LoggerMiner 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

言語

en	26
zh	10
ja	6
es	2
ru	2

国・地域

cn	26
us	8
gb	4
jp	4

アクター

LoggerMiner	3

関心

タイプ

Not Defined	22
Database Software	2
Connectivity Software	2
Web Browser	2
Application Server Software	2

ベンダー

Not Defined	18
Apache	4
HCL	2
DZCP	2
Oracle	2

製品

HCL iNotes	2
DZCP deV!L`z Clanportal	2
Apache Log4j	2
Oracle MySQL Server	2
OpenSSH	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Apache Archiva File Upload Service クロスサイトスクリプティング	5.1	5.1	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00108	0.00	CVE-2023-28158
2	Splunk Enterprise Forwarder Bundle 特権昇格	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00306	0.00	CVE-2022-32158
3	KubeVirt 特権昇格	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00062	0.05	CVE-2022-1798
4	virglrenderer IOCTL メモリ破損	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.00	CVE-2022-0135
5	Dreamer CMS クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00047	0.00	CVE-2023-29774
6	Weblogicnet es_desp.php 特権昇格	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.08879	0.00	CVE-2007-4715
7	PrestaShop SQLインジェクション	8.0	8.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.83896	0.00	CVE-2021-3110
8	Oracle MySQL Server Compiling サービス拒否	7.2	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.04	CVE-2021-22570
9	Microsoft Outlook 弱い認証	9.0	8.6	$5k-$25k	$0-$5k	High	Official Fix	0.92645	0.07	CVE-2023-23397
10	Apache Dubbo Generic Invoke 特権昇格	5.0	5.0	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.01479	0.00	CVE-2023-23638
11	Grafana Authentication Cookies 情報の漏洩	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00101	0.02	CVE-2022-39201
12	Hugo Pandoc Document exec 特権昇格	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00228	0.02	CVE-2020-26284
13	GNU C Library Call Graph Monitor gmon.c __monstartup メモリ破損 [係争状態]	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00121	0.06	CVE-2023-0687
14	nginx 特権昇格	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	1.40	CVE-2020-12440
15	Tecrail Responsive FileManager ajax_calls.php get_file ディレクトリトラバーサル	6.4	5.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04458	0.00	CVE-2018-20792
16	Google Chrome サービス拒否	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00989	0.00	CVE-2011-2796
17	Samsung TizenRT l2_packet_pcap.c l2_packet_receive_timeout サービス拒否	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00270	0.00	CVE-2022-40279
18	Microsoft Internet Explorer FTP Server メモリ破損	6.3	6.3	$25k-$100k	$0-$5k	High	Unavailable	0.96973	0.07	CVE-2009-3023
19	Microsoft Windows Shell Shortcut Parser 特権昇格	10.0	9.5	$25k-$100k	$0-$5k	High	Official Fix	0.97086	0.04	CVE-2010-2568
20	TOTOLINK EX1200T 特権昇格	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02300	0.00	CVE-2021-42872

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	34.92.166.158	158.166.92.34.bc.googleusercontent.com	LoggerMiner	2022年02月03日	verified	中
2	XX.XX.XXX.XX	xx.xx.xxx.xx.xxxxx.xxx	Xxxxxxxxxxx	2022年02月03日	verified	中
3	XXX.XXX.XXX.XX		Xxxxxxxxxxx	2022年02月03日	verified	高
4	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxxx	2022年02月03日	verified	高

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1040	CAPEC-102	CWE-294	Authentication Bypass by Capture-replay	predictive	高
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
5	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
7	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
11	TXXXX	CAPEC-112	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
13	TXXXX.XXX	CAPEC-112	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/see_more_details.php	predictive	高
2	File	ajax_calls.php	predictive	高
3	File	apply.cgi	predictive	中
4	File	xxxxx-xxx.x	predictive	中
5	File	xx_xxxx.xxx	predictive	中
6	File	xxxx.x	predictive	低
7	File	xxx/xxxxxx.xxx	predictive	高
8	File	xx/xxxx	predictive	低
9	File	xxxxxx.xxx	predictive	中
10	File	xxxx-xxxxxx.x	predictive	高
11	File	xxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxx	predictive	高
12	File	xxx_xxxxxxxxxx/xxx/xx_xxxxxx/xx_xxxxxx_xxxx.x	predictive	高
13	Library	xxx.xxx	predictive	低
14	Argument	xxxxxxxx	predictive	中
15	Argument	xxxxx_xxx	predictive	中
16	Argument	xxxx/xx	predictive	低
17	Argument	xx	predictive	低
18	Argument	xx_xxxxxxxx	predictive	中
19	Argument	xxxx	predictive	低
20	Argument	xxxx	predictive	低

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!