Vulturi 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (569)

タイムライン

言語

en562
fr8

国・地域

us500
fr6
de2

アクター

Vulturi4
Cobalt Strike1
Mirai1
Bashlite1
Remcos1

アクティビティ

関心

タイムライン

タイプ

Not Defined202
Web Browser40
Operating System34
Router Operating System24
Messaging Software24

ベンダー

Not Defined120
Oracle52
Cisco38
Google26
IBM24

製品

Google Chrome24
Linux Kernel20
Pidgin18
Oracle Java SE16
Oracle Database Server14

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1WordPress WP_Query class-wp-query.php SQLインジェクション8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.04CVE-2017-5611
2Litespeed Technologies OpenLiteSpeed Web Server Dashboard 特権昇格7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000810.02CVE-2022-0073
3LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.53
4Twiki statistics クロスサイトスクリプティング5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.001530.03CVE-2018-20212
5SolarWinds Serv-U FTP Server Web Management Interface Reflected クロスサイトスクリプティング3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.002110.00CVE-2018-19934
6Nextcloud Server 特権昇格6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001140.00CVE-2023-30539
7Dropbear svr-auth.c recv_msg_userauth_request User 情報の漏洩5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003020.05CVE-2018-15599
8libX11 XListExtensions ListExt.c 特権昇格6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.009980.00CVE-2018-14598
9Google Chrome 特権昇格5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001310.00CVE-2022-2160
10Google Chrome File System API 特権昇格5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.005410.00CVE-2022-2162
11Google Chrome WebApp Provider メモリ破損5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004040.00CVE-2022-2161
12Google Chrome Extensions API Privilege Escalation5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001310.00CVE-2022-2164
13Google Chrome Cast UI/Toolbar メモリ破損6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002850.04CVE-2022-2163
14Google Chrome URL Format Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003860.00CVE-2022-2165
15cifs-utils krb5 CIFS File System 特権昇格5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.00CVE-2021-20208
16Apple Safari WebKit CSP 特権昇格6.96.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.003450.00CVE-2017-2419
17Zoho ManageEngine ServiceDesk Plus 特権昇格6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.007410.05CVE-2019-12252
18Apache Tomcat JSP File 特権昇格7.77.5$5k-$25k$0-$5kHighOfficial Fix0.975010.04CVE-2017-12617
19Oracle MySQL Server Installing サービス拒否6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.008060.00CVE-2018-0739
20PrestaShop Error Message 情報の漏洩5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002100.00CVE-2011-3796

