Arkei 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (117)

タイムライン

言語

en88
fr18
de6
zh2
es2

国・地域

us32
fr10
de4
nl4
ru4

アクター

Arkei3
RedLine Stealer3
APT331
FAKEUPDATES1
Tofsee1

アクティビティ

関心

タイムライン

タイプ

Not Defined42
Operating System12
WordPress Plugin12
Forum Software6
Web Server4

ベンダー

Not Defined26
Microsoft10
Linux6
SourceCodester4
D-Link4

製品

Microsoft Windows6
Linux Kernel6
Microsoft IIS4
xajax2
phpMyAdmin2

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Array Networks ArrayOS 特権昇格9.39.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00117CVE-2022-42897
3Maarch RM 特権昇格7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00104CVE-2019-15854
4Maarch RM ディレクトリトラバーサル7.87.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00254CVE-2019-15855
5Discuz! admin.php クロスサイトスクリプティング3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00054CVE-2018-19464
6Sansuart Free simple guestbook PHP script act.php 特権昇格7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.290.11308CVE-2008-6934
7Cannot PHP infoBoard 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01049CVE-2008-4334
8IPS IP.Board ipsconnect.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.020.00135CVE-2014-9239
9DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.460.00943CVE-2010-0966
10TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix10.000.01009CVE-2006-6168
11Contact Form with Captcha Plugin クロスサイトスクリプティング5.75.6$0-$5k$0-$5kNot DefinedNot Defined0.050.00043CVE-2023-45771
12Linux Kernel uss720_probe サービス拒否4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00044CVE-2021-47173
13osuuu LightPicture Setup.php 特権昇格4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00045CVE-2024-1921
14Microsoft IIS Frontpage Server Extensions shtml.dll Username 情報の漏洩5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.15958CVE-2000-0114
15Sichuan Yougou Technology KuERP common.php checklogin 弱い認証7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00421CVE-2024-0988
16flink-extended ai-flow workflow_command.py cloudpickle.loads 特権昇格6.66.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00064CVE-2024-0960
17Voovi Social Networking Script perfil.php SQLインジェクション8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.030.00058CVE-2023-6414
18Trellix Enterprise Security Manager API 特権昇格5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00045CVE-2023-6070
19LOYTEC LINX-151/LINX-212 SMTP Client registry.xml 特権昇格5.55.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00113CVE-2023-46386
20BD FACSChorus PCI Express Slot 情報の漏洩2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00044CVE-2023-29063

