Miori 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (110)

タイムライン

言語

en96
de8
ar6

国・地域

us50
il14
ru12
de10
it2

アクター

Miori3
Mirai2
Cobalt Strike2
Rhadamanthys1
PhotoLoader1

アクティビティ

関心

タイムライン

タイプ

Not Defined42
Web Browser8
Database Software6
Mail Server Software6
Content Management System4

ベンダー

Not Defined38
Google8
Microsoft6
Oracle6
Revive4

製品

Google Chrome8
Oracle MySQL Server4
Magento4
Revive Adserver4
Exim4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Vmware Workspace ONE Access/Identity Manager Template 特権昇格9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.974360.04CVE-2022-22954
2IBM Security Access Manager Appliance Advanced Access Control 特権昇格7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001670.00CVE-2018-1850
3Microsoft Windows WLAN AutoConfig Service Remote Code Execution8.87.7$100k 以上$5k-$25kUnprovenOfficial Fix0.014480.00CVE-2021-36965
4Google Chrome Sandbox 特権昇格8.07.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.033910.02CVE-2019-5782
5Oracle MySQL Server Encryption 情報の漏洩5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001730.04CVE-2019-2922
6Oracle MySQL Server Compiling メモリ破損9.89.4$100k 以上$5k-$25kNot DefinedOfficial Fix0.097610.03CVE-2019-5482
7Procmail Signal 特権昇格7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2001-0905
8CA XCOM Data Transport 特権昇格9.89.8$25k-$100k$5k-$25kNot DefinedNot Defined0.004030.02CVE-2012-5973
9OpenSSH Supplemental Group 特権昇格4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2021-41617
10WordPress Pingback 特権昇格5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.00CVE-2022-3590
11emlog index.php 情報の漏洩5.55.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.003000.02CVE-2021-3293
12PHPWind SQLインジェクション5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000720.03CVE-2019-6691
13Microsoft Windows Security Center API Remote Code Execution8.17.4$100k 以上$5k-$25kUnprovenOfficial Fix0.022680.02CVE-2022-21874
14Google Android Privilege Escalation5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001090.00CVE-2021-1049
15ONLYOFFICE Document Server NSFileDownloader 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.008470.00CVE-2020-11534
16Microsoft Office Excel 特権昇格7.36.9$5k-$25k$0-$5kHighOfficial Fix0.013360.03CVE-2021-42292
17VMware ESXi System Call 特権昇格7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2020-4005
18Microsoft Windows WLAN AutoConfig Service Remote Code Execution8.07.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.000550.00CVE-2021-36967
19D-Link DIR-816 HTTP Request Parameter form2userconfig.cgi 特権昇格4.64.5$5k-$25k$5k-$25kNot DefinedNot Defined0.002550.00CVE-2021-39509
20pac-resolver PAC File Remote Code Execution5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003930.01CVE-2021-23406

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
194.177.226.227host227-226-177-94.static.arubacloud.deMiori2022年03月27日verified
2XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx2022年03月27日verified
3XXX.XX.XXX.XXXxxx.xxXxxxx2022年07月17日verified
4XXX.XXX.XX.XXXxxxx2019年07月17日verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictive

IOA - Indicator of Attack (38)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.procmailrcpredictive
2File/debian/patches/load_ppp_generic_if_neededpredictive
3File/etc/fstabpredictive
4File/forms/nslookupHandlerpredictive
5File/goform/form2userconfig.cgipredictive
6File/xxxx/xxxx/xxxxxxxxxpredictive
7Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictive
8Filexxxxxxxx_xxxxxxxx_xxxxxxx.xxxpredictive
9Filexxxx.xxxxpredictive
10Filexxxxxx.xpredictive
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
12Filexxxxxxxx-xxx/xx.xxxpredictive
13Filexxxxxxx.xxpredictive
14Filexxxxxx/xxx/xxxxxxx.xxxpredictive
15Filexxx/xxxxxx.xxxpredictive
16Filexxxxxxxx/xxxxx-xxxxxxxxx.xxxpredictive
17Filexxxxxx-xxxxxxx.xxxpredictive
18Filexxxxxxx.xxxpredictive
19Filexxxxxx.xxxpredictive
20Filexxxxxx.xxxpredictive
21Filex/xxxxx.xxxpredictive
22Filexxxxxxxxxpredictive
23Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxxpredictive
24Argument-xpredictive
25Argumentxxxxxxxxpredictive
26Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictive
27Argumentxxpredictive
28Argumentxxxxxxxpredictive
29Argumentxxxxxxxxxxpredictive
30Argumentxxxxxxxx_xxxxxxxpredictive
31Argumentxxxxxxxxxxxxxxpredictive
32Argumentxxxxxxpredictive
33Argumentxxxx_xxpredictive
34Argumentxxxxxxx[]predictive
35Input Value..predictive
36Input Value::$xxxxx_xxxxxxxxxxpredictive
37Input Value|xxx${xxx}predictive
38Network Portxxx xxxxxx xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!