Brata 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

言語

en	48
it	4
de	4
zh	2

国・地域

us	54
ch	2
ru	2

アクター

Bumblebee	2
Brata	2
BumbleBee	2
BRATA	1
Basbanke	1

関心

タイプ

Not Defined	14
Operating System	4
Firewall Software	2
Content Management System	2
Application Server Software	2

ベンダー

Not Defined	8
Cisco	2
Lanner	2
DZCP	2
Zoho ManageEngine	2

製品

Cisco ASA	2
Mattermost	2
Lanner IAC-AST2500A	2
DZCP deV!L`z Clanportal	2
Zoho ManageEngine ADSelfService Plus	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.50	CVE-2010-0966
3	Microsoft Windows Domain Name Service Privilege Escalation	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.02058	0.00	CVE-2023-28223
4	Apple Mac OS X Server Wiki Server SQLインジェクション	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00339	1.19	CVE-2015-5911
5	Pligg cloud.php SQLインジェクション	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.26
6	Tiki TikiWiki tiki-editpage.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01194	0.03	CVE-2004-1386
7	dayrui FineCMS Linkage.php クロスサイトスクリプティング	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00067	0.00	CVE-2018-7476
8	PharStreamWrapper Protection Mechanism ディレクトリトラバーサル	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02748	0.03	CVE-2019-11831
9	jQuery Property extend Pollution クロスサイトスクリプティング	6.6	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03535	0.10	CVE-2019-11358
10	Ivanti Endpoint Manager Mobile 弱い認証	9.9	9.7	$0-$5k	$0-$5k	High	Official Fix	0.96584	0.00	CVE-2023-35078
11	Hitachi Vantara Pentaho Business Analytics Server Data Lineage 弱い暗号化	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00145	0.00	CVE-2021-45447
12	SAP NetWeaver/ABAP Platform Route saprouttab 特権昇格	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00576	0.04	CVE-2022-27668
13	Oracle Solaris Utility Local Privilege Escalation	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.05	CVE-2023-21985
14	TikiWiki tiki-register.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.39	CVE-2006-6168
15	Francisco Burzi PHP-Nuke File case.filemanager.php 特権昇格	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00575	0.00	CVE-2001-0854
16	Mattermost API Endpoint サービス拒否	4.2	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.03	CVE-2022-4045
17	libdwarf ELF File サービス拒否	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00272	0.00	CVE-2015-8750
18	Lanner IAC-AST2500A spx_restservice KillDupUsr_func メモリ破損	9.9	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00239	0.03	CVE-2021-26728
19	Spiffy Calendar Plugin Event 特権昇格	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00068	0.00	CVE-2022-29434
20	Armada Design Master Index search.cgi ディレクトリトラバーサル	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02236	0.00	CVE-2000-0924

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	51.83.225.224		Brata	2022年08月04日	verified	高
2	XX.XX.XXX.XXX		Xxxxx	2022年08月04日	verified	高
3	XXX.XX.XXX.XXX		Xxxxx	2022年10月07日	verified	高
4	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxx	2022年08月14日	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	高
3	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	高
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	add_comment.php	predictive	高
2	File	case.filemanager.php	predictive	高
3	File	cloud.php	predictive	中
4	File	xxxxxxxxxxx/xxxxx/xxxxxxx.xxx	predictive	高
5	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
6	File	xxx/xxxxxx.xxx	predictive	高
7	File	xxxxxxxxxx	predictive	中
8	File	xxxxxx.xxx	predictive	中
9	File	xxxxxx.xxx	predictive	中
10	File	xxxx-xxxxxxxx.xxx	predictive	高
11	File	xxxx-xxxxxxxx.xxx	predictive	高
12	File	xxxxxxxxx.xxx	predictive	高
13	File	xxxxxx.xxx	predictive	中
14	Argument	$xxx_xxxx	predictive	中
15	Argument	--xxx	predictive	低
16	Argument	xxxxxxxx	predictive	中
17	Argument	xxxxxxxx	predictive	中
18	Argument	xxxxxxxxxx	predictive	中
19	Argument	xxx_xx	predictive	低
20	Argument	xx	predictive	低
21	Argument	xx/xxx	predictive	低
22	Input Value	xxxxx.xxx	predictive	中

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

https://bazaar.abuse.ch/sample/400cdf9d2ba1c5b5ffb511f840c9e174dbd35de2ddf58bd33392901a6c0f20ce/

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!