Emissary Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (8)

Sprache

zh	6
en	2

Land

cn	6

Akteure

Emissary	2

Interesse

Typ

Content Management System	2
Web Browser	2
Access Management Software	2

Hersteller

Not Defined	2
Microsoft	2
NetIQ	2

Produkt

WordPress	2
Microsoft Edge	2
NetIQ Access Manager	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	WordPress WP_Query class-wp-query.php SQL Injection	8.5	8.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00318	CVE-2017-5611
2	qtranslate-x Plugin Cross Site Request Forgery	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00202	CVE-2015-9431
3	NetIQ Access Manager iManager Admin Console Credentials Information Disclosure	7.5	7.2	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00568	CVE-2016-5757
4	Microsoft Edge Pufferüberlauf	6.0	5.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.06316	CVE-2018-8301
5	PHP erweiterte Rechte	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00683	CVE-2012-0057
6	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192

Kampagnen (1)

These are the campaigns that can be associated with the actor:

Emissary

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	101.55.33.92		Lotus Blossom	Emissary	17.12.2020	verifiziert	High
2	101.55.33.95		Lotus Blossom	Emissary	17.12.2020	verifiziert	High
3	101.55.121.79		Lotus Blossom	Emissary	17.12.2020	verifiziert	High
4	XXX.XXX.XX.XXX		Xxxxx Xxxxxxx	Xxxxxxxx	17.12.2020	verifiziert	High
5	XXX.XXX.XXX.XXX		Xxxxx Xxxxxxx	Xxxxxxxx	17.12.2020	verifiziert	High
6	XXX.X.XXX.XXX		Xxxxx Xxxxxxx	Xxxxxxxx	17.12.2020	verifiziert	High
7	XXX.X.XXX.XXX		Xxxxx Xxxxxxx	Xxxxxxxx	17.12.2020	verifiziert	High
8	XXX.XXX.XXX.X	xxxxxx.xxx.xxxx.xxx.xx	Xxxxxxxx		23.12.2020	verifiziert	High
9	XXX.XXX.XX.XX	xxxxxx.xxx.xxx.xx	Xxxxx Xxxxxxx	Xxxxxxxx	17.12.2020	verifiziert	High
10	XXX.XX.XXX.XX		Xxxxx Xxxxxxx	Xxxxxxxx	17.12.2020	verifiziert	High
11	XXX.XX.XXX.XX	xxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxxx		23.12.2020	verifiziert	High
12	XXX.XXX.XX.XXX	xxxxxxxxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxxx	Xxxxxxxx	17.12.2020	verifiziert	High
13	XXX.XXX.XX.XXX	xxxxxxxxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxxx		29.08.2021	verifiziert	High
14	XXX.XXX.XXX.XX		Xxxxx Xxxxxxx	Xxxxxxxx	17.12.2020	verifiziert	High
15	XXX.XXX.XXX.XX		Xxxxx Xxxxxxx	Xxxxxxxx	17.12.2020	verifiziert	High

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1068	CWE-264	Execution with Unnecessary Privileges	prädiktiv	High
2	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
3	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	data/gbconfiguration.dat	prädiktiv	High
2	File	xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-x	prädiktiv	High
3	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	prädiktiv	High
4	Argument	xxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxx	prädiktiv	High

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!