Maze 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (164)

タイムライン

言語

en112
zh18
pl12
de12
es6

国・地域

us56
cn28
pl12
ru10
es6

アクター

FIN610
IcedID2
Mirai2
Cobalt Strike2
NjRAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined72
Content Management System18
Router Operating System12
Web Server6
Forum Software6

ベンダー

Not Defined72
MikroTik8
Dasan6
Microsoft4
Joomla4

製品

MikroTik RouterOS8
PHP4
lighttpd4
Joomla CMS4
WordPress4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013021.01CVE-2007-0354
2WordPress WP_Query SQLインジェクション6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.935360.03CVE-2022-21661
3Chipmunk Scripts CMScore index.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002170.02CVE-2005-0368
4ampleShop category.cfm SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.006210.02CVE-2006-2038
5Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
6Dasan GPON Home Router menu.html 弱い認証8.58.4$0-$5k$0-$5kHighWorkaround0.970830.00CVE-2018-10561
7lighttpd mod_evhost/mod_simple_vhost ディレクトリトラバーサル5.34.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.144480.00CVE-2013-2324
8libssh SSH2_MSG_USERAUTH_SUCCESS Message 弱い認証8.58.4$25k-$100k$0-$5kHighOfficial Fix0.142330.00CVE-2018-10933
9libxml2 Entity Expansion parser.c xmlParserHandlePEReference サービス拒否5.34.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.023600.00CVE-2014-0191
10Gin-Vue-Admin Download Module ディレクトリトラバーサル6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001540.09CVE-2022-47762
11pomelo-monitor 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003710.00CVE-2020-7620
12CodeIgniter DB_query_builder.php or_where SQLインジェクション8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001530.04CVE-2022-40824
13CodeIgniter HTTP Request 特権昇格8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001950.02CVE-2022-24711
14Rakuten Viber Secret Chat 情報の漏洩4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2018-3987
15Plesk Obsidian Login Page 特権昇格5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.001740.03CVE-2023-24044
16SourceCodester Web-Based Student Clearance System Edit User Profile Page edit-admin.php SQLインジェクション4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-1928
17Elastic Elasticsearch Simulate Pipeline API 特権昇格6.16.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2023-46673
18Microsoft SQL Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.007620.04CVE-2023-21713
1970mai a500s Recording 特権昇格7.37.2$0-$5k$0-$5kNot DefinedNot Defined0.000880.02CVE-2023-43271
20MikroTik RouterOS Web Server メモリ破損8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003200.03CVE-2017-20149

