Winnti 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (158)

タイムライン

言語

en132
zh22
es2
de2

国・地域

ms144
cn12
us2

アクター

Winnti3
BlackTech1
Meterpreter1
Lotus Blossom1
Ponystealer1

アクティビティ

関心

タイムライン

タイプ

Not Defined60
Content Management System16
Groupware Software6
Database Administration Software6
Application Server Software4

ベンダー

Not Defined66
Microsoft8
Cisco6
Atlassian4
Joomla2

製品

phpMyAdmin6
WordPress6
Microsoft Exchange Server4
Microsoft ASP.NET Core4
Joomla4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1vTiger CRM SQLインジェクション7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002280.00CVE-2019-11057
2WordPress WP_Query class-wp-query.php SQLインジェクション8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.05CVE-2017-5611
3Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973190.05CVE-2021-34473
4Apache Solr ResourceLoader ディレクトリトラバーサル5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.528190.02CVE-2013-6397
5ThinkPHP 特権昇格8.58.4$0-$5k$0-$5kHighOfficial Fix0.974550.03CVE-2019-9082
6Mailman 特権昇格6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2018-13796
7Pivotal RabbitMQ password 特権昇格7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003430.00CVE-2016-9877
8phpThumb Default Configuration 特権昇格5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002460.03CVE-2013-6919
9phpThumb phpThumb.demo.showpic.php クロスサイトスクリプティング5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2016-10508
10Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
11XenForo 特権昇格8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
12WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.006830.08CVE-2021-44223
13RuoYi edit SQLインジェクション7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2023-49371
14Apple iPhone UBS checkm8 特権昇格6.45.9$5k-$25k$0-$5kFunctionalOfficial Fix0.000000.05CVE-2019-8900
15Apache Tomcat HTTP Header 特権昇格7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.123150.04CVE-2021-33037
16André Bräkling WP-Matomo Integration Plugin クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-33211
17Cacti graph_settings.php 特権昇格7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.014980.00CVE-2014-5261
18crewjam saml 弱い認証3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.012510.00CVE-2020-27846
19VestaCP user.conf 特権昇格4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000480.00CVE-2021-30463
20MobileIron Core/Connector 弱い認証8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.009870.00CVE-2020-15506

