumentxxxxxxxxxxxpredictive
77Argumentxxxxxxxpredictive
78Argumentxxxxpredictive
79Argumentxxxxxxxxxxxxxxpredictive
80Argumentxxxxxx[xxxxxxxxxx]predictive
81Argumentxxxxxxx_xxxpredictive
82Argumentxxx_xxxx_xxxxpredictive
83Argumentxxxxxxxxpredictive
84Argumentxxxxpredictive
85Argumentxxxxxxxxxxpredictive
86Argumentxxxxxpredictive
87Argumentxxxx xxxx/xxxxx/xxxxxxxx/xxxxxxxxpredictive
88Argumentxxxxxxxxxxxxx/xxxxxxxpredictive
89Argumentxxpredictive
90Argumentxxpredictive
91Argumentxxx/xxxpredictive
92Argumentxxxxxxxxx/xxxxxpredictive
93Argumentxxpredictive
94Argumentxxxxpredictive
95Argumentxxxxpredictive
96Argumentxxxxxxxxxxpredictive
97Argumentxxxxxxxxxxxxx/xxxxxxxxxxpredictive
98Argumentxxxx_xxpredictive
99Argumentxxxxpredictive
100Argumentxxxxpredictive
101Argumentxxxxx_xxxx_xxxpredictive
102Argumentxxxxx_xxxx_xxxxpredictive
103Argumentxxxpredictive
104Argumentxxxxxxxx_xxxxxpredictive
105Argumentxxxxxxxxpredictive
106Argumentxxxxxxxpredictive
107Argumentxxxxxxxxpredictive
108Argumentxxxxxxxxxpredictive
109Argumentxxxxxxxpredictive
110Argumentxxxxxxxx_xxxxxxxxpredictive
111Argumentxxxxpredictive
112Argumentxxxxxxxxxpredictive
113Argumentxxxxpredictive
114Argumentxxxxxxxxxxxxxxxpredictive
115Argumentxxxxpredictive
116Argumentxxxxpredictive
117Argumentxxxxxxxx[xxxx_xxxxxpredictive
118Argumentxxxxxxxx/xxxx_xxxxpredictive
119Argumentxxxxx/xx_xxxxxpredictive
120Argumentx/xpredictive
121Argumentxxxxxxxxpredictive
122Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictive
123Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictive
124Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictive
125Input Value<!-- xxxx -->predictive
126Network Portxxx/xxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!