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • MAZE

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.199.167.188FIN6MAZE2020年12月16日verified
237.1.213.9FIN6MAZE2020年12月16日verified
337.252.7.142FIN6MAZE2020年12月16日verified
454.39.233.188mail.ov120.slpmt.netFIN6MAZE2020年12月16日verified
591.208.184.174sell.mybeststore.clubFIN6MAZE2020年12月16日verified
691.218.114.4FIN6MAZE2020年12月16日verified
791.218.114.11Maze2022年03月11日verified
891.218.114.31FIN6MAZE2020年12月16日verified
9XX.XXX.XXX.XXXxxxXxxx2020年12月16日verified
10XX.XXX.XXX.XXXxxxXxxx2020年12月16日verified
11XX.XXX.XXX.XXXxxxXxxx2020年12月16日verified
12XX.XXX.XXX.XXXxxxXxxx2020年12月16日verified
13XX.XXX.XXX.XXXxxxXxxx2020年12月16日verified
14XX.XX.X.XXxx-xx-x-xx.xxxxxxxxx.xxxXxxxXxxx2020年12月16日verified
15XX.XX.XX.XXXxx-xx-xx-xxx.xxxxxxxxx.xxxXxxxXxxx2020年12月16日verified
16XX.XX.XX.Xxx-xx-xx-x.xxxxxxxxx.xxxXxxxXxxx2020年12月16日verified
17XX.XX.XX.Xxx-xx-xx-x.xxxxxxxxx.xxxXxxxXxxx2020年12月16日verified
18XX.XX.XX.XXXxx.xx.xx.xx.xxx.xx.xxxxx.xxxxxx.xx-xxxxx.xxxXxxxXxxx2020年12月16日verified
19XX.XX.XX.XXXxx.xx.xx.xx.xxx.xx.xxxxx.xxxxxx.xx-xxxxx.xxxXxxxXxxx2020年12月16日verified
20XX.XX.XX.Xxxxxxxxx-xx-x.xxx.xxXxxxXxxx2020年12月16日verified
21XX.XX.XX.XXxxxx.xxxxxxxxxx.xxxxXxxxXxxx2020年12月16日verified
22XX.XX.XX.XXxx-xx-xx-xx.xx.xxx.xxXxxxXxxx2020年12月16日verified
23XX.XX.XX.XXxxx.xxxxxxxxxxxxxx.xxx.xxXxxxXxxx2020年12月16日verified
24XX.XX.XX.XXXxx-xx-xx-xxx.xx.xxx.xxXxxxXxxx2020年12月16日verified
25XX.XX.XXX.Xxxxxxxx.xxXxxxXxxx2020年12月16日verified
26XX.XX.XXX.XXXxxxXxxx2020年12月16日verified
27XX.XXX.XX.XXXXxxx2021年05月31日verified
28XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxxxxxx.xxxXxxxXxxx2020年12月16日verified
29XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxXxxx2020年12月16日verified
30XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxx2020年12月16日verified
31XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxx2020年12月16日verified
32XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxx2020年12月16日verified
33XXX.XX.XXX.XXXXxxxXxxx2020年12月16日verified
34XXX.XXX.XX.XXXxxxXxxx2020年12月16日verified
35XXX.XXX.XX.XXXxxx2022年04月29日verified
36XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxXxxx2020年12月16日verified
37XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxXxxx2020年12月16日verified
38XXX.XX.XXX.XXXxxxxxxxxxx.xxxXxxxXxxx2020年12月16日verified

