Lorec53 解析

IOB - Indicator of Behavior (122)

タイムライン

言語

en112
es4
de2
fr2
pl2

国・地域

us58
ru14
es4
fr2

アクター

アクティビティ

関心

タイムライン

タイプ

ベンダー

製品

PHP6
phpMyAdmin4
phpLinkat4
LibreNMS4
WordPress4

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1phpLinkat showcat.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.020.00102CVE-2008-3406
2SourceCodester Customer Relationship Management login.php SQLインジェクション6.35.7$0-$5k計算中Proof-of-ConceptNot Defined0.000.00645CVE-2021-43130
3moziloCMS download.php ディレクトリトラバーサル5.34.8$0-$5k計算中Proof-of-ConceptUnavailable0.020.01578CVE-2008-3589
4Sam Crew MyBlog games.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00609CVE-2007-1990
5spip Login spip_login.php3 特権昇格7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.040.05054CVE-2006-1702
6Linksys WVC11B main.cgi クロスサイトスクリプティング4.34.3$0-$5k計算中Not DefinedNot Defined0.040.01569CVE-2004-2508
7Jelsoft impex ImpExData.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.04317CVE-2006-1382
8PHP php URL error_log 特権昇格6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.00069CVE-2006-3011
9Cisco Linksys EA2700 URL 情報の漏洩4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.080.00000
10MidiCart PHP Shopping Cart item_show.php SQLインジェクション6.36.0$0-$5k計算中Proof-of-ConceptNot Defined0.050.00000
11PHP URL Validation filter_var 特権昇格5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00560CVE-2020-7071
12Spidersales viewCart.asp SQLインジェクション9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00219CVE-2004-0348
13PHP Scripts Mall PHP Multivendor Ecommerce sellerupd.php クロスサイトスクリプティング5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00075CVE-2017-17956
14Cartweaver ColdFusion Details.cfm SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.030.00882CVE-2006-2046
15rakibtg Docker Dashboard API terminal.js 特権昇格7.67.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.86246CVE-2021-27886
16Ecommerce Online Store Kit shop.php SQLインジェクション9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300
17D-Link DIR-655 C ping_response.cgi クロスサイトスクリプティング5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00086CVE-2019-13562
18Adobe ColdFusion searchlog.cfm クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.32712CVE-2009-1872
19Prima Systems FlexAir 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00235CVE-2019-7668
20Cisco ASA WebVPN Login Page logon.html クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00192CVE-2014-2120

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Phishing Georgian Government

