zgRAT 解析
IOB - Indicator of Behavior (268)
アクティビティ
関心
脆弱性
IOC - Indicator of Compromise (13)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
ID | IPアドレス | Hostname | アクター | キャンペーン | Identified | タイプ | 信頼度 |
---|---|---|---|---|---|---|---|
1 | 45.15.156.186 | zgRAT | 2024年01月13日 | verified | 高 | ||
2 | 45.81.39.182 | zgRAT | 2023年09月28日 | verified | 高 | ||
3 | 45.88.66.118 | zgRAT | 2023年05月05日 | verified | 高 | ||
4 | XX.XXX.XX.XXX | Xxxxx | 2024年01月11日 | verified | 高 | ||
5 | XX.XXX.XX.XXX | Xxxxx | 2024年04月22日 | verified | 高 | ||
6 | XXX.XXX.X.XXX | Xxxxx | 2024年01月08日 | verified | 高 | ||
7 | XXX.XXX.XX.XXX | Xxxxx | 2023年11月12日 | verified | 高 | ||
8 | XXX.XX.XXX.XX | xxxx-xxx.xx.xxx.xx.xxxxxxxx.xxx.xx | Xxxxx | 2023年10月20日 | verified | 高 | |
9 | XXX.XXX.XXX.XX | Xxxxx | 2023年06月27日 | verified | 高 | ||
10 | XXX.XX.XX.XXX | Xxxxx | 2024年01月26日 | verified | 高 | ||
11 | XXX.XXX.XX.XX | Xxxxx | 2024年03月29日 | verified | 高 | ||
12 | XXX.XX.XXX.XXX | xxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx | Xxxxx | 2023年08月23日 | verified | 高 | |
13 | XXX.XXX.XXX.XXX | Xxxxx | 2023年08月23日 | verified | 高 |
TTP - Tactics, Techniques, Procedures (13)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | クラス | 脆弱性 | アクセスベクター | タイプ | 信頼度 |
---|---|---|---|---|---|---|
1 | T1006 | CAPEC-126 | CWE-21, CWE-22 | Path Traversal | predictive | 高 |
2 | T1059 | CAPEC-242 | CWE-94 | Argument Injection | predictive | 高 |
3 | T1059.007 | CAPEC-209 | CWE-79, CWE-80 | Cross Site Scripting | predictive | 高 |
4 | TXXXX | CAPEC-122 | CWE-XXX, CWE-XXX, CWE-XXX | Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx | predictive | 高 |
5 | TXXXX.XXX | CAPEC- | CWE-XXX | Xxx Xx Xxxx-xxxxx Xxxxxxxx | predictive | 高 |
6 | TXXXX | CAPEC-136 | CWE-XX | Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx | predictive | 高 |
7 | TXXXX.XXX | CAPEC-178 | CWE-XXX | Xxxx Xxxxxxxx | predictive | 高 |
8 | TXXXX | CAPEC-108 | CWE-XX | Xxx Xxxxxxxxx | predictive | 高 |
9 | TXXXX | CAPEC-50 | CWE-XXX, CWE-XXX | Xxxxxxxxxxx Xxxxxxxxxx | predictive | 高 |
10 | TXXXX | CAPEC-116 | CWE-XXX | Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx | predictive | 高 |
11 | TXXXX | CAPEC- | CWE-XXX | Xxxxxxxxxxxxx Xxxxxx | predictive | 高 |
12 | TXXXX.XXX | CAPEC-112 | CWE-XXX | Xxx Xxxxxxxxxx Xxxxx | predictive | 高 |
13 | TXXXX.XXX | CAPEC-1 | CWE-XXX | Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx | predictive | 高 |
IOA - Indicator of Attack (239)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | クラス | Indicator | タイプ | 信頼度 |
---|---|---|---|---|
1 | File | /+CSCOE+/logon.html | predictive | 高 |
2 | File | /about.php | predictive | 中 |
3 | File | /admin | predictive | 低 |
4 | File | /admin/?page=user/manage_user&id=3 | predictive | 高 |
5 | File | /admin/admin.php | predictive | 高 |
6 | File | /Admin/createClass.php | predictive | 高 |
7 | File | /admin/edit_product.php | predictive | 高 |
8 | File | /admin/products/manage_product.php | predictive | 高 |