IOC - Indicator of Compromise (139)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
113.115.93.210ec2-13-115-93-210.ap-northeast-1.compute.amazonaws.comWinnti2018年05月08日verified
214.29.50.66Winnti2018年05月08日verified
319.135.56.175Winnti2018年05月08日verified
423.252.164.156Winnti2018年05月08日verified
523.252.164.238Winnti2018年05月08日verified
627.255.64.94Winnti2018年05月08日verified
742.51.17.180Winnti2018年05月08日verified
842.121.131.17Winnti2018年05月08日verified
945.32.18.18745.32.18.187.vultrusercontent.comWinnti2018年05月08日verified
1045.77.179.19245.77.179.192.vultrusercontent.comWinnti2018年05月08日verified
1145.114.9.206Winnti2018年05月08日verified
1245.125.13.227Winnti2018年05月08日verified
1345.125.13.247Winnti2018年05月08日verified
1452.199.171.117ec2-52-199-171-117.ap-northeast-1.compute.amazonaws.comWinnti2018年05月08日verified
1552.199.202.13ec2-52-199-202-13.ap-northeast-1.compute.amazonaws.comWinnti2018年05月08日verified
1658.64.203.13Winnti2018年05月08日verified
1761.36.11.112Winnti2018年05月08日verified
1861.78.62.21Winnti2018年05月08日verified
1961.78.62.61Winnti2018年05月08日verified
2061.78.62.102Winnti2018年05月08日verified
2161.111.3.101Winnti2018年05月08日verified
2264.125.185.106love.war.and.peace.my.idWinnti2018年05月08日verified
2369.56.214.232e8.d6.3845.static.theplanet.comWinnti2018年05月08日verified
2498.126.91.205suvmagic.comWinnti2018年05月08日verified
2598.126.107.24998.126.107.249.static.krypt.comWinnti2018年05月08日verified
2698.126.193.22398.126.193.223.customer.vpls.netWinnti2018年05月08日verified
27101.55.33.106Winnti2018年05月08日verified
28101.55.64.183Winnti2018年05月08日verified
29XXX.XX.XX.XXXXxxxxx2018年05月08日verified
30XXX.XX.XX.XXXXxxxxx2018年05月08日verified
31XXX.XX.XX.XXXXxxxxx2018年05月08日verified
32XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
33XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
34XXX.XX.XXX.XXXxxxxx2018年05月08日verified
35XXX.XX.X.XXXXxxxxx2018年05月08日verified
36XXX.XX.X.XXXXxxxxx2018年05月08日verified
37XXX.XX.X.XXXXxxxxx2018年05月08日verified
38XXX.XX.X.XXXXxxxxx2018年05月08日verified
39XXX.XX.X.XXXXxxxxx2018年05月08日verified
40XXX.XX.X.XXXXxxxxx2018年05月08日verified
41XXX.XX.X.XXXXxxxxx2018年05月08日verified
42XXX.XX.X.XXXXxxxxx2018年05月08日verified
43XXX.XX.X.XXXXxxxxx2018年05月08日verified
44XXX.XX.X.XXXXxxxxx2018年05月08日verified
45XXX.XX.XX.XXxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxx2018年05月08日verified
46XXX.XX.XXX.XXxxxxx2018年05月08日verified
47XXX.XX.XX.XXXxxxxx2018年05月08日verified
48XXX.XX.XX.XXXXxxxxx2018年05月08日verified
49XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx2018年05月08日verified
50XXX.XX.XX.XXXXxxxxx2018年05月08日verified
51XXX.XXX.X.XXXXxxxxx2018年05月08日verified
52XXX.XXX.XX.XXXXxxxxx2018年05月08日verified
53XXX.XXX.XXX.XXXxxxxx2018年05月08日verified
54XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
55XXX.XX.XX.XXXXxxxxx2018年05月08日verified
56XXX.XX.XX.XXXXxxxxx2018年05月08日verified
57XXX.XX.XX.XXXXxxxxx2018年05月08日verified
58XXX.XX.XX.XXXXxxxxx2018年05月08日verified
59XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
60XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
61XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
62XXX.XX.XX.XXXxxxxx2018年05月08日verified
63XXX.XX.XX.XXXXxxxxx2018年05月08日verified
64XXX.XXX.XX.XXxxxxx2018年05月08日verified
65XXX.XXX.XXX.XXXxxxxx2018年05月08日verified
66XXX.XXX.XXX.XXXXxxxxx2018年05月08日verified
67XXX.XXX.XX.XXXXxxxxx2018年05月08日verified
68XXX.XXX.XXX.XXXXxxxxx2018年05月08日verified
69XXX.XXX.XXX.XXxxxxxxx.xxx.xxxxx-xxx.xx.xxXxxxxx2018年05月08日verified
70XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
71XXX.XX.XX.XXXXxxxxx2018年05月08日verified
72XXX.XX.XXX.XXXxxxxx2018年05月08日verified
73XXX.XXX.XX.XXXXxxxxx2018年05月08日verified
74XXX.XX.XXX.XXXxxxxx2018年05月08日verified
