Winter Vivern 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (148)

タイムライン

言語

en104
de8
ru8
ar6
ja6

国・地域

us50
il12
ru10
de6
ar6

アクター

Winter Vivern8
Mirai5
RedLine Stealer5
Cobalt Strike4
Rhadamanthys3

アクティビティ

関心

タイムライン

タイプ

Not Defined58
Operating System16
Smartphone Operating System8
WordPress Plugin6
Content Management System6

ベンダー

Not Defined46
Microsoft14
Tenda4
Google4
Linux4

製品

Microsoft Windows12
Google Android4
Linux Kernel4
Looknet FineShop4
Samsung Smart Phone4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Vmware Workspace ONE Access/Identity Manager Template 特権昇格9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974600.00CVE-2022-22954
2nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.60CVE-2020-12440
3binutils Table elf.c _bfd_elf_slurp_version_tables メモリ破損5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.00CVE-2023-1972
4Looknet FineShop index.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.005870.00CVE-2006-3235
5woocommerce-gutenberg-products-block SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.097680.00CVE-2021-32789
6Microsoft Windows 特権昇格5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000830.02CVE-2019-1074
7BTCPay Server Payment Button Privilege Escalation6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001660.02CVE-2021-29249
8BTCPay Server POS Add Products クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.02CVE-2021-29250
9MikroTik RouterOS SMB メモリ破損8.58.4$0-$5k$0-$5kHighOfficial Fix0.880650.00CVE-2018-7445
10cPanel cpsrvd クロスサイトスクリプティング5.04.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003450.03CVE-2023-29489
11Next.js _error.js Redirect5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.05CVE-2021-37699
12OpenBSD OpenSSH PKCS 11 特権昇格7.47.1$5k-$25k$5k-$25kProof-of-ConceptOfficial Fix0.029990.08CVE-2023-38408
13Aquifer CMS index.asp クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004140.00CVE-2006-0122
14Netsweeper index.php 弱い認証7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.077880.00CVE-2014-9611
15Basti2web Book Panel books.php SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.05CVE-2009-4889
16SourceCodester Online Clothing Store offer.php クロスサイトスクリプティング4.84.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.002200.00CVE-2020-28139
17Apache HTTP Server mod_proxy 特権昇格7.47.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.007390.08CVE-2023-25690
18Citrix NetScaler ADC/NetScaler Gateway 特権昇格9.89.6$25k-$100k$5k-$25kHighOfficial Fix0.911860.07CVE-2023-3519
19FluentForm Plugin SQLインジェクション4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.000760.02CVE-2023-24410
20wkhtmltopdf HTML File ディレクトリトラバーサル5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.004800.04CVE-2020-21365

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-5631

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
137.252.5.133Winter Vivern2022年03月22日verified
237.252.9.123gw.r-service.infoWinter Vivern2022年03月22日verified
338.180.76.31Winter VivernCVE-2023-56312023年10月29日verified
4XX.XXX.XXX.XXXXxxxxx Xxxxxx2024年03月20日verified
5XX.XX.XXX.XXXXxxxxx Xxxxxx2024年03月20日verified
6XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxx.xxXxxxxx Xxxxxx2023年04月05日verified
7XXX.XX.XX.XXXxxxxx Xxxxxx2023年04月05日verified
8XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxx.xxxXxxxxx Xxxxxx2023年04月05日verified
9XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxx.xxxXxxxxx Xxxxxx2023年04月05日verified
10XXX.XXX.XXX.XXXxxxxx Xxxxxx2022年03月22日verified
11XXX.XX.XXX.XXXxxxxx Xxxxxx2023年04月05日verified

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
14TXXXXCAPEC-464CWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx Xxxxxpredictive
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/scripts/pi-hole/phpqueryads.phppredictive
2File/etc/gsissh/sshd_configpredictive
3File/goform/WifiBasicSetpredictive
4File/login/index.phppredictive
5File/out.phppredictive
6File/spip.phppredictive
7File/web/IndexController.javapredictive
8File/youthappam/editcategory.phppredictive
9Fileadmin.php3predictive
10Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictive
11Filexxxxx/xxx/xxxxxxxxxxxxpredictive
12Filexxx/xxxxxxx.xpredictive
13Filexxxxxxxxxxxx.xxxpredictive
14Filexxx/xxx.xpredictive
15Filexxxxxx.xpredictive
16Filexxxxx.xxxpredictive
17Filexxxxxxx/xxxxx.xxx?x=xxxx_xxxxxpredictive
18Filexxxxxx.xxxpredictive
19Filexxxxxxxx.xpredictive
20Filexxxxxxxx/xxxx_xxxxxxxx.xxxpredictive
21Filexxxxxxxxxxxxxx.xxxpredictive
22Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictive
23Filexxxxx.xxxpredictive
24Filexxxxx.xxx?xxxxxx=xxxxxxxxx_xxxxxxxxx/xxxxxpredictive
25Filexxxxxxxxx.xpredictive
26Filexxxxxxxx.xxxpredictive
27Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictive
28Filexxxx/xxxxx/xxxxxxx/xxxxxxxx.xxpredictive
29Filexxxxxxx/xxxxx.xxxx.xxxpredictive
30Filexxxxx.xxxpredictive
31Filexxxxx/_xxxxx.xxpredictive
32Filexxxxxx/xxxxx.xxxpredictive
33Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxxxxxxxxxxxxxxxxxxx.xxxpredictive
34Filex/xxxxx.xxxpredictive
35Filexxxxxx-xxxxxx.xxxpredictive
36Filexxxx-xxxxxxxx.xxxpredictive
37Filexxxxxx.xxxpredictive
38Filexxxx/xxxxxx.xxxxpredictive
39Filexxxxx/xxxxx.xxx?xxxxxx=xxxxxpredictive
40Filexx/xxxxx/xxxxxxxx/xxxxxxxxxx-xxxx?xxxxxxxxx_xxxxxxxxx_xxxxxx[][xxxxxxxx]predictive
41Filexxxxxxxx/xxxxx/xxxxx.xxxpredictive
42Filexxxx.xxpredictive
43Argument$x_xxxxxx[xxxxxxxx]predictive
44Argumentxxxxxxpredictive
45Argumentxxxxxxpredictive
46Argumentxxxxxpredictive
47Argumentxxxxxxxxxxxxxxxpredictive
48Argumentxxxxxxxxpredictive
49Argumentxxxxxxxxx/xx/xxxxxxxxpredictive
50Argumentx_xxxpredictive
51Argumentxxpredictive
52Argumentxxpredictive
53Argumentxx/xxxxxpredictive
54Argumentxx_xxxxxpredictive
55Argumentxxxxxxxpredictive
56Argumentxxxpredictive
57Argumentxxxxx xxxxxxpredictive
58Argumentxxxxpredictive
59Argumentxxxxxxxxpredictive
60Argumentxxxxxxxx_xxxpredictive
61Argumentxxxxxxxx_xxpredictive
62Argumentxxxx/xxxxxx/xxxxxxx/xxxxxxxxxxpredictive
63Argumentxxxxxxx[]predictive
64Argumentxxxxxpredictive
65Argumentxxxxxxxpredictive
66Argumentx-xxxx-xxxxxpredictive
67Input Value.%xx.../.%xx.../predictive
68Input Valuex' xxxxx xxxxx(x) xxx 'xxxx'='xxxxpredictive
69Patternx|xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx|xpredictive
70Network Portxxx/xxxxxpredictive

参考 (6)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!