Eternity 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (310)

タイムライン

言語

en254
ru14
ja12
de10
es6

国・地域

ru86
cn22
us20
es2
nl2

アクター

Lilith3
RedLine Stealer3
Sliver2
CredStealer1
TeamTNT1

アクティビティ

関心

タイムライン

タイプ

Not Defined138
Operating System26
WordPress Plugin22
Content Management System12
E-Commerce Management Software10

ベンダー

Not Defined100
Apple12
SourceCodester10
Google8
Dahua6

製品

Apple macOS10
Linux Kernel6
Dahua DHI-HCVR7216A-S34
Google Chrome4
4Site CMS4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.13CVE-2010-0966
2MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013020.84CVE-2007-0354
3Atlassian Bitbucket Server and Data Center Environment Variable 特権昇格7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.610940.02CVE-2022-43781
4Atlassian Bitbucket Data Center/Bitbucket Server Privilege Escalation8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.05CVE-2023-22513
5Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash 特権昇格6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.04CVE-2017-6342
6Cyr to Lat Plugin SQLインジェクション6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.03CVE-2022-4290
7nophp index.php 特権昇格7.47.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.03CVE-2023-28854
8SourceCodester Simple Task Allocation System manage_user.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001320.04CVE-2023-1791
9SourceCodester Young Entrepreneur E-Negosyo System login.php SQLインジェクション7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.001350.04CVE-2023-1737
10Lighthouse Development Squirrelcart cart_content.php 特権昇格6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.027310.00CVE-2006-2483
11Jelsoft impex ImpExData.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.043170.04CVE-2006-1382
12phpBG forum.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.222280.04CVE-2007-4636
13Linux Foundation Xen EFLAGS Register SYSENTER 特権昇格6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
14PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.04CVE-2015-4134
15HPE Onboard Administrator Reflected クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.02CVE-2020-7132
16xwikisas macro-pdfviewer PDF Viewer Macro 情報の漏洩6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-30263
17Moises Heberle WooCommerce Bookings Calendar Plugin クロスサイトスクリプティング5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
18Foxit PDF Reader AcroForm メモリ破損6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-30354
19Tenda AC10 SetStaticRouteCfg fromSetRouteStatic メモリ破損8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-2581
20MediaTek MT8798 Lk メモリ破損6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-20022

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • LilithBot

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.9.148.203EternityLilithBot2022年10月09日verified
2XX.XX.XXX.XXXxxxxxxxXxxxxxxxx2022年10月09日verified
3XX.XXX.XX.XXXXxxxxxxxXxxxxxxxx2022年10月09日verified
4XXX.X.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxXxxxxxxxx2022年10月09日verified

