WordPress SMTP Exploit 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

言語

en	10
de	8
ru	2
es	2

国・地域

ru	18
es	2

アクター

WordPress SMTP Exploit	4
Baldr	3
RedLine Stealer	2
ProLock	1
Gafgyt_tor	1

関心

タイプ

Not Defined	8
Content Management System	4
Network Encryption Software	2
Smartphone Operating System	2
Application Server Software	2

ベンダー

Not Defined	12
Check Point	2
Apple	2
IBM	2
Fortinet	2

製品

WordPress	4
OpenSSL	2
Check Point Endpoint Security	2
eggblog	2
Apple iOS	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	OpenSSL 64-bit Block Cipher SWEET32 情報の漏洩	6.5	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00528	0.09	CVE-2016-2183
2	Parallels Plesk Script wrapper 特権昇格	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2013-0133
3	Werkzeug URL Redirect	5.8	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00114	0.00	CVE-2020-28724
4	Pallets Werkzeug HTTP Request Parser 特権昇格	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00113	0.05	CVE-2022-29361
5	eggblog 特権昇格	7.3	6.4	$0-$5k	$0-$5k	Unproven	Unavailable	0.03204	0.02	CVE-2007-2978
6	Oracle PeopleSoft Enterprise HRMS Time/Labor 未知の脆弱性	5.4	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2020-14612
7	IBM WebSphere Application Server Response 情報の漏洩	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00173	0.00	CVE-2016-5986
8	IBM Curam Social Program Management Universal Access 特権昇格	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00111	0.02	CVE-2014-4843
9	Apple iOS Lockscreen Lockscreen Bypass メモリ破損	5.3	4.8	$25k-$100k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.00
10	Plone Zope ZMI Search クロスサイトスクリプティング	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00149	0.00	CVE-2016-7147
11	Cisco Email Security Appliance Content Filter 特権昇格	7.5	7.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00276	0.03	CVE-2016-6458
12	Micgr Mic Blog category.php SQLインジェクション	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00140	0.00	CVE-2008-6805
13	ThemeMakers Accio Responsive Parallax One Page Site Template wp_users.dat 情報の漏洩	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00703	0.02	CVE-2015-9485
14	WordPress Plugin Installation uploads 特権昇格	6.7	6.7	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.31598	0.05	CVE-2018-14028
15	WordPress Media Attachment media-upload.php 特権昇格	5.4	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00197	0.00	CVE-2012-6634
16	Fortinet FortiOS Single Sign-On 情報の漏洩	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00463	0.04	CVE-2018-9185
17	Check Point Endpoint Security Password Policy Unlock.exe 特権昇格	5.1	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00063	0.00	CVE-2013-5635
18	Host rsh/rlogin Service 特権昇格	7.3	6.9	$0-$5k	$0-$5k	High	Workaround	0.01500	0.05	CVE-1999-0651
19	PHPOK File Upload 特権昇格	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00201	0.02	CVE-2018-8944

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	1.3.9.1		WordPress SMTP Exploit	2019年03月28日	verified	高
2	3.5.33.11		WordPress SMTP Exploit	2019年03月28日	verified	高
3	XX.XXX.XXX.XXX	xxxxx.xxxxxxxxxxx.xxx	Xxxxxxxxx Xxxx Xxxxxxx	2019年03月28日	verified	高
4	XXX.XXX.XXX.XX	xxxxxxxxxxxx.xxxx.xx	Xxxxxxxxx Xxxx Xxxxxxx	2019年03月28日	verified	高
5	XXX.XXX.XXX.XXX	xxxx.xxxx.xx	Xxxxxxxxx Xxxx Xxxxxxx	2019年03月28日	verified	高
6	XXX.XXX.XXX.XX	xxxx.xxxx.xx	Xxxxxxxxx Xxxx Xxxxxxx	2019年03月28日	verified	高
7	XXX.XXX.XXX.XX	xxxx.xxxx.xx	Xxxxxxxxx Xxxx Xxxxxxx	2019年03月28日	verified	高

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	高
2	T1068	CAPEC-122	CWE-264, CWE-269	Execution with Unnecessary Privileges	predictive	高
3	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
4	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
7	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	高
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
9	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/usr/local/psa/admin/sbin/wrapper	predictive	高
2	File	category.php	predictive	中
3	File	xxxxxx.xxx	predictive	中
4	File	xx-xxxxx/xxxxx-xxxxxx.xxx	predictive	高
5	File	xx-xxxxxxx/xxxxxxx	predictive	高
6	File	xx-xxxxxxx/xxxxxxx/xxx_xx_xxxxxxx/xx_xxxxx.xxx	predictive	高
7	Argument	xxx_xxx:xxxxxx	predictive	高
8	Argument	xxxxxxxxx	predictive	中
9	Argument	xxxx_xx	predictive	低
10	Argument	xxxx	predictive	低
11	Argument	xxxx_xxxxx/xxxx_xxxx/xxxx_xxxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!