MetaStealer 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

言語

en	58
ru	8
it	2
pt	2
es	2

国・地域

us	28
ru	14
is	4
cn	4
it	2

アクター

MetaStealer	7
RedLine Stealer	2
Meterpreter	2
Conti	1
RagnarLocker	1

関心

タイプ

Not Defined	22
Hospitality Software	6
E-Commerce Management Software	6
Groupware Software	6
WordPress Plugin	4

ベンダー

Not Defined	26
Microsoft	10
SourceCodester	4
Tenda	2
Tourismscripts	2

製品

Microsoft IIS	4
Microsoft Exchange Server	4
Redis	2
Gogs	2
Tenda N300 F3	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	CTI	EPSS	CVE
1	Red Lion HMI Panel URI 特権昇格	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00238	CVE-2017-14855
2	GNU Bash mod_cgi 特権昇格	9.8	8.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.97348	CVE-2014-7169
3	Hostel Searching Project view-property.php SQLインジェクション	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.08	0.00223	CVE-2022-4051
4	Ovidentia CMS index.php SQLインジェクション	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.07	0.00089	CVE-2021-29343
5	phpBB XS bb_usage_stats.php 特権昇格	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.07955	CVE-2006-4893
6	SourceCodester Online Student Admission System Student User Page edit-profile.php クロスサイトスクリプティング	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.06	0.00068	CVE-2022-2681
7	Microsoft Exchange Server Privilege Escalation	8.3	7.6	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.06	0.00080	CVE-2023-36745
8	Elementor Plugin Template Import 特権昇格	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00054	CVE-2023-48777
9	News & Blog Designer Pack Plugin 特権昇格	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00322	CVE-2023-5815
10	LearnPress Plugin 特権昇格	7.8	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.16476	CVE-2023-6634
11	Likeshop HTTP POST Request File.php userFormImage 特権昇格	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.09	0.00727	CVE-2024-0352
12	Proxmox proxmox-widget-toolkit Edit Notes クロスサイトスクリプティング	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06	0.00052	CVE-2023-46854
13	GG18/GG20 ECDSA Private Key 特権昇格	7.7	7.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00070	CVE-2023-33241
14	Mozilla Firefox SPDY/HTTP/2 弱い暗号化	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.02	0.00411	CVE-2014-1584
15	Microsoft Exchange Server Privilege Escalation	8.8	7.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.02	0.01192	CVE-2023-21529
16	MetInfo URL Redirector login.php	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00107	CVE-2017-11718
17	SourceCodester Sanitization Management System Admin Login SQLインジェクション	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00120	CVE-2022-4726
18	Microsoft SharePoint Workflow 特権昇格	10.0	8.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.91072	CVE-2013-1330
19	NdkAdvancedCustomizationFields createPdf.php クロスサイトスクリプティング	4.8	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00063	CVE-2022-40840
20	Redis XAUTOCLAIM Command メモリ破損	8.2	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00598	CVE-2022-31144

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	4.224.60.120		MetaStealer	2023年11月21日	verified	高
2	13.114.196.60	ec2-13-114-196-60.ap-northeast-1.compute.amazonaws.com	MetaStealer	2024年02月26日	verified	中
3	13.125.88.10	ec2-13-125-88-10.ap-northeast-2.compute.amazonaws.com	MetaStealer	2024年02月26日	verified	中
4	XX.XXX.XXX.XX	xxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxxxxxx	2023年11月26日	verified	高
5	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxxxxxx-xxx	Xxxxxxxxxxx	2023年05月16日	verified	高
6	XXX.XXX.XXX.XXX	xxxxxxxxx.xxxxxxxxx.xxxx	Xxxxxxxxxxx	2023年05月16日	verified	高
7	XXX.XXX.XXX.XXX	xxxxxx.xxx	Xxxxxxxxxxx	2022年12月02日	verified	高
8	XXX.XXX.XXX.XX		Xxxxxxxxxxx	2023年05月16日	verified	高
9	XXX.XXX.XXX.XX		Xxxxxxxxxxx	2023年01月31日	verified	高
10	XXX.XXX.XXX.XXX		Xxxxxxxxxxx	2022年04月06日	verified	高
11	XXX.XX.XX.XXX		Xxxxxxxxxxx	2023年11月30日	verified	高
12	XXX.XX.XX.XXX		Xxxxxxxxxxx	2023年11月30日	verified	高
13	XXX.XX.XXX.XXX	xxx.xxx	Xxxxxxxxxxx	2023年11月30日	verified	高
14	XXX.XX.XX.XXX		Xxxxxxxxxxx	2023年12月29日	verified	高