75XXX.XXX.XXX.XXXxxxxx2018年05月08日verified
76XXX.X.XXX.XXxxxxxxxxxxxx.xxxxxxx.xxxXxxxxx2018年05月08日verified
77XXX.XXX.X.XXXxxx-xxx-xxx-x-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2018年05月08日verified
78XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2018年05月08日verified
79XXX.XXX.XXX.XXXxxxxxxx.xxxxxxx-xx.xxxXxxxxx2022年03月27日verified
80XXX.XXX.XXX.XXXxxx-xxx-xxxxx.xx.xxxxxx.xx.xxXxxxxx2018年05月08日verified
81XXX.XXX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxx2018年05月08日verified
82XXX.XXX.XX.XXxxx-xxx-xx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx2018年05月08日verified
83XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xxxxxxxxxx.xxxxxxxxxxxx.xxxxxx.xxxXxxxxx2018年05月08日verified
84XXX.XXX.XXX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx2018年05月08日verified
85XXX.XXX.XXX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx2018年05月08日verified
86XXX.XXX.XXX.XXXxxxxx2018年05月08日verified
87XXX.XXX.XXX.XXXXxxxxx2018年05月08日verified
88XXX.XXX.XXX.XXXXxxxxx2018年05月08日verified
89XXX.XXX.XXX.XXXXxxxxx2018年05月08日verified
90XXX.XXX.XXX.XXXXxxxxx2018年05月08日verified
91XXX.XXX.XXX.XXXXxxxxx2018年05月08日verified
92XXX.XX.XX.XXXxxxxx2018年05月08日verified
93XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxxx2021年03月10日verified
94XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx2018年05月08日verified
95XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxx2018年05月08日verified
96XXX.XXX.XX.XXXxxxxx2018年05月08日verified
97XXX.XXX.XX.XXXXxxxxx2018年05月08日verified
98XXX.XXX.XXX.XXxxxxx2018年05月08日verified
99XXX.XXX.X.XXxxxxx.xxxx.xxXxxxxx2018年05月08日verified
100XXX.XXX.XXX.XXXXxxxxx2018年05月08日verified
101XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
102XXX.XX.XXX.XXXxxxxx2018年05月08日verified
103XXX.XX.XXX.XXXxxxxx2018年05月08日verified
104XXX.XX.XXX.XXXxxxxx2018年05月08日verified
105XXX.XX.XXX.XXXxxxxx2018年05月08日verified
106XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
107XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
108XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
109XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
110XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xxxx.xxxxxxxxxxxx.xxxXxxxxx2018年05月08日verified
111XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xxxx.xxxxxxxxxxxx.xxxXxxxxx2018年05月08日verified
112XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xxxx.xxxxxxxxxxxx.xxxXxxxxx2018年05月08日verified
113XXX.XX.XXX.XXxxxxx2018年05月08日verified
114XXX.XX.XXX.XXXXxxxxx2018年05月08日verified
115XXX.XXX.XXX.XXXxxxxx2018年05月08日verified
116XXX.XXX.XX.XXXXxxxxx2018年05月08日verified
117XXX.XX.XXX.XXxxxx.xxxxxx.xxxXxxxxx2018年05月08日verified
118XXX.XX.XXX.XXxxxx.xxxxxx.xxxXxxxxx2018年05月08日verified
119XXX.XX.XX.XXxx.xx.xx.xxx.xx-xxxx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxx2018年05月08日verified
120XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxxxx.xxxxxxx.xxx.xxXxxxxx2018年05月08日verified
121XXX.XXX.XXX.XXXXxxxxx2018年05月08日verified
122XXX.XXX.XXX.XXXXxxxxx2018年05月08日verified
123XXX.XXX.XXX.XXXxxxx.xx.xxxxx.xx.xxXxxxxx2018年05月08日verified
124XXX.XXX.XXX.XXXxxxx.xx.xxxxx.xx.xxXxxxxx2018年05月08日verified
125XXX.XXX.XXX.XXXxxxxxxxx.xxxxx.xxxXxxxxx2018年05月08日verified
126XXX.XXX.XXX.XXXxxxx.xxx.xx.xxXxxxxx2018年05月08日verified
127XXX.XXX.XXX.XXXxxxxxx.xxxxxx.xxXxxxxx2018年05月08日verified
128XXX.XXX.XXX.XXXxxx.xxxxxx.xx.xxxxxxx.xxx.xx.xxXxxxxx2018年05月08日verified
129XXX.XXX.XX.XXXxxx.xxx.xx.xxXxxxxx2018年05月08日verified
130XXX.XXX.XX.XXXxxxx.xxxxx.xxxXxxxxx2018年05月08日verified
131XXX.XXX.XX.XXXxxxxx.xx.xxx.xxxxXxxxxx2018年05月08日verified
132XXX.XXX.XX.XXxxxxxx.xxxxxx.xxXxxxxx2018年05月08日verified
133XXX.XXX.XX.XXxxxx.xx.xxxxx.xxxxXxxxxx2018年05月08日verified
