Curious Gorge 解析

IOB - Indicator of Behavior (131)

タイムライン

言語

en70
zh52
ru4
es2
fr2

国・地域

cn90
us20
ca10
ru8
pl4

アクター

アクティビティ

関心

タイムライン

タイプ

ベンダー

製品

Microsoft Windows6
PHPMailer4
Synacor Zimbra Collaboration4
Apache Tomcat4
PHP-Nuke2

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1Ignite Realtime Openfire Administration Console 弱い認証7.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.97384CVE-2023-32315
2Apple Mac OS X TCP Timestamp 情報の漏洩5.35.1$5k-$25k計算中Not DefinedOfficial Fix0.050.00342CVE-2003-0882
3Plesk Obsidian Reflected クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00151CVE-2020-11583
4OpenVPN Access Server Web Portal 弱い暗号化5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00151CVE-2022-33738
5Essential Addons for Elementor Plugin 特権昇格8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.020.03267CVE-2023-32243
6Matomo safemode.twig Path 情報の漏洩4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00058CVE-2019-12215
7Atlassian JIRA Server/Data Center QueryComponent!Default.jspa 情報の漏洩5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00628CVE-2020-14179
8Microsoft Windows Cloud Files Mini Filter Driver Local Privilege Escalation7.87.4$25k-$100k$5k-$25kFunctionalOfficial Fix0.040.00043CVE-2023-36036
9Freemius SDK Plugin fs_request_get クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00000CVE-2023-33999
10ZFile 1 特権昇格7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00252CVE-2022-40050
11Hytec Inter HWL-2511-SS Command Line Interface 特権昇格9.39.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00108CVE-2022-36554
12Cortex Alertmanager Config 特権昇格5.45.3$0-$5k計算中Not DefinedOfficial Fix0.030.00082CVE-2022-23536
13Jitsi Meet 弱い認証8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.080.00196CVE-2020-11878
14Fortinet FortiOS CLI Command ディレクトリトラバーサル6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.080.06752CVE-2022-41328
15Weaver E-Office File Upload utility_all.php 特権昇格7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00064CVE-2023-2647
16Rocket.Chat 2FA 弱い認証7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00091CVE-2023-28316
17SourceCodester Lost and Found Information System 特権昇格7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00067CVE-2023-2670
18SourceCodester Online Computer and Laptop Store Master.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00077CVE-2023-2661
19SourceCodester AC Repair and Services System SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00077CVE-2023-2656
20Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit クロスサイトスクリプティング3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00073CVE-2018-25085

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/supervisor/PwdGrp.cgipredictive
2File/classes/Master.phppredictive
3File/classes/Master.php?f=delete_servicepredictive
4File/etc/postfix/sender_loginpredictive
5File/file/upload/1predictive
6File/filemanager/ajax_calls.phppredictive
7File/Items/*/RemoteImages/Downloadpredictive
8File/restapi/v1/certificates/FFM-SSLInspectpredictive
9File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxpredictive
10File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictive
11File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictive
12Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
13Filexxxxxxx.xxxpredictive
14Filexxxxxxxxx.xxxpredictive
15Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictive
16Filexxxx_xxxxx.xxxpredictive
17Filexxxxxxx.xxxpredictive
18Filexxxxxxx.xxxxpredictive
19Filexxxxxx.xxxpredictive
20Filexxx-xxx/xxxxx_xxx_xxxpredictive
21Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictive
22Filexxxxxxx.xxxpredictive
23Filexxxxxxxxx.xxx.xxxpredictive
24Filexx_xxx_xx.xpredictive
25Filexxxxx.xxxpredictive
26Filexxxxxxx.xxxpredictive
27Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictive
28Filexxxxx.xpredictive
29Filexxxxxxxx.xxxpredictive
30Filexxxxxx.xpredictive
31Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictive
32Filexxxxxxxxx.xxxpredictive
33Filexxxxxxxx.xxxpredictive
34Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
35Filexxxxxx.xxxpredictive
36Filexxxxxxxxxxxxx.xxxxpredictive
37Filexxx_xxxxx.xxxpredictive
38Filexxxx.xxxpredictive
39Filexxxxxx-xxxxxx.xxpredictive
40Filexxxxxxxx/predictive
41Libraryxxx.xxxpredictive
42Argumentxxx_xxpredictive
43Argumentxxx_xxxxpredictive
44Argumentxxxxpredictive
45Argumentxxxxxxxxpredictive
46Argumentxxxxxxpredictive
47Argumentxxxxxxxxpredictive
48Argumentxxpredictive
49Argumentxxxxxxxpredictive
50Argumentxxxxxxxxpredictive
51Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictive
52Argumentxxxxpredictive
53Argumentxxxxpredictive
54Argumentxxxxxxxxpredictive
55Argumentxxxxxxxxxxxxxpredictive
56Argumentxxx xxxpredictive
57Argumentxxpredictive
58Argumentxxxx_xxxxxpredictive
59Argumentxxxpredictive
60Argumentxxxxxxxxxxxxpredictive
61Argumentxxxxxx[]predictive
62Argumentxxxxpredictive
63Input Value\xxx\xxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!