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22, CWE-425Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
20TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (173)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin.php/admin/art/data.htmlpredictive
2File/ajax.php?action=read_msgpredictive
3File/debug/pprofpredictive
4File/desktop_app/file.ajax.php?action=uploadfilepredictive
5File/envpredictive
6File/forum/away.phppredictive
7File/goform/SetNetControlListpredictive
8File/goform/SetStaticRouteCfgpredictive
9File/librarian/bookdetails.phppredictive
10File/ptipupgrade.cgipredictive
11File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictive
12File/src/chatbotapp/chatWindow.javapredictive
13File/staff/bookdetails.phppredictive
14Fileabout.phppredictive
15Fileadmin.color.phppredictive
16Fileadmin/addons/archive/archive.phppredictive
17Fileadmin/categories_industry.phppredictive
18Fileadmin/class-woo-popup-admin.phppredictive
19Fileadmin/content/postcategorypredictive
20Fileadmincp/auth/secure.phppredictive
21Filexxxxxxxxxxxx/xxxxx/xxxx/predictive
22Filexxxxxxxxx.xxxpredictive
23Filexxxxx.xxxpredictive
24Filexxx_xx_xxx_xxx.xxxpredictive
25Filexxxxxxx/xxxx.xxxpredictive
26Filexxxxxxxx.xxxpredictive
27Filexxxxxxxx.xxxxxxx.xxxpredictive
28Filexxxx_xxxxxxxx.xxxpredictive
29Filexxx.xpredictive
30Filexxxxx.xxxpredictive
31Filexxxx_xxxxxxx.xxxpredictive
32Filexxxxxxxx.xxxpredictive
33Filexxxpredictive
34Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictive
35Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictive
36Filexxxxxxxxx/xx_xxxxx.xxxxx.xxxpredictive
37Filexxxxxx.xxxpredictive
38Filexxxxxxx/xxx/xxx-xx.xpredictive
39Filexxx_xxxx.xpredictive
40Filexxxxx.xxxpredictive
41Filexxx/xxxxx.xxxxxpredictive
42Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictive
43Filexxxxxxxxxxxx_xxxx.xxxpredictive
44Filexxxx.xxxpredictive
45Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
46Filexxxxxx.xxxpredictive
47Filexxxxxxxxx.xxxpredictive
48Filexxx/xxxxxx.xxxpredictive
49Filexxxxxxx/xxxxx.xxx.xxxpredictive
50Filexxxxxxx/xxxxxx.xxxpredictive
51Filexxxxxxxx/xxxx.xxxpredictive
52Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictive
53Filexxxxx.xxxxpredictive
54Filexxxxx.xxxpredictive
55Filexxxxxx/xxxxxx/xxxxx.xxxpredictive
56Filexx_xxxxx.xpredictive
57Filexxxxx_xxxxx.xpredictive
58Filexxxxxx/xxx/xxxxxxxx.xpredictive
59Filexxxxxxxx.xxx.xxxpredictive
60Filexxxxxxxx/xxxx_xxxxxxx/xxxx_xxxx_xxxxx.xxxpredictive
61Filexxxx.xxxpredictive
62Filexxxxx.xxxpredictive
63Filexxxxx.xxxpredictive
64Filexxxxxx_xxxx.xxxpredictive
65Filexxxxxx.xxxpredictive
66Filexxxxxxxx.xxxpredictive
67Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictive
68Filexxx/xxxxxxxxx/xx_xxx_xxxxxx.xpredictive
69Filexxxx_xxxxxx.xxxpredictive
70Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
71Filexxxxxxxxxxx-xxxx.xxpredictive
72Filexxxxxxxxx.xxx.xxxpredictive
73Filexxxxxxxxx/xxxxx.xxxxxpredictive
74Filexxxxxxxxxxxxxx.xxxpredictive
75Filexxxxx/xxxxx.xxxxxpredictive
76Filexxxxxxx.xpredictive
77Filexxxxxxxx.xxxpredictive
78Filexxxxxxxxxxxxx.xxxpredictive
79Filexx_xxxx.xxpredictive
80Filexxxxxx-xxxxxx.xxxpredictive
81Filexxxxxx_xxx_xxxxxx.xxxpredictive
82Filexxxx_xxxxxxxxx.xxxpredictive
83Filexxxxxxxxxxxx.xxxpredictive
84Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
85Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictive
86Filexxxxxxxxx/xxxxxxxx.xxxpredictive
87Filexxx.xpredictive
88Filexxxxxxxxxxxxxxxxpredictive
89Filexxxxxxx_xxxxxxx.xxxpredictive
90Filexxxxxxxxx-xx-xxxxxxxx.xxxpredictive
91Filexxxxxxxxxx.xxxpredictive
92Filexxx-xxxxxxx-xxx.xxpredictive
93Filexxxx-xxxxx.xxxpredictive
94Filexxxxxxxxxxxxxxx.xxxpredictive
95Filexxxxxxx.xpredictive
96Filexxxxxxxxx.xxxpredictive
97Filexxx.xxxpredictive
98Filexx-xxxxx-xxxxxx.xxxpredictive
99Filexx-xxxxxxxxx.xxxpredictive
100File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictive
101Library/xxx/xxx/xxx/x.x/xxxx/xxxxxxxxxx/xxx.xxxpredictive
102Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictive
103Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictive
104Libraryxxxxxxx.xxxpredictive
105Libraryxxxxx.xxxpredictive
106Libraryxxxxxxxxxxxxx.xxx)predictive
107Argumentxxxxxxpredictive
108Argumentxxxxxxxxxxxpredictive
109Argumentxxxpredictive
110Argumentxxxxxxx_xxxxpredictive
111Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
112Argumentxxxxxxpredictive
113Argumentxxxxxxxxpredictive
114Argumentxxxxxxpredictive
115Argumentx:\xxxxxxx\xpredictive
116Argumentxxxxx_xxxxpredictive
117Argumentxxxx_xxx_xxxxpredictive
118Argumentxxx_xxpredictive
119Argumentxxxxxxxxxxpredictive
120Argumentxxxpredictive
121Argumentxxxxx_xxpredictive
122Argumentxxxxxxxxpredictive
123Argumentxxxxxxxxxxxxxxxxxpredictive
124Argumentxxx_xxxpredictive
125Argumentxxxxx_xxxx_xxxxpredictive
126Argumentxxxxpredictive
127Argumentxxxxpredictive
128Argumentxxxx_xxxxxpredictive
129Argumentxxxxxxxxpredictive
130Argumentxxxxxx_xxxpredictive
131Argumentxxxxpredictive
132Argumentxxpredictive
133Argumentxxxxxxxxxpredictive
134Argumentxxx_xxxpredictive
135Argumentxxxxxxxpredictive
136Argumentxxxxxxpredictive
137Argumentxxxxx_xxxpredictive
138Argumentxxxxxxxxpredictive
139Argumentxxxxpredictive
140Argumentxxxxpredictive
141Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
142Argumentxxxxxxxxx_xxxx_xxxxpredictive
143Argumentxxxxxpredictive
144Argumentxxpredictive
145Argumentxxxxxx xxxxxxpredictive
146Argumentxxxx_xxpredictive
147Argumentxxxxpredictive
148Argumentxxxxxxxxxpredictive
149Argumentxxxxx_xxxx_xxxxpredictive
150Argumentxxxxx_xxxxxxx_xxxxpredictive
151Argumentxxxpredictive
152Argumentxxxxxxxxxpredictive
153Argumentxxxxxxxpredictive
154Argumentxxx_xxxxpredictive
155Argumentx_xxxxpredictive
156Argumentxxxxxxxpredictive
157Argumentxxxxxx/xxxxxx_xxxxxxpredictive
158Argumentxxxxxx/xxxxxpredictive
159Argumentxxxpredictive
160Argumentxxxxxpredictive
161Argumentxxx_xxxxxxxxxxxxpredictive
162Argumentxxxxxxxxxxpredictive
163Argumentxx_xxpredictive
164Argumentxxxxxxxxxxxpredictive
165Argumentxxpredictive
166Argumentxxxpredictive
167Argumentxxxxxxpredictive
168Argumentxxxxxxxxpredictive
169Argumentx_xxxxxxxxpredictive
170Argumentx-xxxxxxxxx-xxxxpredictive
171Argument\xxx\predictive
172Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
173Input Value//xxx//xxxxxxx.xxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!