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
134.69.68.209209.68.69.34.bc.googleusercontent.comVulturi2022年03月15日verified
2103.114.104.36Vulturi2022年03月26日verified
3XXX.XXX.XXX.XXxxx-xxxxxxxxxx.xxx-xxxxx.xxxXxxxxxx2022年03月15日verified
4XXX.XX.XX.XXXxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx2022年03月15日verified
5XXX.XXX.XX.XXXxxxxxx2022年04月12日verified
6XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxx2022年03月15日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
4T1068CAPEC-122CWE-264, CWE-266, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
5TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
16TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (171)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/+CSCOE+/logon.htmlpredictive
2File/admin/customers.phppredictive
3File/admin/user/UserAdmin.dopredictive
4File/cgi-bin/changepw.cgipredictive
5File/cgi-bin/dhcp.cgipredictive
6File/cgi-bin/hosts.cgipredictive
7File/cgi-bin/hotspot-changepw.cgipredictive
8File/cgi-bin/proxyconfig.cgipredictive
9File/cgi-bin/testcgipredictive
10File/cgi-bin/webprocpredictive
11File/cocoon/statuspredictive
12File/dana/nc/ncrun.cgipredictive
13File/enterprise/www/student.phppredictive
14File/forum/away.phppredictive
15File/groups/31-twitter-basicspredictive
16File/oscommerce/admin/administrators.phppredictive
17File/oscommerce/admin/countries.phppredictive
18File/oscommerce/admin/currencies.phppredictive
19File/oscommerce/admin/orders_status.phppredictive
20Fileadmin.comms.phppredictive
21Fileadmin/configure.phppredictive
22Fileadmin/install.phppredictive
23Filexxxxxxxx_xxxxxx_xxxxxxx.xxxpredictive
24Filexxxxxxxx_xxxxxxxx_xxxxxxx.xxxpredictive
25Filexxxxxxxxxxxxxx.xxxpredictive
26Filexxxxx.xxxpredictive
27Filexxxx/xxxxxx.xpredictive
28Filexxx/xxxxxxxxxxpredictive
29Filexxxxxxxx.xpredictive
30Filexxxxxxxxx.xxxpredictive
31Filexxxxxxxx.xxxpredictive
32Filexxxxxx/xxx.xpredictive
33Filexxxxxxxxxx.xxxpredictive
34Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
35Filexxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictive
36Filexxxxxxx.xxxxpredictive
37Filexxxxxxxxx.xxxpredictive
38Filexxxx-xxxxx.xxpredictive
39Filexxxxxxxx.xxxpredictive
40Filexxxxxxxx_xxxx.xxxpredictive
41Filexxxxxxx/xxxxxxxxxx/xxx/xxxx/xx_xxxx.xpredictive
42Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxx.xpredictive
43Filexxxxxxx/xxxx/xxxxxx/xxxxxx_xxx.xpredictive
44Filexxxxx.xxxpredictive
45Filexxxx_xx_xxxx.xxxpredictive
46Filexxxxxxxxxx.xxxpredictive
47Filexxxxxxxxxx.xxxpredictive
48Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictive
49Filexx/xxxxxxxxx/xxxx_xx.xpredictive
50Filexxxxxx.xxpredictive
51Filexxxxx_xxxxxxx.xxxpredictive
52Filexxxxxxxx.xxxpredictive
53Filexxxxxxxx.xxxpredictive
54Filexxxxxxx/xxx/xxx.xpredictive
55Filexxxxxxx/xxxxxxxx.xxxpredictive
56Filexxxxx.xxxpredictive
57Filexxxxxxx.xxxpredictive
58Filexxxxxxx.xxpredictive
59Filexxxxxx.xxxpredictive
60Filexxxxxx.x++predictive
61Filexxxxxxxxxx/xxxxxxxxx.xpredictive
62Filexxxxxxx.xpredictive
63Filexxxxxxxxxx/xxxx.xpredictive
64Filexxxxxxxxxx/xxxx.xpredictive
65Filexxxxxxxxxx.xpredictive
66Filexxxx_xxx.xxxxxpredictive
67Filexx_xxxxpredictive
68Filexxxx/xxxxxxx.xpredictive
69Filexxxx/xxxxxxx_xxxx.xpredictive
70Filexxxx.xpredictive
71Filexxx.xxxpredictive
72Filexxxxxxx/xxxxxxxxxx/xxxx_xxxxxxx.xxxpredictive
73Filexxxxxxx/xxxxx/xxxx.xxxpredictive
