Wild Neutron 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

en866
zh44
de20
sv14
ar14

国・地域

nl996
om4

アクター

RedLine Stealer7
Domestic Kitten3
Mylobot3
Dorkbot3
Charming Kitten2

アクティビティ

関心

タイムライン

タイプ

Not Defined216
Operating System142
Content Management System42
Web Server42
Firewall Software36

ベンダー

Not Defined234
Microsoft146
Apache44
Linux36
Cisco30

製品

Microsoft Windows94
Linux Kernel36
Google Android24
Apache HTTP Server24
WordPress20

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.53CVE-2020-12440
2Huawei ACXXXX/SXXXX SSH Packet 特権昇格7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.00CVE-2014-8572
3Microsoft Windows WPAD 特権昇格8.07.9$25k-$100k$0-$5kHighOfficial Fix0.909620.03CVE-2016-3213
4Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.040800.00CVE-2021-34530
5Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.03CVE-2021-34487
6Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.00CVE-2017-0055
7Cisco Secure Email and Web Manager Web-based Management Interface 弱い認証9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003630.04CVE-2022-20798
8nginx Log File 特権昇格7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000920.05CVE-2016-1247
9Apache HTTP Server mod_rewrite Redirect6.76.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002580.29CVE-2020-1927
10Microsoft .NET Core/Visual Studio サービス拒否6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.001920.09CVE-2021-26423
11Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k 以上$5k-$25kUnprovenOfficial Fix0.021830.04CVE-2021-26424
12Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k 以上$5k-$25kUnprovenOfficial Fix0.000680.04CVE-2021-26425
13Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k 以上$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34537
14Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.007360.00CVE-2021-34524
15Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.04CVE-2021-34536
16Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.040800.03CVE-2021-34533
17Microsoft Windows Services for NFS ONCRPC XDR Driver 情報の漏洩6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.013260.03CVE-2021-36926
18Microsoft ASP.NET Core/Visual Studio 情報の漏洩4.94.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000430.00CVE-2021-34532
19Microsoft Windows Services for NFS ONCRPC XDR Driver 情報の漏洩6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.013260.00CVE-2021-36933
20Microsoft Windows Remote Desktop Client Remote Code Execution8.87.9$100k 以上$5k-$25kProof-of-ConceptOfficial Fix0.052160.04CVE-2021-34535

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
146.183.217.132skalli.pereformed.comWild Neutron2020年12月24日verified
2XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxxxx.xxxXxxx Xxxxxxx2020年12月24日verified
3XX.XX.XXX.XXxx-xx-xxx-xx.xxxxxx.xxxXxxx Xxxxxxx2020年12月24日verified
4XXX.XX.XX.XXXxxx.xxxxxxxxxxxxx.xxx.xxXxxx Xxxxxxx2020年12月24日verified
5XXX.XX.X.XXxxxxxxxx.xxxxxxxxxxx.xxXxxx Xxxxxxx2020年12月24日verified