134XXX.X.XXX.XXXXxxxxx2018年05月08日verified
135XXX.XXX.XXX.XXxxxxxxxxxxxx.xxxxxxx.xxxXxxxxx2018年05月08日verified
136XXX.XX.XXX.XXXxxxxx2018年05月08日verified
137XXX.XX.XX.XXXxxxxx2018年05月08日verified
138XXX.XXX.XX.XXXxxxxx2018年05月08日verified
139XXX.XXX.XX.XXXXxxxxx2018年05月08日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
16TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (87)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cdsms/classes/Master.php?f=delete_enrollmentpredictive
2File/mifs/c/i/reg/reg.htmlpredictive
3File/server-infopredictive
4File/system/dept/editpredictive
5File/wp-json/oembed/1.0/embed?urlpredictive
6Filea2billing/customer/iridium_threed.phppredictive
7Fileadmin.php?s=/Channel/add.htmlpredictive
8Fileadmin/class-bulk-editor-list-table.phppredictive
9Fileadministrator/components/com_media/helpers/media.phppredictive
10Fileauth.asppredictive
11Filexxxx/xxxxxxxxxxxx.xxxpredictive
12Filexxx-xxx/xxxxxxpredictive
13Filexxxxxxxxxx/xxx_xxxxx/xxxxxx/xxxxxxxxxxxx.xxxpredictive
14Filexxxx/xxxxxxxxxxxxx/xxxxxxx.xxxpredictive
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
16Filexxxx_xxxxx.xxxpredictive
17Filexxxxxx.xxxpredictive
18Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictive
19Filexxxxxxxxxxx/xxxx-xxxxxx-xxxxxx.xxxpredictive
20Filexxx/xxxxx/xxxxxxxxxx/xxxxx.xxxxpredictive
21Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictive
22Filexxxxx_xxxxxxxx.xxxpredictive
23Filexxxx/xxxxxxxxxx.xxxpredictive
24Filexxxxx.xxxpredictive
25Filexxxxxxx.xxxpredictive
26Filexxxxxxxxx/xxxxxxx.xxx.xxxpredictive
27Filexxx.xpredictive
28Filexxxxxxx.xxxpredictive
29Filexxx_xxxx.xxxpredictive
30Filexxxxx/xxxxx.xxxpredictive
31Filexxxxxxx/xxxx.xxxpredictive
32Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
33Filexxxxxxx/xxxxx/xxxx-xxx/xxxxxx.xpredictive
34Filexxxxx.xxxpredictive
35Filexxxxxx.xxxpredictive
36Filexxxx.xxxxpredictive
37Filexxxxxxxxx.xpredictive
38Filexxxxxxxx/xxxxxxxxpredictive
39Filexxxxx.xxxpredictive
40Filexxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxxpredictive
41Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictive
42Filexxxxxxx.xxxpredictive
43Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
44Filexx-xxxxx/xxxxxx-xxxx.xxxpredictive
45Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
46Libraryxxx/xxxx/xxxxxx.xxxxx.xxxpredictive
47Libraryxxx/xxx.xxxpredictive
48Argumentxxxxxx_xxxxpredictive
49Argumentxxxxxxxpredictive
50Argumentxxxxxxxpredictive
51Argumentxxxxxxx-xxxxxxpredictive
52Argumentxxxxxxx_xxpredictive
53Argumentxxxxxxxxxxxxxxxpredictive
54Argumentxxxxxxpredictive
55Argumentxxxxpredictive
56Argumentxxxxxxxpredictive
57Argumentxxxxpredictive
58Argumentxxpredictive
59Argumentxxxxxxxxxpredictive
60Argumentxx_xxxxpredictive
61Argumentx/xx/xxxpredictive
62Argumentxxxxxxxxxxpredictive
63Argumentxxxxpredictive
64Argumentxxxx/xxxxxxxpredictive
65Argumentxxxxxxxxxxxxxxxxxxxxxxxpredictive
66Argumentxxxxxpredictive
67Argumentxxxxxx_xxxxpredictive
68Argumentxxxxxxxxxxxxxpredictive
69Argumentxxxxxxxx_xxxxxxxpredictive
70Argumentxxxxxxpredictive
71Argumentxxxxpredictive
72Argumentxxxxxx/xxxxxpredictive
73Argumentxxxxxxxx[]predictive
74Argumentxxxxxxxx[xxxx]predictive
75Argumentxxxpredictive
76Argumentxxx_xxxx[x][]predictive
77Argumentxxxxxxxx/xxxpredictive
78Argumentxxpredictive
79Argumentxxxxxxxxxxxxxpredictive
80Argumentxxxxxxxx-xxxxxxxxpredictive
81Argumentxxxpredictive
82Argumentxxxxxxxxpredictive
83Argumentxxxxxxxxxxxxxpredictive
84Input Value-xpredictive
85Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictive
86Input Value…/.predictive
87Network Portxxx xxxxxx xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!