Magniber 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (44)

言語

en	34
zh	8
ru	2

国・地域

us	30
cn	6
tr	2
gb	2

アクター

Magniber	5
Space Pirates	1
Qakbot	1
Fareit	1
Arid Viper	1

関心

タイプ

Not Defined	18
Operating System	4
Database Administration Software	2
Database Software	2
Network Encryption Software	2

ベンダー

Not Defined	16
Microsoft	4
Oracle	2
RainLoop	2
Ivanti	2

製品

Microsoft Windows	4
e-Quick Cart	2
phpMyAdmin	2
Oracle Database Server	2
Freeciv	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Apache RocketMQ Broker ディレクトリトラバーサル	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00058	0.04	CVE-2019-17572
3	Pligg cloud.php SQLインジェクション	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.47
4	firefly-iii 特権昇格	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00166	0.00	CVE-2023-1789
5	Nacos Access Control 特権昇格	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00126	0.02	CVE-2020-19676
6	firefly-iii 弱い認証	6.9	6.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00166	0.02	CVE-2023-1788
7	RainLoop Webmail XSS Protection Mechanism クロスサイトスクリプティング	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.00	CVE-2019-13389
8	Freeciv Packet サービス拒否	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01933	0.00	CVE-2012-6083
9	Cisco IOS XE Web-based User Interface 特権昇格	7.2	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.77797	0.00	CVE-2019-12650
10	ThinkPHP 特権昇格	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00177	0.02	CVE-2022-45982
11	F5 BIG-IP Configuration Utility 弱い認証	8.9	8.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.97135	0.02	CVE-2023-46747
12	Ivanti Pulse Connect Secure Push Configuration targets.cgi 情報の漏洩	2.7	2.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00102	0.04	CVE-2021-44720
13	Pulse Secure Pulse Connect Secure Applet tncc.jar 弱い認証	8.2	8.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00184	0.00	CVE-2020-11580
14	Oracle Database Server Remote Code Execution	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.10503	0.00	CVE-2009-1019
15	WordPress Pingback 特権昇格	5.7	5.7	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00120	0.00	CVE-2022-3590
16	KubeOperator System API 特権昇格	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01487	0.02	CVE-2023-22480
17	Umbraco FeedProxy.aspx.cs Page_Load 特権昇格	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00511	0.04	CVE-2015-8813
18	Adobe Connect Server AMF Message 特権昇格	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01436	0.02	CVE-2021-40719
19	WordPress SQLインジェクション	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.00	CVE-2022-21664
20	e-Quick Cart shopprojectlogin.asp SQLインジェクション	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.04

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	45.32.170.38	45.32.170.38.vultrusercontent.com	Magniber	2024年03月18日	verified	高
2	51.68.238.215		Magniber	2024年03月18日	verified	高
3	XX.XXX.XXX.XXX		Xxxxxxxx	2024年03月18日	verified	高
4	XX.XXX.XXX.XX	xxxx.xx-xx-xxx-xxx.xx	Xxxxxxxx	2022年07月28日	verified	高
5	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xx	Xxxxxxxx	2022年07月28日	verified	高
6	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	2022年12月09日	verified	高
7	XXX.XX.XXX.XX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxxxxxx	2024年03月18日	verified	高
8	XXX.XXX.XXX.XX	xxxx.xx-xxx-xxx-xxx.xx	Xxxxxxxx	2022年07月28日	verified	高
9	XXX.XX.XX.XXX	xxxxx.xx-xxx-xx-xx.xx	Xxxxxxxx	2022年07月28日	verified	高
10	XXX.XXX.XXX.XX		Xxxxxxxx	2024年03月18日	verified	高

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1059	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/controller/Index.php	predictive	高
2	File	/menu.html	predictive	中
3	File	xxxxx.xxx	predictive	中
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
5	File	xxxxxxxxxxxxxxxx.xxx	predictive	高
6	File	xxxxxxx.xxx	predictive	中
7	File	xxxx.xxx	predictive	中
8	File	xxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xx	predictive	高
9	Argument	?xxxxxx	predictive	低
10	Argument	xxxxxxxxxx	predictive	中
11	Argument	xxxxxxxxx	predictive	中
12	Argument	xxx	predictive	低

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!