9 | File | /admin/products/view_product.php | predictive | 高 |
10 | File | /config/myfield/test.php | predictive | 高 |
11 | File | /eclime/manufacturers.php | predictive | 高 |
12 | File | /forum/away.php | predictive | 高 |
13 | File | /horde/util/go.php | predictive | 高 |
14 | File | /index.php | predictive | 中 |
15 | File | /index.php?app=main&func=passport&action=login | predictive | 高 |
16 | File | /manage-apartment.php | predictive | 高 |
17 | File | /multi-vendor-shopping-script/product-list.php | predictive | 高 |
18 | File | /Noxen-master/users.php | predictive | 高 |
19 | File | /pages/animals.php | predictive | 高 |
20 | File | /reports/rwservlet | predictive | 高 |
21 | File | /reviewer/system/system/admins/manage/users/user-update.php | predictive | 高 |
22 | File | /Service/ImageStationDataService.asmx | predictive | 高 |
23 | File | /wp-admin/options-general.php | predictive | 高 |
24 | File | /wp-content/plugins/woocommerce/templates/emails/plain/ | predictive | 高 |
25 | File | ad.cgi | predictive | 低 |
26 | File | adclick.php | predictive | 中 |
27 | File | admin.color.php | predictive | 高 |
28 | File | admin.cropcanvas.php | predictive | 高 |
29 | File | admin.joomlaradiov5.php | predictive | 高 |
30 | File | xxxxx.xxx | predictive | 中 |
31 | File | xxxxx/xxxxxx/xxxxxxx/xxxxxxx.xxx | predictive | 高 |
32 | File | xxxxx/xxxxxxxxxxxxxxx.xxx | predictive | 高 |
33 | File | xxxxx/xxxxx-xxxxxxx-xx-xxxxxxxxxxxxxxxxxxxx-xxxxx.xxx | predictive | 高 |
34 | File | xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx | predictive | 高 |
35 | File | xxxxxxxxxxx.xxx | predictive | 高 |
36 | File | xxxxx_xxxxxx.xxx | predictive | 高 |
37 | File | xxxxxxxxxxx.xx | predictive | 高 |
38 | File | xx_xxxxxxxxxx.xxx | predictive | 高 |
39 | File | xxxxxxx.xx | predictive | 中 |
40 | File | xxxxxxxxxxxxx.xxx | predictive | 高 |
41 | File | xxxxxxxxxxxxx.xx | predictive | 高 |
42 | File | xxxxxxx.xxx | predictive | 中 |
43 | File | xxx_xxxxx.xxx | predictive | 高 |
44 | File | xxxxx.xxx | predictive | 中 |
45 | File | xxxxxxxxxxxx/xxxxx/xxxxxxxx/xxxxx.xxx | predictive | 高 |
46 | File | xxxxxx_xxxx.xxx | predictive | 高 |
47 | File | xxxxxxxx.xxx | predictive | 中 |
48 | File | xxx-xxx/xxxxxxx.xx | predictive | 高 |
49 | File | xxxxxxx.xxx.xxx | predictive | 高 |
50 | File | xxxxxxx/xxxxxx.xxx | predictive | 高 |
51 | File | xxxxxxxxxxx.xxx | predictive | 高 |
52 | File | xxxxxxxx_xxxxxxxxxxxxxxxxx.xxx | predictive | 高 |
53 | File | xxxxxx/xxxx.xxx | predictive | 高 |
54 | File | xxxxxx.xxx | predictive | 中 |
55 | File | xxxxxx_xxxxx.xxx | predictive | 高 |
56 | File | xxxxxxxxxx\xxxx.xxx | predictive | 高 |
57 | File | xxxxxxxxx.xxx | predictive | 高 |
58 | File | xxxxxxxxx/xx_xxxxx.xxxxx.xxx | predictive | 高 |
59 | File | xxxxxx.xxx | predictive | 中 |
60 | File | xxxxxx.xxx | predictive | 中 |
61 | File | xxxxxxxx.xxx | predictive | 中 |
62 | File | xxxxxxx/xxx/x_xxxxx.x | predictive | 高 |
63 | File | xxxxxxx.xx | predictive | 中 |
64 | File | xxxxxxxx.xxx | predictive | 中 |
65 | File | xxxxxxxx.xxx | predictive | 中 |
