KingMiner 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (320)

言語

en	204
de	108
pl	4
es	4

国・地域

us	300
es	4

アクター

KingMiner	2
PLEASE_READ_ME_VVV	1
IRCflu and Interplanetary Storm	1
BianLian	1
Nanocore RAT	1

関心

タイプ

Not Defined	20
Forum Software	18
Content Management System	8
Operating System	8
Ticket Tracking Software	4

ベンダー

Not Defined	32
Microsoft	6
Apple	4
AOL	2
MGB	2

製品

jforum	4
Apple Mac OS X Server	4
AOL Instant Messenger	2
MGB OpenSource Guestbook	2
YaBB	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	2.14	0.00943	CVE-2010-0966
3	TikiWiki tiki-register.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	10.00	0.01009	CVE-2006-6168
4	FreeBSD FPU x87 Register 情報の漏洩	4.0	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00000
5	Russcom Network Loginphp register.php クロスサイトスクリプティング	4.3	4.1	$0-$5k	計算中	Proof-of-Concept	Unavailable	0.04	0.00677	CVE-2006-2160
6	Jelsoft vBulletin register.php サービス拒否	7.3	7.3	$0-$5k	計算中	Not Defined	Not Defined	0.00	0.01562	CVE-2006-4272
7	CONTROLzx HMS register_domain.php クロスサイトスクリプティング	3.5	3.3	$0-$5k	計算中	Proof-of-Concept	Not Defined	0.00	0.00000
8	Ultimate PHP Board register.php 未知の脆弱性	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00317	CVE-2006-3206
9	SloughFlash SF-Users register.php クロスサイトスクリプティング	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00587	CVE-2006-2167
10	Linux Kernel FXSAVE x87 Register 弱い暗号化	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.05	0.00101	CVE-2006-1056
11	X7 Group X7 Chat register.php クロスサイトスクリプティング	4.3	3.9	$0-$5k	計算中	Proof-of-Concept	Official Fix	0.02	0.00615	CVE-2006-2282
12	Kailash Nadh boastMachine Admin Interface register.php クロスサイトスクリプティング	4.3	3.8	$0-$5k	計算中	Proof-of-Concept	Unavailable	0.02	0.00807	CVE-2006-3826
13	GeoClassifieds Enterprise register.php クロスサイトスクリプティング	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00000
14	PhotoPost PHP register.php 特権昇格	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00000
15	Tritanium Bulletin Board register.php クロスサイトスクリプティング	4.3	4.1	$0-$5k	計算中	Proof-of-Concept	Not Defined	0.03	0.00677	CVE-2006-1815
16	Free File Hosting register.php 特権昇格	5.3	5.3	$0-$5k	計算中	Not Defined	Not Defined	0.02	0.00000
17	Wired Community Software WWWThreads register.php SQLインジェクション	6.5	6.2	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.02	0.00471	CVE-2006-1958
18	aWebBB register.php クロスサイトスクリプティング	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.02676	CVE-2006-1612
19	TheWebForum register.php クロスサイトスクリプティング	4.3	4.2	$0-$5k	計算中	High	Unavailable	0.00	0.58849	CVE-2006-0134
20	Jadu Limited Jadu CMS register.php クロスサイトスクリプティング	5.4	5.1	$0-$5k	計算中	Proof-of-Concept	Not Defined	0.02	0.00677	CVE-2006-2305

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	95.179.131.54	95.179.131.54.vultr.com	KingMiner	2021年05月31日	verified	中
2	107.154.161.209	107.154.161.209.ip.incapdns.net	KingMiner	2021年05月31日	verified	高
3	XXX.XXX.XX.XXX		Xxxxxxxxx	2021年05月31日	verified	高
4	XXX.XX.XX.XXX		Xxxxxxxxx	2021年05月31日	verified	高
5	XXX.XXX.XXX.XXX		Xxxxxxxxx	2021年05月31日	verified	高
6	XXX.XXX.XXX.XXX		Xxxxxxxxx	2021年05月31日	verified	高
7	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxx.xxx	Xxxxxxxxx	2021年05月31日	verified	中

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CWE-22, CWE-23	Path Traversal	predictive	高
2	T1059	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
10	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/admin/config/uploadicon.php	predictive	高
2	File	/api/addusers	predictive	高
3	File	/inquiries/view_inquiry.php	predictive	高
4	File	/uncpath/	predictive	中
5	File	apply.cgi	predictive	中
6	File	booking.php	predictive	中
7	File	browse-category.php	predictive	高
8	File	data/gbconfiguration.dat	predictive	高
9	File	editprofile.php	predictive	高
10	File	xxxxx.xxx	predictive	中
11	File	xxxxxxxxxxxx.xxx	predictive	高
12	File	xxxx.xxx	predictive	中
13	File	xxx/xxxxxx.xxx	predictive	高
14	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	高
15	File	xxxxx.xxx	predictive	中
16	File	xxxxx.xxx	predictive	中
17	File	xxxxx.xxx	predictive	中
18	File	xxxxxxx.xxx	predictive	中
19	File	xxxx_xxxxxxx.xxx	predictive	高
20	File	xxxxx_xxx.xxx	predictive	高
21	File	xxxxxxxx.xxxx	predictive	高
22	File	xxxxxxxx.xxx	predictive	中
23	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	高
24	File	xxxxxxxx_xxxxxx.xxx	predictive	高
25	File	xxxxxxx/xxxxxxxx.xxx	predictive	高
26	File	xxxxx.xxx	predictive	中
27	File	xxxx-xxxxxxxx.xxx	predictive	高
28	File	xxxxx_xxxxxx.xxx	predictive	高
29	File	xxxx.xx	predictive	低
30	Argument	xx_xxxx_xxxx	predictive	中
31	Argument	xxxxxxxxx	predictive	中
32	Argument	xxxxxx	predictive	低
33	Argument	xxxxxxxx	predictive	中
34	Argument	xxx	predictive	低
35	Argument	x[xxxxx]	predictive	中
36	Argument	xxxxxxxx	predictive	中
37	Argument	xxxxxxx=xxxxxxxx	predictive	高
38	Argument	xxxx	predictive	低
39	Argument	xxxxxxxx	predictive	中
40	Argument	xxxxxxxxxx	predictive	中
41	Argument	xx	predictive	低
42	Argument	xxxxxxx_xxxx	predictive	中
43	Argument	xxxxxxxx	predictive	中
44	Argument	xxxxx	predictive	低
45	Argument	xxxx_xxxxx	predictive	中
46	Argument	xxxxxxx_xxx	predictive	中
47	Argument	xx_xxxx	predictive	低
48	Argument	xxxxxx	predictive	低
49	Argument	xxx	predictive	低
50	Argument	xxx	predictive	低
51	Argument	xxxxxx	predictive	低
52	Argument	xxxxxxx	predictive	低
53	Argument	xxxxx	predictive	低
54	Argument	xxxxx	predictive	低
55	Argument	xxxxxxxx	predictive	中
56	Argument	xxx	predictive	低
57	Pattern	\|xx\|	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!