WinRAR Zero-day 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

タイムライン

言語

en58
it6
es6
de2

国・地域

us72

アクター

WinRAR Zero-day3
APT281
Cobalt Strike1
FIN71
Silence1

アクティビティ

関心

タイムライン

タイプ

Not Defined6
Content Management System4
Mail Client Software2
Warehouse Management System Software2
WordPress Plugin2

ベンダー

Not Defined10
DZCP4
Craft2
GNU2
GetSimple2

製品

DZCP deV!L`z Clanportal4
Craft CMS2
GNU Mailman2
Zen Cart2
Plupload2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.88CVE-2010-0966
2DZCP deV!L`z Clanportal browser.php 情報の漏洩5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.51CVE-2007-1167
3Devilz Clanportal index.php SQLインジェクション7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007840.07CVE-2006-3347
4Plupload plupload.flash.swf クロスサイトスクリプティング6.15.9$0-$5k$0-$5kNot DefinedOfficial Fix0.010190.03CVE-2016-4566
5PHP FormMail Generator form.lib.php 特権昇格8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003340.00CVE-2016-9492
6OpenCart password.php 未知の脆弱性6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2018-13067
7Zen Cart record_company.php 弱い認証7.37.3$0-$5k$0-$5kHighNot Defined0.307050.00CVE-2009-2255
8AWStats awstats.pl Path 情報の漏洩5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001830.08CVE-2018-10245
9AWStats awstats.pl ディレクトリトラバーサル5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.004990.09CVE-2020-35176
10University of Washington IMAP Toolkit rsh Command imap4r1.c imap_open 特権昇格6.26.1$0-$5k$0-$5kHighOfficial Fix0.968700.06CVE-2018-19518
11Ubuntu Linux overlayfs 特権昇格8.47.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
12OpenWRT radio0.network1 未知の脆弱性6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.05CVE-2019-17367
13GNU Mailman Alias ディレクトリトラバーサル7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030560.05CVE-2015-2775
14GetSimple CMS index.php Reflected クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002660.00CVE-2017-1000057
15phpPgAds adclick.php 未知の脆弱性5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.93CVE-2005-3791
16YaBB yabb.pl クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012400.04CVE-2004-2402
17Nagios XI Web Interface 特権昇格8.88.6$0-$5k$0-$5kHighOfficial Fix0.411240.00CVE-2019-15949
18Craft CMS Upload File 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.003270.00CVE-2018-3814
19vu Mass Mailer Login Page redir.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.05CVE-2007-6138
20WordPress AdServe adclick.php SQLインジェクション7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.04CVE-2008-0507

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
131.148.220.53WinRAR Zero-day2019年03月27日verified
247.91.56.21WinRAR Zero-day2019年03月27日verified
3XX.XX.XXX.XXXXxxxxx Xxxx-xxx2019年03月27日verified
4XXX.XXX.XXX.XXXxx-xxxxxxxxxx.xxxXxxxxx Xxxx-xxx2019年03月27日verified
5XXX.XX.XX.XXXxxxxxxxxxxxxxxxx.xxxXxxxxx Xxxx-xxx2019年03月27日verified
6XXX.XXX.XXX.XXxxxxxxxxxxxxxx.xxxxxXxxxxx Xxxx-xxx2019年03月27日verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3TXXXXCAPEC-242CWE-XXXxxxxxxx Xxxxxxxxxpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/index.phppredictive
2File/upload/catalog/controller/account/password.phppredictive
3Fileadclick.phppredictive
4Fileadmin/record_company.phppredictive
5Filexxxxxxx.xxpredictive
6Filex-xxxxxx/xxxxxxx.xpredictive
7Filexxx-xxx/xxxxxxx.xxpredictive
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
9Filexxx/xxxxxx.xxxpredictive
10Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxxxxxxx.xxxxx.xxxpredictive
13Filexxxxxxx.xxx?xxx=xxxxxxxxpredictive
14Filexxxxx.xxxpredictive
15Filexxxxxxxx/xxxxxx.xxxxxxxxpredictive
16Filexxxx.xxpredictive
17Libraryxxxx.xxx.xxxpredictive
18Argument-xxxxxxxxxxxxxpredictive
19Argumentxxxxxxxxpredictive
20Argumentxxxxxpredictive
21Argumentxxxxxxpredictive
22Argumentxxxxpredictive
23Argumentxxxxxxxxx/xxxxxxpredictive
24Argumentxxpredictive
25Argumentxxxxxxxxpredictive
26Argumentxxxxxx_xxxxxxx_xxxxxpredictive
27Argumentxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!