66 | File | xxxxxxx.xxx_ | predictive | 中 |
67 | File | xxxxxxxxxx.xxx | predictive | 高 |
68 | File | xxxxxxxx.xxx | predictive | 中 |
69 | File | xxx/xxxxx.xxx.xxx | predictive | 高 |
70 | File | xxxxxxx.xxx | predictive | 中 |
71 | File | xxxxx.xxx | predictive | 中 |
72 | File | xxxxx.xxx | predictive | 中 |
73 | File | xxxxxxxx.xxx | predictive | 中 |
74 | File | xxxxxx-xxxxxxx.xxx | predictive | 高 |
75 | File | xxxxxx/xxxxxx/xxxxx.xxx | predictive | 高 |
76 | File | xxxxxx/xxxxxx/xxx_x.xxx | predictive | 高 |
77 | File | xxxxx/xxxxx.xxx | predictive | 高 |
78 | File | xxxx_xxxx.xxx | predictive | 高 |
79 | File | xxxx_xxxx.xxx | predictive | 高 |
80 | File | xxxxx.xxx | predictive | 中 |
81 | File | xxxxx.xxx | predictive | 中 |
82 | File | xxxxxxxx.xx | predictive | 中 |
83 | File | xxxxxx.xxx | predictive | 中 |
84 | File | xxxxxxx.xxx | predictive | 中 |
85 | File | xxx_xxxxxxx_xxxxxxxxxx.xxx | predictive | 高 |
86 | File | xxxxxxxx.xxx | predictive | 中 |
87 | File | xxxx_xxxx.xxx | predictive | 高 |
88 | File | xxx-xxxxxxxx.xx | predictive | 高 |
89 | File | xxx_xxxx.xxx | predictive | 中 |
90 | File | xxxxxxxx.xxx | predictive | 中 |
91 | File | xxxxxxxxx.xxx.xxx | predictive | 高 |
92 | File | xxx.xxx | predictive | 低 |
93 | File | xxxxx\xxxxxx_xxxx.xxx | predictive | 高 |
94 | File | xxxxxxx.xxx | predictive | 中 |
95 | File | xxxxx_xxxxxx.xxx | predictive | 高 |
96 | File | xxxxxxxxxxxxxx.xxx | predictive | 高 |
97 | File | xxxxxxxx.xxx | predictive | 中 |
98 | File | xxxxxxx_xxxxxxx.xxx | predictive | 高 |
99 | File | xxxxxxxx.xxx | predictive | 中 |
100 | File | xxxxxxxx.xxx | predictive | 中 |
101 | File | xxxxxxxx_xxxxxx.xxx | predictive | 高 |
102 | File | xxxxxxxxxxxxx.xxx | predictive | 高 |
103 | File | xxxxxxxxxx_xxxxx.xxxxxx | predictive | 高 |
104 | File | xxxx/xxx/xxx_xxxx.x | predictive | 高 |
105 | File | xxxxxxx_xxxxxx_xxxxxxxxxx.xxx | predictive | 高 |
106 | File | xxxxxx-xxxxxxxx.xxx | predictive | 高 |
107 | File | xxxxxx-xxxxxx.xxx | predictive | 高 |
108 | File | xxxxxxx.xxx | predictive | 中 |
109 | File | xxxxxxxxxxxxxxxx.xxx | predictive | 高 |
110 | File | xxxxxxxxxxxxxxx.xxx | predictive | 高 |
111 | File | xxxx_xxxxxxx_xxxxxxxx.xxx | predictive | 高 |
112 | File | xxxxxxxxxxx.xxx | predictive | 高 |
113 | File | xxxx_xxxxxxxx.xxx | predictive | 高 |
114 | File | xxxx_xxxxxxxx.xxx/xxxx_xxxx.xxx | predictive | 高 |
115 | File | xxxx_xxx.xxx | predictive | 中 |
116 | File | xxxxxx.xxx | predictive | 中 |
117 | File | xxxxxx_xxxxxx.xxx | predictive | 高 |
118 | File | xxxxx_xxxxx.xxx | predictive | 高 |
119 | File | xxxxxxxx.xxx | predictive | 中 |
120 | File | xxxxxxxxx/xxxxxxxx.xxx | predictive | 高 |
121 | File | xxxx_xxx_xxxx.xxx | predictive | 高 |
122 | File | xxxxxxx-xxxxxx.xxx | predictive | 高 |
123 | File | xxxx.xxx | predictive | 中 |
124 | File | xxxxxxxxxx.xxx | predictive | 高 |
125 | File | xxxxxx/xxxxx/xxxxx.xxx | predictive | 高 |
126 | File | xxxx_xxxx.xxx | predictive | 高 |
127 | File | xxxx_xxxxxxx.xxx | predictive | 高 |