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.12.5.62sarimp.websiteLorec532022年02月20日verified
2XX.XXX.XXX.XXXxxxxxxXxxxxxxx Xxxxxxxx Xxxxxxxxxx2022年02月20日verified
3XXX.XXX.XX.XXXXxxxxxx2022年02月20日verified
4XXX.XXX.XXX.XXXXxxxxxx2023年04月13日verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/+CSCOE+/logon.htmlpredictive
2File/admin/login.phppredictive
3File/includes/rrdtool.inc.phppredictive
4File/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.phppredictive
5File/www/ping_response.cgipredictive
6Fileadmin.phppredictive
7Fileadmin/dashboard.phppredictive
8Fileadmin/gallery.phppredictive
9Fileadmin/manage-departments.phppredictive
10Fileadmin/sellerupd.phppredictive
11Fileadmin/vqmods.app/vqmods.inc.phppredictive
12Fileadministrator/logviewer/searchlog.cfmpredictive
13Filebackend/utilities/terminal.jspredictive
14Filebb_usage_stats.phppredictive
15Fileboard.phppredictive
16Filecat.phppredictive
17Filecategory.phppredictive
18Filexxx-xxxx.xxxpredictive
19Filexxx-xxx/xxxxxxxxxxxx.xxxpredictive
20Filexxxxxx.xxx.xxxpredictive
21Filexxxxxxxx/xxxxx.xxxpredictive
22Filexxxxxxxxx.xxx.xxxpredictive
23Filexxxxxx.xxxpredictive
24Filexxxxxxx.xxxpredictive
25Filexxxxxxx.xxxpredictive
26Filexxxxxxxx.xxxpredictive
27Filexxxxx.xxxpredictive
28Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictive
29Filexxxxxxx.xxxpredictive
30Filexxxxx.xxxpredictive
31Filexxxxxxx.xxxpredictive
32Filexxxx_xxxxxxx.xxx.xxxpredictive
33Filexxxx/xxxxx/xxxxxxx.xxx.xxxpredictive
34Filexxxxxxxxx.xxxpredictive
35Filexxx.xxxpredictive
36Filexxxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictive
37Filexxxxxxxx/xxxxxxxx.xxx.xxxpredictive
38Filexxxxx.xxxpredictive
39Filexxxxxx.xxxpredictive
40Filexxxx.xxxxpredictive
41Filexxxxxxxxxx.xxxpredictive
42Filexxxx_xxxxxxx.xxxxpredictive
43Filexxxx_xxxx.xxxpredictive
44Filexxxx.xxxpredictive
45Filexxxxx.xxxpredictive
46Filexxxxx.xxxpredictive
47Filexxxxx_xx.xxxxpredictive
48Filexxxx.xxxpredictive
49Filexxxx.xxxpredictive
50Filexxxxxx.xxxpredictive
51Filexxxxxxx/xxxxxxxx/xxxxx.xxxpredictive
52Filexxx_xxxx.xxx.xxxpredictive
53Filexxxxx.xxxpredictive
54Filexxxx/xxxxx.xxxpredictive
55Filexxxxxxx.xxxpredictive
56Filexxxxxxxxxx.xxx.xxxpredictive
57Filexxxx/xxxxxxxxx.xxxpredictive
58Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictive
59Filexxxxxxxx.xxxpredictive
60Filexxxx.xxxpredictive
61Filexxxxxxxx.xxxpredictive
62Filexxxx-xxx.xxxpredictive
63Filexxxxxxx.xxxpredictive
64Filexxxxxxxxxxx.xxxpredictive
65Filexxxxxxxxx/xxxxxxxx.xxxpredictive
66Filexxxx_xxxxx.xxxxpredictive
67Filexxxx.xxxpredictive
68Filexxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
69Filexxxxxxxx.xxxpredictive
70Filexxxxxxxxx.xxxpredictive
71Filexxxxxxx.xxxpredictive
72Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictive
73Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictive
74Filexx-xxxxx.xxxpredictive
75Filexxxxxxxxxxxx.xxxpredictive
76Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictive
77Argument$_xxxxxpredictive
78Argument$_xxxx['xxxxxxxxx']predictive
79Argument$_xxxxxx['xxxxxx_xxxx']predictive
80Argumentxxxxxxxpredictive
81Argumentxxxx_xxxpredictive
82Argumentxx_xxxx_xxxxpredictive
83Argumentxxxpredictive
84Argumentxxxxxxxxxxpredictive
85Argumentxxxxxpredictive
86Argumentxxxxxpredictive
87Argumentxxx_xxpredictive
88Argumentxxx[xxxxxx][xxxxxxxxx]predictive
89Argumentxxxpredictive
90Argumentxxxx_xxpredictive
91Argumentxxxxxxxpredictive
92Argumentxxxxxxxxxxxpredictive
93Argumentxxxx_xxxpredictive
94Argumentxxxxxx_xxpredictive
95Argumentxxxxpredictive
96Argumentxxxxxxpredictive
97Argumentxxxxxxpredictive
98Argumentxxxxxxx[xx_xxx_xxxx]predictive
99Argumentxxxxpredictive
100Argumentxxpredictive
101Argumentxx_xxxxpredictive
102Argumentxxxxxxpredictive
103Argumentxxxxxxpredictive
104Argumentxxxxpredictive
105Argumentxxxxxxxxxpredictive
106Argumentxxxxxxpredictive
107Argumentxxx_xxxxxxx_xxxpredictive
108Argumentxxxx[xxxxx]predictive
109Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
110Argumentxxxx_xxxxpredictive
111Argumentxxxxxxxxpredictive
112Argumentxxxxx_xxxx_xxxxpredictive
113Argumentxxxx_xxpredictive
114Argumentxx_xxxxpredictive
115Argumentxxxxxxpredictive
116Argumentxxxxxxpredictive
117Argumentxxxxxpredictive
118Argumentxxxxpredictive
119Argumentxxxxxxxxpredictive
120Argumentxxxxxpredictive
121Argumentxxxxxxxxpredictive
122Argumentxxxxxxxxxxpredictive
123Argumentxxxxxpredictive
124Argumentxxxxxxpredictive
125Argumentxxxxxxxxpredictive
126Argument\xxxxxx\predictive
127Input Value../predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!