BEAR 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (87)

タイムライン

言語

en80
de4
ru2
fr2

国・地域

ee36
us26
ua8
ru6
nl4

アクター

BEAR2
RedLine Stealer2
BlackEnergy1
TA5051
WebCobra1

アクティビティ

関心

タイムライン

タイプ

Not Defined34
Content Management System6
WordPress Plugin4
Operating System4
Web Server4

ベンダー

Not Defined28
Microsoft6
APC4
IBM4
GNU4

製品

GNU wget4
eSST Monitoring2
BoZoN2
PostgreSQL2
raspap-webgui2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Huawei SmartCare Dashboard Stored クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2017-15312
3Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.17CVE-2017-0055
4IBM Security AppScan Enterprise Enterprise Source Database 弱い暗号化9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.000820.00CVE-2013-3989
5raspap-webgui activate_ovpncfg.php 特権昇格8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.899660.00CVE-2022-39986
6PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.02CVE-2022-24663
7Forumer / IPB Board Show Topic index.php SQLインジェクション7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
8WordPress Metadata 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015780.00CVE-2018-20148
9Add Link to Facebook Plugin profile.php クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000570.03CVE-2018-5214
10SeedProd Website Builder Plugin seedprod_lite_new_lpage 特権昇格7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000570.00CVE-2024-1072
11Patreon Plugin 未知の脆弱性5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2023-41129
12Database Administrator Plugin SQLインジェクション4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.005300.02CVE-2023-3211
13Telegram Web クロスサイトスクリプティング4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000750.04CVE-2022-43363
14User Post Gallery Plugin 特権昇格8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.042520.00CVE-2022-4060
15eSST Monitoring 特権昇格7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2023-41631
16Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.001330.04CVE-2023-36434
17Boa Web Server HEAD Method 特権昇格6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.001120.02CVE-2022-45956
18GitLab Privilege Escalation5.15.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001180.04CVE-2021-22263
19ThinkPHP 特権昇格7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2022-44289
20Microsoft Lync Server/Skype for Business Server 未知の脆弱性6.55.9$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.000740.02CVE-2021-24073

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.149.248.67mx1-mail.comBEAR2020年12月23日verified
25.149.248.193BEAR2020年12月23日verified
3X.XXX.XXX.XXXXxxx2020年12月23日verified
4X.XXX.XXX.XXXxxxxx.xxxxxxxxxxxxxxxx.xxxxXxxx2020年12月23日verified
5XX.XXX.XX.XXxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxx2020年12月23日verified
6XXX.XXX.XX.XXXXxxx2020年12月23日verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
3T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/ajax/openvpn/activate_ovpncfg.phppredictive
2File/cgi-bin/wlogin.cgipredictive
3File/index.phppredictive
4File/uncpath/predictive
5Filexxx_xxxxxxx.xxxpredictive
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
7Filexxxxxxxx.xxxpredictive
8Filexxxxxx.xxxxpredictive
9Filexxxxxx.xxxpredictive
10Filexxxxx.xxxpredictive
11Filexxxxxxx.xxxpredictive
12Filexxxxx-xxxxxxx.xxxpredictive
13Filexxxxxxxx.xxpredictive
14Filexxxxx.xxxxxxx.xxpredictive
15Filexxxxxxxxx/xxxxx/xxxxxx.xxxxpredictive
16Filexx-xxxxx/xxxxxxx.xxxpredictive
17Libraryxxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxx.xxxpredictive
18Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictive
19Argument-xpredictive
20Argumentxx/xxpredictive
21Argumentxxxxx_xxxxxxxx/xxxxx_xxxxxxxxpredictive
22Argumentxxxxx_xxxxxxxx_xxpredictive
23Argumentxxxxxpredictive
24Argumentxxx_xxpredictive
25Argumentxxpredictive
26Argumentxxxxxpredictive
27Argumentxxxxxxxxxpredictive
28Argumentx[]predictive
29Argumentxxx_xxpredictive
30Argumentxxxxx_xxxpredictive
31Argumentxxxxpredictive
32Argumentxxxxxxxx/xxxxpredictive
33Argument_xxxxpredictive
34Input Valuexxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!