Zardoor 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

タイムライン

言語

en32
it4
fr2
ru2

国・地域

us30
ru4
ir2
it2
cn2

アクター

Zardoor6
Gamaredon2
Chafer1
Rhadamanthys1
AsyncRAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined20
Router Operating System4
Content Management System4
Anti-Malware Software2
Firewall Software2

ベンダー

Not Defined10
Huawei4
DZCP4
FireEye2
Cisco2

製品

Huawei B593-u124
Huawei B593-s224
DZCP deV!L`z Clanportal4
FireEye Malware Analysis System2
Cisco IOS XE2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.02CVE-2007-1192
2Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kHighOfficial Fix0.873280.03CVE-2023-20198
3amauric tarteaucitron.js クロスサイトスクリプティング4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2023-3620
4MikroTik RouterOS RSC File export 特権昇格6.76.6$0-$5k$0-$5kNot DefinedWorkaround0.001520.02CVE-2021-27221
5Roundcube SVG Document rcube_washtml.php クロスサイトスクリプティング5.35.2$0-$5k$0-$5kHighOfficial Fix0.006800.05CVE-2023-5631
6PHPizabi index.php ディレクトリトラバーサル6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.03CVE-2008-3723
7SAP Business One SMB Shared Folder 特権昇格8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2023-31403
8Check Point Harmony Endpoint/ZoneAlarm Extreme Security 特権昇格6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2023-28134
9OTRS OpenSSL SSL_get_verify_result 弱い認証7.27.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.02CVE-2023-5422
10FireEye Malware Analysis System PCAP File send_pcap_file SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.000000.00
11SolarWinds Orion SQLインジェクション6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.012930.00CVE-2021-35234
12TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010756.67CVE-2006-6168
13Marvell 88W8688 Parrot Faurecia Automotive FC6050W メモリ破損8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.003650.04CVE-2019-13582
14PHPOutsourcing IdeaBox include.php 特権昇格7.36.4$0-$5k$0-$5kUnprovenUnavailable0.174100.04CVE-2008-5199
15Media-products Eros Webkatalog start.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.001190.00CVE-2010-0964
16Open Design Alliance Drawings SDK DGN File メモリ破損5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000800.00CVE-2021-32952
17Apple iOS Racoon Configuration File Format String9.88.8$100k 以上$5k-$25kProof-of-ConceptOfficial Fix0.011300.00CVE-2012-0646
18Microsoft Exchange Server Privilege Escalation9.58.2$25k-$100k$0-$5kUnprovenOfficial Fix0.002540.00CVE-2021-26427
19Server LDAP Server 特権昇格5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.006840.00CVE-2019-3824
20hostapd/wpa_supplicant EAP-pwd eap_server_pwd.c サービス拒否4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.016080.00CVE-2019-11555

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
170.34.194.18570.34.194.185.vultrusercontent.comZardoor2024年02月09日verified
270.34.195.22170.34.195.221.vultrusercontent.comZardoor2024年02月09日verified
370.34.208.19770.34.208.197.vultrusercontent.comZardoor2024年02月09日verified
4XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024年02月09日verified
5XXX.XXX.XX.XXXxxxxxx2024年02月09日verified
6XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024年02月09日verified
7XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024年02月09日verified
8XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024年02月09日verified
9XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024年02月09日verified
10XXX.XX.XXX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxx2024年02月09日verified
11XXX.XX.X.XXXxxx.xx.x.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024年02月09日verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/exportpredictive
2File/forum/away.phppredictive
3File/inc/HTTPClient.phppredictive
4Fileadd_comment.phppredictive
5Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
6Filexxx_xxxxxx/xxx_xxxxxx_xxx.xpredictive
7Filexxxxxxxx/xxxxxxxxxpredictive
8Filexxx/xxxxxx.xxxpredictive
9Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
10Filexxxxxxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
13Filexxxxxxxx_xxxx.xxxpredictive
14Filexxxx_xxxx_xxxxpredictive
15Filexxxxx.xxxpredictive
16Filexxxx-xxxxxxxx.xxxpredictive
17Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictive
18Argumentxxxxxxxxpredictive
19Argumentxx_xxpredictive
20Argumentxxxxpredictive
21Argumentxxxxxxxxpredictive
22Argumentxxpredictive
23Argumentxxxxxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!