128 | File | xxx-xxxxx.xxx | predictive | 高 |
129 | File | xxxxxxxxx.xxx | predictive | 高 |
130 | Library | /_xxx_xxx/xxxxx.xxx | predictive | 高 |
131 | Library | xxxxxx[xxxxxx_xxxx | predictive | 高 |
132 | Library | xxxxxxxx-x.x/xxxxxxxx.xxx | predictive | 高 |
133 | Library | xxxxxxxxxx | predictive | 中 |
134 | Argument | $xxxx["xx"] | predictive | 中 |
135 | Argument | $_xxxxxx['xxxxx_xxxxxx'] | predictive | 高 |
136 | Argument | xxxxxxxxxxx | predictive | 中 |
137 | Argument | xxxxxx | predictive | 低 |
138 | Argument | xxxxxxxxx xxxxxx | predictive | 高 |
139 | Argument | xxxxxxxxx | predictive | 中 |
140 | Argument | xxxxxxxx | predictive | 中 |
141 | Argument | xxxx_xxx | predictive | 中 |
142 | Argument | xxxxxxx | predictive | 低 |
143 | Argument | xxxxxx | predictive | 低 |
144 | Argument | xxxxxx_xxxxx | predictive | 中 |
145 | Argument | xxx_xxx | predictive | 低 |
146 | Argument | xxx | predictive | 低 |
147 | Argument | xxxxxxxx/xxxxxx | predictive | 高 |
148 | Argument | xxx_xx | predictive | 低 |
149 | Argument | xxx | predictive | 低 |
150 | Argument | xxxxx_xx | predictive | 中 |
151 | Argument | xxxx_xx | predictive | 低 |
152 | Argument | xxxxxxx | predictive | 低 |
153 | Argument | xxxxxxxxxxxx | predictive | 中 |
154 | Argument | xxxxxx | predictive | 低 |
155 | Argument | xxxxxxxxxx | predictive | 中 |
156 | Argument | xxxxxx[xxxxxx_xxxx] | predictive | 高 |
157 | Argument | xxxxxxx_xx | predictive | 中 |
158 | Argument | xxxxxx_xxxx_xxxxxxxx | predictive | 高 |
159 | Argument | xxxxxxxxxxxx | predictive | 中 |
160 | Argument | xxxxxxxx | predictive | 中 |
161 | Argument | xx | predictive | 低 |
162 | Argument | xxxx | predictive | 低 |
163 | Argument | xxxxxxx | predictive | 低 |
164 | Argument | xxxxx | predictive | 低 |
165 | Argument | xxxxxxxx | predictive | 中 |
166 | Argument | xxxxx | predictive | 低 |
167 | Argument | xxxx | predictive | 低 |
168 | Argument | xxxxxxx | predictive | 低 |
169 | Argument | xxxxxx_xxxxx_xxx | predictive | 高 |
170 | Argument | xxxxx | predictive | 低 |
171 | Argument | xxxxxxxx | predictive | 中 |
172 | Argument | xxxx/xxxx | predictive | 中 |
173 | Argument | xxxx_xxxx_xxxxxxx | predictive | 高 |
174 | Argument | xxxx_xxxxxx_xx | predictive | 高 |
175 | Argument | xx | predictive | 低 |
176 | Argument | xx | predictive | 低 |
177 | Argument | xx | predictive | 低 |
178 | Argument | xxxxxxxxx | predictive | 中 |
179 | Argument | xxx_xxx | predictive | 低 |
180 | Argument | xxxx | predictive | 低 |
181 | Argument | xxxxx | predictive | 低 |
182 | Argument | xxxxxxxxxxxxx_xx | predictive | 高 |
183 | Argument | xxxx | predictive | 低 |
184 | Argument | xxxxxxxxx_xxxxxxxx_xxxx | predictive | 高 |
185 | Argument | xxxxxxxxx_xxxx_xxxx | predictive | 高 |
186 | Argument | xxxx/xxxxxxx | predictive | 中 |
187 | Argument | xxxx_xx | predictive | 低 |
188 | Argument | xxxxx_xxxxxxx | predictive | 高 |
189 | Argument | xxxxx_xxx | predictive | 中 |
190 | Argument | xxxxxxxx | predictive | 中 |
191 | Argument | xxxxxxxxx | predictive | 中 |