IOC - Indicator of Compromise (28)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.79.66.145mail.zzz.com.uaArkei2022年05月06日verified
223.3.13.154a23-3-13-154.deploy.static.akamaitechnologies.comArkei2022年05月06日verified
337.252.15.126google.comArkei2022年02月22日verified
472.21.81.240Arkei2022年05月06日verified
574.125.155.202Arkei2022年05月06日verified
674.125.155.216Arkei2022年05月06日verified
7XX.XXX.XXX.XXxxxxxxxxx.xxxxx.xxx.xxXxxxx2022年02月22日verified
8XX.XXX.XXX.XXXxxx.xxxxxx-xxxxx.xxxXxxxx2022年05月06日verified
9XXX.XXX.XX.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxx2022年05月06日verified
10XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxx2022年05月06日verified
11XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxx2022年05月06日verified
12XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxx2022年05月06日verified
13XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxx2022年05月06日verified
14XXX.XXX.X.XXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxx2022年05月06日verified
15XXX.XXX.X.XXXXxxxx2022年05月06日verified
16XXX.XXX.XX.XXXXxxxx2022年05月06日verified
17XXX.XXX.XX.XXxx-xx-xxx.xxxxx.xxxXxxxx2022年05月06日verified
18XXX.XXX.XX.XXxx-xx-xxx.xxxxx.xxxXxxxx2022年05月06日verified
19XXX.XXX.XXX.XXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxx2022年05月06日verified
20XXX.XXX.XXX.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxx2022年05月06日verified
21XXX.XXX.XXX.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxx2022年05月06日verified
22XXX.X.XXX.XXXXxxxx2022年02月22日verified
23XXX.XXX.XX.XXXXxxxx2022年05月06日verified
24XXX.XX.XX.XXxxxxx.xxxxxxx.xxx.xxXxxxx2022年05月06日verified
25XXX.XX.XXX.XXXXxxxx2022年05月06日verified
26XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx2022年05月06日verified
27XXX.XX.XXX.Xxx-xxx.xxxXxxxx2022年05月06日verified
28XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxx2022年05月06日verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/orders/update_status.phppredictive
2File/admin/sys_sql_query.phppredictive
3File/app/controller/Setup.phppredictive
4File/application/index/common.phppredictive
5File/getcfg.phppredictive
6File/paysystem/datatable.phppredictive
7File/settings/accountpredictive
8Fileact.phppredictive
9Fileadmin.phppredictive
10Filexxxxx\xxxxx\xxxxxx_xxxx.xxxpredictive
11Filexxx/xxxxx/xxxxxx-xxxxxx/xxxxxx-xxxx-xxxx.xxxpredictive
12Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictive
13Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
14Filexxxxx.xxxxxxxxxxx.xxxpredictive
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
16Filexxxxxxx/xxxxxxxxxx/xxxx/xxx.xpredictive
17Filexxx/xxxxxx.xxxpredictive
18Filexxxxx.xxxpredictive
19Filexxxxxx.xxxpredictive
20Filexxxxxxxxxx.xxxpredictive
21Filexxxxx.xxxpredictive
22Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictive
23Filexxx/xxxxx/xxx_xxxx.xpredictive
24Filexxxxxxxxx.xxxpredictive
25Filexxxxxx.xxxpredictive
26Filexxxxxxx.xxxpredictive
27Filexxxxxxx_xxxxxx_xxxxxxx.xxxpredictive
28Filexxxxxxx_xxxx.xxxpredictive
29Filexxxx.xxxpredictive
30Filexxxxxxxx.xxxpredictive
31Filexxxx.xxxpredictive
32Filexxxx.xxxpredictive
33Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
34Filexxx/xxx/xxxxxxx/xxxx.xxxpredictive
35Filexxxx-xxxxxxxx.xxxpredictive
36Filexxxxxxxxxx.xxxpredictive
37File\xx_xxxx\xxx\xxxxxxxx\xxxxxxxx_xxxxxxx.xxpredictive
38Library/_xxx_xxx/xxxxx.xxxpredictive
39Libraryxxxxxxxxxxxx_xxx.xxxpredictive
40Argumentxxxxxpredictive
41Argumentxxx_xxxx_xx/xxx_xxxx_xxxxxpredictive
42Argumentxxxxxxxxpredictive
43Argumentxxx_xxpredictive
44Argumentxxxxxx xxxxxxxxpredictive
45Argumentxxxxxxxpredictive
46Argumentxxxpredictive
47Argumentxxxxxxpredictive
48Argumentxxxxxxxxpredictive
49Argumentxxpredictive
50Argumentxx/xxxxpredictive
51Argumentxxxx xxxxxpredictive
52Argumentxxxxxxxpredictive
53Argumentxxxxxxpredictive
54Argumentxxxxpredictive
55Argumentxxxxxxxxxpredictive
56Argumentxxxxxxxx_xxpredictive
57Argumentxxxxxxxxxxxxxxxpredictive
58Argumentxxxxxxpredictive
59Argumentxxxxxxxxpredictive
60Argumentxxxxxxxxpredictive
61Argumentxxxxxxxxpredictive
62Argumentxxxxxpredictive
63Argumentxxxx/xxxxpredictive
64Argumentxxxxxpredictive
65Input Value"><xxx xxx=x xxxxxxx=xxxxx('xxxxxx+xx+xxxx')>predictive
66Input Value::$xxxxx_xxxxxxxxxxpredictive
67Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
68Network Portxxx xxxxxx xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!