Agrius 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (375)

タイムライン

言語

en338
fr8
de8
ru6
sv4

国・地域

us168
ru28
ir8
gb4
nl4

アクター

Agrius13
Cobalt Strike2
Candiru1
PhotoLoader1
BazarBackdoor1

アクティビティ

関心

タイムライン

タイプ

Not Defined136
Content Management System20
WordPress Plugin16
Operating System14
Smartphone Operating System8

ベンダー

Not Defined118
Microsoft20
Samsung10
Apple8
Google6

製品

Microsoft Windows10
DZCP deV!L`z Clanportal4
Trend Micro Apex One4
Reolink RLC-410W4
WordPress4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.49CVE-2010-0966
3TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0100910.00CVE-2006-6168
4PHP Outburst Easynews admin.php メモリ破損7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.059210.00CVE-2006-5412
5Microsoft Windows Win32k Local Privilege Escalation7.87.2$25k-$100k$5k-$25kFunctionalOfficial Fix0.000880.00CVE-2021-28310
6I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery Plugin クロスサイトスクリプティング5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-41658
7Popup Maker Plugin Shortcode Attribute クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2022-4362
8Huawei HG8245H URL 情報の漏洩7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001670.06CVE-2017-15328
9Redis dbghelp.dll 特権昇格 [係争状態]7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002060.20CVE-2022-3734
10Apple Mac OS X Server Wiki Server クロスサイトスクリプティング4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.02CVE-2009-2814
11WordPress WP_Query SQLインジェクション6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.935360.00CVE-2022-21661
12Microsoft Exchange Server Remote Code Execution8.37.3$25k-$100k$0-$5kUnprovenOfficial Fix0.010680.00CVE-2021-31198
13YaBB yabb.pl クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012400.03CVE-2004-2402
14Apple M1 Register s3_5_c15_c10_1 M1RACLES 特権昇格8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.03CVE-2021-30747
15Devilz Clanportal SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.08CVE-2006-6339
16Microsoft SharePoint Server Privilege Escalation6.05.3$5k-$25k$0-$5kUnprovenOfficial Fix0.004830.00CVE-2021-31963
17lodash Template 特権昇格4.74.7$0-$5k$0-$5kNot DefinedOfficial Fix0.006060.00CVE-2021-23337
18Spring Cloud Config spring-cloud-config-server ディレクトリトラバーサル6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.971750.01CVE-2020-5410
19Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001710.00CVE-2020-11953
20MyBB Sendthread Page sendthread.php サービス拒否5.34.8$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.00

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Israel

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.2.67.85mail.astrilll.comAgrius2021年06月01日verified
25.2.73.67Agrius2021年06月01日verified
337.59.236.23237.59.236.232.rdns.hasaserver.comAgrius2021年06月01日verified
437.120.238.15Agrius2021年06月01日verified
5XX.XX.XX.Xxxx.xx-xx-xx-xx.xxXxxxxx2021年06月01日verified
6XX.XXX.XX.XXXxxxxx2021年06月01日verified
7XX.XXX.XX.XXXXxxxxxXxxxxx2023年11月09日verified
8XX.XXX.XX.XXXxxxxx2021年06月01日verified
9XX.XXX.XXX.XXXXxxxxxXxxxxx2023年11月09日verified
10XX.XXX.XXX.XXXXxxxxx2021年06月01日verified
11XXX.XXX.XXX.XXXxxx.xxxxxxXxxxxxXxxxxx2023年11月09日verified
12XXX.XXX.XX.XXXxxxxxXxxxxx2023年11月09日verified
13XXX.XXX.XX.XXXxxxxxXxxxxx2023年11月09日verified
14XXX.XXX.XX.XXxxxxxx.xxx-xxxx.xxXxxxxx2021年06月01日verified
15XXX.XXX.XX.XXxxxx.xxxxxxx.xxxXxxxxx2021年06月01日verified
16XXX.XXX.XXX.XXXxxxxx2021年06月01日verified
17XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxx.xxxXxxxxx2021年06月01日verified
18XXX.XX.XX.XXXXxxxxxXxxxxx2023年11月09日verified