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
19TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
20TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (234)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.travis.ymlpredictive
2File/.envpredictive
3File/admin.phppredictive
4File/admin/subnets/ripe-query.phppredictive
5File/apply.cgipredictive
6File/core/conditions/AbstractWrapper.javapredictive
7File/debug/pprofpredictive
8File/exportpredictive
9File/file?action=download&filepredictive
10File/hardwarepredictive
11File/librarian/bookdetails.phppredictive
12File/medical/inventories.phppredictive
13File/monitoringpredictive
14File/opt/zimbra/jetty/webapps/zimbra/publicpredictive
15File/plugin/LiveChat/getChat.json.phppredictive
16File/plugins/servlet/audit/resourcepredictive
17File/plugins/servlet/project-config/PROJECT/rolespredictive
18File/replicationpredictive
19File/RestAPIpredictive
20File/tmp/speedtest_urls.xmlpredictive
21File/tmp/zarafa-vacation-*predictive
22File/uncpath/predictive
23File/uploadpredictive
24File/user/loader.php?api=1predictive
25File/var/log/nginxpredictive
26File/var/run/watchman.pidpredictive
27File/xxxxxx/xxxxxx.xxxxpredictive
28File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictive
29Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
30Filexxxxx-xxxx.xxx?xxxxxx=xxx_xxxxxxx xxxxx[x][xxx]predictive
31Filexxxxxxx.xxxpredictive
32Filexxxxxxx.xxxpredictive
33Filexxx/xxx/xxxx-xxxpredictive
34Filexxx/xx/xxxxxxpredictive
35Filexxxxx.xxxpredictive
36Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
37Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictive
38Filexxxx-xxxx.xpredictive
39Filexxxx/xxxxxxx.xxxpredictive
40Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictive
41Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictive
42Filexxxx.xxxpredictive
43Filexxx-xxx/xx.xxxpredictive
44Filexxx/xxxxxxx.xxpredictive
45Filexxxxx.xxxpredictive
46Filexxxxxx.xxxpredictive
47Filexxx_xxxxxx.xxxpredictive
48Filexxx.xxxpredictive
49Filexxxxxx.xxxpredictive
50Filexxxxxxxx.xxpredictive
51Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictive
52Filex_xxxxxxpredictive
53Filexxxxxx.xxxpredictive
54Filexxxxxxx.xxxpredictive
55Filexxxxxxx/xxxxx/xxxxxx.xpredictive
56Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictive
57Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictive
58Filexxxx_xxxxx.xxxpredictive
59Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictive
60Filexxxxxxxx.xpredictive
61Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictive
62Filexx/xxxxxxxxx.xpredictive
63Filexx/xxxxx.xpredictive
64Filexx/xxxxx/xxxxxxx.xpredictive
65Filexxxxx.xxxpredictive
66Filexxxxxxxxxx.xxpredictive
67Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
68Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictive
69Filexxxxx-xxxxx.xpredictive
70Filexxxxxx_xxxxx_xxxxxxx.xpredictive
71Filexxxxx-xxxxxxxxxx.xpredictive
72Filexxxxxxx/xxxx.xxxpredictive
73Filexxxxx.xxxpredictive
74Filexxxxx.xxx?xx=xxxxxxxx.xxxxxxpredictive
75Filexxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxxpredictive
76Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictive
77Filexxxx_xxxx.xxxpredictive
78Filexxxx_xxxxxx.xxpredictive
79Filexxxxxx/xxx/xxxxxxxx.xpredictive
80Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xpredictive
81Filexxxxxxx/xx_xxx.xpredictive
82Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictive
83Filexxxx.xxxpredictive
84Filexxxxx.xxxpredictive
85Filexxxxx.xxxpredictive
86Filexxxxxxxxxx/xxx.xpredictive
87Filexxxx.xpredictive
88Filexxxx.xxxpredictive
89Filexxxxxx_xxxxx_xxxxxxx.xpredictive
90Filexxxxxxxxxxxxxxxx.xpredictive
91Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictive
92Filexxx/xxxxxxxxx/x_xxxxxx.xpredictive
93Filexxxx.xxxpredictive
94Filexxx_xxxxxxx.xpredictive
95Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
96Filexxx_xx.xpredictive
97Filexxxxxxxxxxxxxxxxx.xxxpredictive
98Filexxxxxxxxx.xxx.xxxpredictive
99Filexxxxxxx.xxxpredictive
100Filexxxxxxxx.xxxxpredictive
101Filexxxxxxxxxxxx.xxxpredictive
102Filexxxxxxxxxxxxx.xxxxpredictive
103Filexxxxxx.xpredictive
104Filexxxxx.xxxpredictive
105Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
106Filexxxxxxxx.xxxpredictive
107Filexxxxxxx.xpredictive
108Filexxxxxxx.xxxpredictive
109Filexxxxxxx.xpredictive
110Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
111Filexxxx_xxx_xx.xpredictive
112Filexx_xxx.xpredictive
113Filexxx.xpredictive
114Filexxxxxx.xpredictive
115Filexxxxx.xxxpredictive
116Filexxxx-xxxxxx.xpredictive
117Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
118Filexxxxxxx.xpredictive
119Filexxx/xxx_xxxxx.xpredictive
120Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
121Filexx.xxxpredictive
122Filexxxxxx.xxxpredictive
123Filexxxxxxxx.xxxpredictive
124Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictive
125Filexxxx.xxxxxxxxx.xxxpredictive
126Filexxxx_xxxx.xxxpredictive
127Filexxxxxx.xxxpredictive
128Filexxx.xxxpredictive
129Filexxxxx.xxxpredictive
130Filexxxxxx/xx/xxxx.xxxpredictive
131Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
132Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
133Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictive
134Filexx-xxxxxxxx/xxxx.xxxpredictive
135Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
136Filexx/xx/xxxxxpredictive
137Filexx_xxxxxxx.xpredictive
138File_xxxxxxxx/xxxxxxxx.xxxpredictive
139File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictive
140Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictive
141Libraryxxxxxxxxx.xxxpredictive
142Libraryxxxxxxxx.xxxpredictive
143Libraryxxxxxxxxxx/xxxxxxxx.xpredictive
144Libraryxxxxxxxx.xxxpredictive
145Libraryxxxxxxxxx.xxxpredictive
146Libraryxxxxxxxx.xxxpredictive
147Libraryxxxxxx.xxx.xxx.xxxpredictive
148Libraryxxxxxxxx.xxxpredictive
149Libraryxxxxxxxx.xxxpredictive
150Argument-xpredictive
151Argumentxx_xxxxx_xxx_xxxxpredictive
152Argumentxxxxxx_xxxxpredictive
153Argumentxxxpredictive
154Argumentxxxxxpredictive
155Argumentxxx_xxpredictive
156Argumentxxxxxxxxxxxxxxxpredictive
157Argumentxxxx_xxpredictive
158Argumentxxxxxxpredictive
159Argumentxxxxxxx xxxxpredictive
160Argumentxxxxxxxxxxpredictive
161Argumentxxxxxxxpredictive
162Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictive
163Argumentxxxxxxpredictive
164Argumentxxxxxxxxxxxpredictive
165Argumentxxxxxx_xxxxpredictive
166Argumentxxxxxxxxx->xxxxxxxxxpredictive
167Argumentxxpredictive
168Argumentxxpredictive
169Argumentxxxxxxxxxxxxxxpredictive
170Argumentxxxxxxxpredictive
171Argumentxxxxx[xxxxx][xx]predictive
172Argumentxxxx_xxxxxx_xxxxpredictive
173Argumentxxxx x xxxxpredictive
174Argumentxxxxxxxxx/xxxxxxxxxpredictive
175Argumentxxxpredictive
176Argumentxx_xxxxpredictive
177Argumentxx[xxxx]predictive
178Argumentxxxxpredictive
179Argumentxxxxxxxxxxxxxxxxxxxxpredictive
180Argumentxxpredictive
181Argumentxxxxxxx/xxxx/xxxxxxxxpredictive
182Argumentxxxxxpredictive
183Argumentxxxxx/xxxxxxpredictive
184Argumentxxxxpredictive
185Argumentxxxx_xxxxpredictive
186Argumentxxxxxxxxpredictive
187Argumentxxxxxxxxpredictive
188Argumentxxxxxxxxpredictive
189Argumentxxxxxxxxxpredictive
190Argumentxxx_xxxpredictive
191Argumentxxxxxxpredictive
192Argumentxxxxxxpredictive
193Argumentxx_xxxxxxx_xxxxxxxpredictive
194Argumentxxxxxxxxxxxxxpredictive
195Argumentxxxxxpredictive
196Argumentxxxxxxx_xxxpredictive
197Argumentxxxxpredictive
198Argumentxxxxxxxpredictive
199Argumentxxxxxxpredictive
200Argumentxxxxxxxx_xxxxxpredictive
201Argumentxxxxxxpredictive
202Argumentxxxpredictive
203Argumentxxxxxxxxxxxxpredictive
204Argumentxxxxxxpredictive
205Argumentxxxxxxxxxpredictive
206Argumentxxxpredictive
207Argumentxxxxxxpredictive
208Argumentxxxpredictive
209Argumentxxxxpredictive
210Argumentxxxxxxxx-xxxxxxxxpredictive
211Argumentxxxpredictive
212Argumentxxxxpredictive
213Argumentxxxxxxxxpredictive
214Argumentxxxxxxxpredictive
215Argumentxxxx->xxxxxxxpredictive
216Argumentx-xxxxxxxxx-xxxpredictive
217Argumentxxxpredictive
218Argument\xxxxxx\predictive
219Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictive
220Argument_xxx_xxxxxxxxxxx_predictive
221Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
222Input Value.%xx.../.%xx.../predictive
223Input Valuexxx xxxxxxxxpredictive
224Input Valuexxxxxxxxpredictive
225Input Valuexxxxxxxxx' xxx 'x'='xpredictive
226Input Valuexxxxxpredictive
227Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictive
228Input Value\xpredictive
229Input Value….//predictive
230Pattern|xx|predictive
231Network Portxxxxxpredictive
232Network Portxx xxxxxxx xxx.xx.xx.xxpredictive
233Network Portxxx/xx (xxxxxx)predictive
234Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!