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (122)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File//predictive
2File/admin/edit-admin.phppredictive
3File/ajax-files/postComment.phppredictive
4File/cgi-bin/login_action.cgipredictive
5File/cgi-bin/webprocpredictive
6File/exportpredictive
7File/forum/away.phppredictive
8File/index.phppredictive
9File/index.php/weblinks-categoriespredictive
10File/menu.htmlpredictive
11File/mics/j_spring_security_checkpredictive
12File/mybb_1806/Upload/admin/index.phppredictive
13File/scp/directory.phppredictive
14File/uncpath/predictive
15File/var/log/nginxpredictive
16Fileaccount/gallery.phppredictive
17Fileadd_edit_cat.asppredictive
18Fileadmin.php?mod=user&act=delpredictive
19Filexxxxx/xxxxx_xxxxxxx.xxxpredictive
20Filexxxxxxxxx.xxpredictive
21Filexxx.xxxpredictive
22Filexxx/xxxxxxxx/xxxxxxxxxxx.xxxpredictive
23Filexxx/xxxxxxxx/xxxxx/xxxxx_xxxxx.xpredictive
24Filexxx.xxxpredictive
25Filexxxxxxxx.xxxpredictive
26Filexxxxxxxx.xxxpredictive
27Filexxx-xxx/xxx_xxx_xxxxxx.xxxpredictive
28Filexxxxxxxx.xxxpredictive
29Filexxxxxx/xxxx/x_xxxx.xpredictive
30Filexxxxxxx.xxxpredictive
31Filexx/xx_xxxxxxxx.xxxpredictive
32Filexxxxxxxxxxxxxxxxx.xxxpredictive
33Filexxxxx.xxxpredictive
34Filexxxxxxx.xpredictive
35Filexxxx.xxxpredictive
36Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictive
37Filexxx.xxxpredictive
38Filexxxxx.xxxpredictive
39Filexxxx.xxxpredictive
40Filexxxxxxxxxx/xxxxxxxxxxx_xxxxxx.xxxpredictive
41Filexxxxxxxx/xxxx_xxxxpredictive
42Filexxxx.xxxpredictive
43Filexxxxx.xxxpredictive
44Filexxxxx.xxxpredictive
45Filexxxxx.xxxpredictive
46Filexxxx_xxxxxxxx.xxxpredictive
47Filexxx/xxxx_xxx.xxxpredictive
48Filexxxxxxx\xxxxxxxxx\xxxxxxx.xxxpredictive
49Filexxxx.xxxpredictive
50Filexxxxxxxx.xxxx/xxxx.xxxxpredictive
51Filexxxxxx.xpredictive
52Filexxxxxxxx.xxxpredictive
53Filexxxxxxxxxx.xxxpredictive
54Filexxxxxxx_xxxx.xxxpredictive
55Filexxxxx.xxxpredictive
56Filexxxx/xxxx.xxxpredictive
57Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictive
58Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictive
59Filexxx_xxxxxxx.xxxpredictive
60Filexxxxxxxx-x.xpredictive
61Filexxxxxx.xxxpredictive
62Filexxxx/xxxxxxxxxx.xxx?xxxxxx=xxxxpredictive
63Filexxxxxxxx.xxxpredictive
64Filexxxx_xxxx.xxxpredictive
65Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
66Filexx-xxxxx/xxxx-xxx.xxxpredictive
67Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
68Filexxxxxxxxxxxxxx.xxxpredictive
69Filexxxxxx.xxxpredictive
70Libraryxxxxxx.xxxpredictive
71Libraryxxxxxxxxx/xxxxxxx_xxx.xxx.xxxpredictive
72Argument$xxxxx_xxxxxxxxxxpredictive
73Argument?xxxxxxpredictive
74Argumentxxxpredictive
75Argumentxxxxpredictive
76Argumentxxxpredictive
77Argumentxxxxxpredictive
78Argumentxxx_xxpredictive
79Argumentxxxpredictive
80Argumentxxxxxxxxxxxpredictive
81Argumentxxxxxxxxx_xxxxxx/xxxxxxxxx_xxxxxxpredictive
82Argumentxxxxpredictive
83Argumentxxxx_xxxxxx=xxxxpredictive
84Argumentxxxpredictive
85Argumentxxxxpredictive
86Argumentxxxx/xxxxxxpredictive
87Argumentxxxxxxxxpredictive
88Argumentxxxxxxxpredictive
89Argumentxxxxxxxxpredictive
90Argumentxxxxxxx[xxxx_xxx][$xxxx->xxxx][xxxxxxxxxxxxxxpredictive
91Argumentxxxpredictive
92Argumentxxxxpredictive
93Argumentxxxxxxxxpredictive
94Argumentxxpredictive
95Argumentxxxxxxpredictive
96Argumentx_xxxxxxxxpredictive
97Argumentxxxx[*][xxxx]predictive
98Argumentxxxpredictive
99Argumentxxxx_xxxxxx_xxpredictive
100Argumentxxxxpredictive
101Argumentxxxxpredictive
102Argumentxxx_xxxxxxxpredictive
103Argumentxxxxxpredictive
104Argumentxxxxpredictive
105Argumentxxxx=predictive
106Argumentxxxxxxpredictive
107Argumentx_xxxxpredictive
108Argumentxxxxx_xxpredictive
109Argumentxxxpredictive
110Argumentxxxpredictive
111Argumentxxxxxpredictive
112Argumentxxxxxxxxxxxxxxpredictive
113Argumentxxxxx_xxxxxxxxxpredictive
114Argumentxxxx_xx[]predictive
115Argumentxxxxxxxx/xxxx xxxxxxpredictive
116Argumentxxxpredictive
117Argumentxxxxxxxxpredictive
118Argumentxxxx_xx[]predictive
119Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictive
120Input Value../predictive
121Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictive
122Input Valuexx xxxxxxxxx xxxxxxx(xxxxxxxxxxxx(xxxx(),xxxxxx(xxxx,xxxxxxx())),x);predictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!