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-88, CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
20TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (117)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/maintenance/view_designation.phppredictive
2File/auth/registerpredictive
3File/cgi-bin/kerbynetpredictive
4File/damicms-master/admin.php?s=/Article/doeditpredictive
5File/etc/quaggapredictive
6File/main?cmd=invalid_browserpredictive
7File/opt/IBM/es/lib/libffq.cryptionjni.sopredictive
8File/pdf/InfoOutputDev.ccpredictive
9File/plugins/Dashboard/Controller.phppredictive
10File/signup.phppredictive
11File/storage/app/media/evil.svgpredictive
12File/uncpath/predictive
13File/usr/lpp/mmfs/bin/predictive
14Fileadclick.phppredictive
15Filexxxxx.xxxpredictive
16Filexxxxx.xxxpredictive
17Filexxxxx/xxxxx_xxxxx.xxxpredictive
18Filexxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
19Filexxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxxx.xxxpredictive
20Filexxxxxxxxxxxx/xxxxxxxxx/xxx/xxxxx.xxxpredictive
21Filexxxxxxxxxxxx.xxxpredictive
22Filexxxxxxx/xxxxxx.xpredictive
23Filexxxxxxxxx.xxxpredictive
24Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
25Filexxxxxx/xxx.xpredictive
26Filexxx.xxxxxxx.xxxpredictive
27Filexxxxxxx_xxx.xxxpredictive
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
29Filexxx.xxxpredictive
30Filexxxxxxxxxxxx.xxxpredictive
31Filexxxx-xxxxxxxx-xxxxxx.xxxpredictive
32Filexxxxx.xxxpredictive
33Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictive
34Filexxxxxxxxx.xxxpredictive
35Filexx_xxx_xx.xpredictive
36Filexxx.xxpredictive
37Filexxx/xxxxxx.xxxpredictive
38Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictive
39Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
40Filexxxxx.xxxxpredictive
41Filexxxxx.xxxpredictive
42Filexxxx/xx.xxxpredictive
43Filexxxxxxx.xxxpredictive
44Filexxxxxxxx.xxxpredictive
45Filexx_xxxx.xpredictive
46Filexxxxxx_xxxxxxx.xxxpredictive
47Filexx/xxxxx/xxxxxxx/xxxx.xxpredictive
48Filexxxxxxx.xxxpredictive
49Filexxxxx.xxxpredictive
50Filexxxxxxxx.xxxpredictive
51Filexxxxxxxx_xxxx.xxxpredictive
52Filexxxxxxxxxx.xxxpredictive
53Filexxxx-xxxxxx.xpredictive
54Filexxxxxxxx.xxxpredictive
55Filexxxxxxx:xxxxxxxxxxxxxxxxpredictive
56Filexxxxxxxxx/xxxxxxxxxxpredictive
57Filexxxx-xxxxxxxx.xxxpredictive
58Filexx_xxxx/xx/predictive
59Filexxxxxx.xxxpredictive
60Filexxxx.xxxpredictive
61Filexxxx_xxx.xxxpredictive
62Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
63Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxx-xxxxxx-xxxxxpredictive
64Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictive
65Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
66Filexx-xxxxx.xxxpredictive
67Filexxxxxxx.xpredictive
68Filexxxxxxxpredictive
69Filexxxx.xxpredictive
70Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictive
71Libraryxxxxxxxxxx.xxxpredictive
72Libraryxxxxxx.xxxpredictive
73Libraryxxxxxxxx.xxxpredictive
74Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictive
75Argumentxxxxxxxxxxxxpredictive
76Argumentxxxxxxxxpredictive
77Argumentxxxxxxxx xxxxpredictive
78Argumentxxxxxpredictive
79Argumentxxxxxxxxxxxpredictive
80Argumentxxxpredictive
81Argumentxxxxxxxxxxxxxxxpredictive
82Argumentxxxxxxx_xxxxxx_xxpredictive
83Argumentxxxxxxxxxxxxpredictive
84Argumentxxxxxxpredictive
85Argumentxx_xxxxx_xxpredictive
86Argumentxxxxpredictive
87Argumentxxxxxxxxpredictive
88Argumentxxxxxx_xxxxx_xxxpredictive
89Argumentxxxxxxpredictive
90Argumentxxxx_xxpredictive
91Argumentxxpredictive
92Argumentxxpredictive
93Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictive
94Argumentxxxxpredictive
95Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxpredictive
96Argumentxx_xxxxxpredictive
97Argumentxxpredictive
98Argumentxxxxxxx[xxxxxx_xxxxx]predictive
99Argumentxxxx xxxxxpredictive
100Argumentxxxxxpredictive
101Argumentxxxx_xxxxxpredictive
102Argumentxxxxxxxxxxxxxxxpredictive
103Argumentxxxxxxx_xx_xxxxpredictive
104Argumentxxxpredictive
105Argumentxxxxxxx/xxxx/xxxxxxxxxxxpredictive
106Argumentxxxxpredictive
107Argumentxxxxxxxpredictive
108Argumentxxxxxxxpredictive
109Argumentxxxxxxxxxxxpredictive
110Argumentxxxxxxxxxpredictive
111Argumentxxxxxxxxxpredictive
112Argumentxxxxpredictive
113Argumentxxxxxxxxpredictive
114Argument__xxxxxxxxxpredictive
115Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictive
116Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictive
117Network Portxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!