74Filexxx.xpredictive
75Filexxxx.xxxpredictive
76Filexxx_xxxxx.xpredictive
77Filexxxxxxxx.xxxpredictive
78Filexxxx.xpredictive
79Filexxxxxxxx.xpredictive
80Filexxxxxxxxx.xxxpredictive
81Filexxxxx_xxxxxxxxx.xxxpredictive
82Filexxxxxxxx_xxxxxxx.xxxpredictive
83Filexxxxxxx.xxxpredictive
84Filexxx/xxxxxx.xpredictive
85Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictive
86Filexxxxxxxx/xxxx/xxxx.xpredictive
87Filexxxx_xxxx_xxxxpredictive
88Filexxx_xxxx.xxxpredictive
89Filexxx_xxxxxx.xxxpredictive
90Filexxx-xxxx.xpredictive
91Filexxxxxxxxxxxx/xxxxxx/xxxxxxx.xxxxpredictive
92Filexx-xxxxx/xxxxx.xxxpredictive
93Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
94Filexx-xxxx.xxxpredictive
95Filexxxx_xxxx_xxxxxxx.xxxpredictive
96Libraryxxx/xxxxxxx/xxxxx/xxxx_xxxxx_xxxxxx.xxxpredictive
97Libraryxxx/xxx.xxpredictive
98Libraryxxx/xxxxxxx/xxxxxx/xxxxx.xxxxxxx.xxxpredictive
99Libraryxxx/xxxxx/xxxxxxxx.xxxpredictive
100Libraryxxxxxxxxxx.xxxpredictive
101Libraryxxxxxxx.xxx.xx.xxxpredictive
102Argument--xxxxxxxxpredictive
103Argument-x/-x/-x/-x/-xpredictive
104Argument:$xxxxpredictive
105Argumentxxxx_xxxxpredictive
106Argumentxxxx_xxxxxxxpredictive
107Argumentxxxx_xxxxpredictive
108Argumentxxxxxpredictive
109Argumentxxpredictive
110Argumentxxxxxxpredictive
111Argumentxxxpredictive
112Argumentxxxxxxxxpredictive
113Argumentxxxxxxxx_xxpredictive
114Argumentxxxxpredictive
115Argumentxxxxxxxpredictive
116Argumentxxxxxxxpredictive
117Argumentxxxxxxxpredictive
118Argumentxxxxxxxxxxpredictive
119Argumentxxxxxxx_xxxxpredictive
120Argumentxxxxxxx_xxxx_xxpredictive
121Argumentxxxxxxxxxxxpredictive
122Argumentxx_xxpredictive
123Argumentxxxxxxxxx->xxxxxxxxxpredictive
124Argumentxxxxxpredictive
125Argumentxxxxpredictive
126Argumentxxxxxx[x][xxxxx]predictive
127Argumentxxxxxxpredictive
128Argumentx_xxxxxxxxpredictive
129Argumentxxxxpredictive
130Argumentxxpredictive
131Argumentxxxxx_xxxxpredictive
132Argumentxxxxxxxxpredictive
133Argumentxxxx_xxxxxxpredictive
134Argumentxxxxxxxxpredictive
135Argumentxxxxpredictive
136Argumentxxxx/xxx_xxxxxx/xxxxpredictive
137Argumentxxxx/xxxpredictive
138Argumentxxx_xxxxxxpredictive
139Argumentxxxxxxxxxxpredictive
140Argumentxxxxpredictive
141Argumentxxxxxxxpredictive
142Argumentxxxxxxxxxpredictive
143Argumentxxxxxxxpredictive
144Argumentxxxxxxxxxxxpredictive
145Argumentxxxxx_xxxxpredictive
146Argumentxxxxxxpredictive
147Argumentxxxxxxxx_xxxpredictive
148Argumentxxxx-xxxxx[xxxxxxxxx]predictive
149Argumentxxxxxxpredictive
150Argumentxxxxxxxpredictive
151Argumentxxxxpredictive
152Argumentxxxxxxxxpredictive
153Argumentxxxxxpredictive
154Argumentxxxxpredictive
155Argumentxxxxxxxxx_xxxxxxxxxxxxpredictive
156Argumentxxxxpredictive
157Argumentxxxxxxxxxpredictive
158Argumentxxxpredictive
159Argumentxxxpredictive
160Argumentxxxxxxxxxxxxxxxxxxxxpredictive
161Argumentxxxxxxxx/xxxxxxxxpredictive
162Argumentxxxx_xxpredictive
163Argumentxxxxpredictive
164Argumentxxxxpredictive
165Input Value"><xxx xxx=""" xxxxxxx=xxxxx('xxxx')>predictive
166Input Value%xx%xx%xxxxxxxx%xxxxxxx%xxxxxxxxxx.xxxxxx%xx%xx/xxxxxx%xx%xxxxx%xxxxxxx=%xxxpredictive
167Input Valuex%xx%xx%xxxx%xxxxxxpredictive
168Input Valuexx+/*!xxxxx*/xxxxxx+x,x,x,x,x,x,xxxxxxxx,x,x,xx,xx,xx+xxxx+xxxxx--predictive
169Network Portxxx/xxxxpredictive
170Network Portxxx/xxxxpredictive
171Network Portxxx/xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!