192 | Argument | xxxxx_xxxx_xxxx | predictive | 高 |
193 | Argument | xxxxx_xxxxxxx_xxxx | predictive | 高 |
194 | Argument | xxxxxxx_xxx | predictive | 中 |
195 | Argument | xxx | predictive | 低 |
196 | Argument | xxxxx | predictive | 低 |
197 | Argument | xx | predictive | 低 |
198 | Argument | xxxx | predictive | 低 |
199 | Argument | xxxxxx | predictive | 低 |
200 | Argument | xxxxxxx | predictive | 低 |
201 | Argument | xxx | predictive | 低 |
202 | Argument | xxx | predictive | 低 |
203 | Argument | xxxxxxx | predictive | 低 |
204 | Argument | xxxx_xxx | predictive | 中 |
205 | Argument | xxxxxxx_xxxxxx_xxxxx.xxx | predictive | 高 |
206 | Argument | xxxxxx_xxxxxx | predictive | 高 |
207 | Argument | xxxxxx_xxxxxxxx | predictive | 高 |
208 | Argument | xxx_xxxxxx | predictive | 中 |
209 | Argument | xxxx_xxxx | predictive | 中 |
210 | Argument | xxxxxxxxx | predictive | 中 |
211 | Argument | xxx | predictive | 低 |
212 | Argument | xxxxxx | predictive | 低 |
213 | Argument | xxxxxxxxx | predictive | 中 |
214 | Argument | xxxxxx | predictive | 低 |
215 | Argument | xxxxxx | predictive | 低 |
216 | Argument | xxxxxxxx | predictive | 中 |
217 | Argument | xxxxx | predictive | 低 |
218 | Argument | xx_xxxxxxxxxxx | predictive | 高 |
219 | Argument | xxxxxxxxxxx | predictive | 中 |
220 | Argument | xxxxx/xxxx | predictive | 中 |
221 | Argument | xxx | predictive | 低 |
222 | Argument | xxxxxxxx | predictive | 中 |
223 | Argument | xxxxxxxx/xxxxxxxx | predictive | 高 |
224 | Argument | xxxx_xx | predictive | 低 |
225 | Argument | xxxx | predictive | 低 |
226 | Argument | xxxxx | predictive | 低 |
227 | Argument | xxxxx_xxx | predictive | 中 |
228 | Argument | xx-xxxxxx_xxxx | predictive | 高 |
229 | Input Value | "><xxxxxx>xxxxx(/xxx/)</xxxxxx> | predictive | 高 |
230 | Input Value | %xx%xx%xxxxx%xxxxx%xx%xxxxxx.xxx%xx%xxxxxxxxx%xxxxxxxxxxxx%xxxxxxx('xxx')%xx | predictive | 高 |
231 | Input Value | 'xx''=' | predictive | 低 |
232 | Input Value | -x | predictive | 低 |
233 | Input Value | <xxxxxxxx>\x | predictive | 中 |
234 | Input Value | <xxxxxx>xxxxx(x)</xxxxxx> | predictive | 高 |
235 | Input Value | <xxxxxx>xxxxx(xxx)</xxxxxx> | predictive | 高 |
236 | Input Value | x== | predictive | 低 |
237 | Input Value | \xxx../../../../xxx/xxxxxx | predictive | 高 |
238 | Network Port | xxx/xx (xxx xxxxxxxx) | predictive | 高 |
239 | Network Port | xxx xxxxxx xxxx | predictive | 高 |
参考 (5)
The following list contains external sources which discuss the actor and the associated activities:
- https://app.any.run/tasks/2a222e24-d4ac-47fe-9504-c2f8a3ec642b
- xxxxx://xxx.xxx.xxx/xxxxx/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
- xxxxx://xxx.xxx.xxx/xxxxx/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxxx
- xxxxx://xxxxxxxxx.xxxxx.xx
Samples (4)
The following list contains associated samples:
- https://bazaar.abuse.ch/sample/4acddc15352051552d4684fff6d07d18305cf7276d208adf7e2f59c5a70c909a/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxx.xx/xxxxxx-xxxxxxxxxx/xxxxxxxxxxx