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
2	T1059	CWE-94	Argument Injection	predictive	高
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	高
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
10	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
11	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/index.php	predictive	中
2	File	/uncpath/	predictive	中
3	File	about.php	predictive	中
4	File	admin.php	predictive	中
5	File	admin_feature.php	predictive	高
6	File	aj.html	predictive	低
7	File	akocomments.php	predictive	高
8	File	archives.php	predictive	中
9	File	xxxxxxx.xxx	predictive	中
10	File	xxxx.xxx.xxx	predictive	中
11	File	xx_xxxxx_xxxxx.xxx	predictive	高
12	File	xxx-xxxxxx-xxxxxxxxxx-xxxxxx/xxxxxxx.xxx	predictive	高
13	File	xxx-xxx/xxxxxxxxxxx/xxxxxxxxx.xxx	predictive	高
14	File	xxx-xxx/xxxxxx/xxxxx.xx	predictive	高
15	File	xxxxxxxxxxx.xxx.xxx	predictive	高
16	File	xxxxxxx.xxx	predictive	中
17	File	xxxxxxxxx.xxx	predictive	高
18	File	xxxxxx.xxx	predictive	中
19	File	xxxxxx.xxx	predictive	中
20	File	xxxx-xxxxxxx.xxx	predictive	高
21	File	xxxxxxxxx.xxx	predictive	高
22	File	xxxxx.xxx	predictive	中
23	File	xxxxxx.xxx	predictive	中
24	File	xxxxx.xxx	predictive	中
25	File	xxxx.xxx	predictive	中
26	File	xxxxxx/xxxxx.xxx	predictive	高
27	File	xxxxx.xxx	predictive	中
28	File	xxxx.xxx	predictive	中
29	File	xxxxxx/xxx/xx/xxx.xx	predictive	高
30	File	xxxxxx.xxx	predictive	中
31	File	xxxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxx/xxxx.xxx	predictive	高
32	File	xxxxxxx_xxxxxx.xxx	predictive	高
33	File	xxxx.xxx	predictive	中
34	File	xxxx-xxxxxxxx.xxx	predictive	高
35	File	xxxx.xxxxxxxxx.xxx	predictive	高
36	File	xxxxxxxxx.xxx	predictive	高
37	Library	xxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxx	predictive	高
38	Argument	xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:	predictive	高
39	Argument	xxx_xx	predictive	低
40	Argument	xxxxxx_xxxxx_xxxx	predictive	高
41	Argument	xxxx	predictive	低
42	Argument	xx_xxxx	predictive	低
43	Argument	xxxxxxxx	predictive	中
44	Argument	xxxxxxx[xxxxxx]	predictive	高
45	Argument	xxxxx	predictive	低
46	Argument	xxxxx_xx	predictive	中
47	Argument	xxxxx_xxxx	predictive	中
48	Argument	xx	predictive	低
49	Argument	xx	predictive	低
50	Argument	xxxx_xx	predictive	低
51	Argument	xxxxx	predictive	低
52	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	高
53	Argument	xxxx_xxxx	predictive	中
54	Argument	xxxxx_xxxx_xxxx	predictive	高
55	Argument	xxx	predictive	低
56	Argument	xxxxxxxx_xx	predictive	中
57	Argument	xxxxxxxx	predictive	中
58	Argument	xxx	predictive	低
59	Argument	xxxx-xxxxx	predictive	中
60	Argument	xxxxxxxx	predictive	中
61	Argument	xxxxxxxx/xxxxxxxx	predictive	高
62	Input Value	<xxxxxx>xxxxx(/xxx/)</xxxxxx>	predictive	高
63	Input Value	xxxxxx_xxxxxxxx	predictive	高

参考 (9)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

https://bazaar.abuse.ch/sample/d3da939964cbf347635dd39214d941dc4bd59c84060ae4465ee6e943bae79dc9/

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!