MQsTTang 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (83)

タイムライン

言語

en40
ru22
fr12
pl6
de4

国・地域

us54
tt14
ru4
de2

アクター

MQsTTang3
RedLine Stealer2
TA5511
Ursnif1
BlackNET RAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined22
Operating System6
Mail Client Software4
Programming Language Software4
Bug Tracking Software2

ベンダー

Not Defined16
Microsoft6
RoundCube4
Trend Micro4
Pps.jussieu2

製品

RoundCube Webmail4
Microsoft Windows4
Trend Micro Worry-Free Business Security4
Pps.jussieu Polipo2
GitLab2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2LS Electric PLC/XG5000 弱い暗号化5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.001440.00CVE-2022-2758
3Devilz Clanportal File Upload 未知の脆弱性5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.04CVE-2006-6338
4Omron PLC CJ/PLC CS 弱い認証6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001330.04CVE-2019-13533
5Omron CX-Position Project File メモリ破損7.06.9$0-$5k$0-$5kNot DefinedNot Defined0.000990.00CVE-2022-26417
6Microsoft Windows Remote Procedure Call Runtime Remote Code Execution9.88.9$100k 以上$5k-$25kUnprovenOfficial Fix0.015580.00CVE-2022-26809
7Microsoft Windows IKE Protocol Extension Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.010930.04CVE-2022-34721
8RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex クロスサイトスクリプティング3.53.4$0-$5k$0-$5kHighOfficial Fix0.006120.00CVE-2020-35730
9IBOS OA Interview edit&op=status SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.003430.00CVE-2023-3826
10Dahua Smart Park Management 特権昇格7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.026370.04CVE-2023-3836
11NxFilter user.jsp 未知の脆弱性4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000580.00CVE-2023-3841
12Devilz Clanportal SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.03CVE-2006-6339
13Aspindir Aspee Ziyaretci Defteri giris.asp SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.002370.04CVE-2006-6337
14Creativeitem Atlas Business Directory Listing search クロスサイトスクリプティング3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.00CVE-2023-3756
15FasterXML jackson-databind Java サービス拒否3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002180.00CVE-2020-36518
16FasterXML jackson-databind Deserialize サービス拒否5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002310.03CVE-2022-42003
17FasterXML jackson-databind Array BeanDeserializer._deserializeFromArray サービス拒否3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002420.00CVE-2022-42004
18GLPI htmlawed Module htmLawedTest.php 特権昇格7.67.6$0-$5k$0-$5kHighNot Defined0.974110.04CVE-2022-35914
19FreeBSD System Call Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001190.00CVE-2021-29628
20Realtek rtl819x-SDK Web Interface 特権昇格7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000880.05CVE-2022-29558

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
13.228.54.173ec2-3-228-54-173.compute-1.amazonaws.comMQsTTang2024年03月05日verified
2XX.XX.XXX.XXXXxxxxxxx2024年03月05日verified
3XX.XX.XXX.XXxxxxxxx2024年03月05日verified
4XXX.XXX.XX.XXXxxxxxxx2024年03月05日verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
14TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/?r=recruit/resume/edit&op=statuspredictive
2File/emap/devicePoint_addImgIco?hasSubsystem=truepredictive
3File/home/searchpredictive
4File/usr/bin/atpredictive
5File/xxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxx.xxxpredictive
6Filexxxxxxx/xxxxxxx.xxxpredictive
7Filexxxxxxx.xxxpredictive
8Filexxxxxx.xpredictive
9Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
10Filexxxxx.xxxpredictive
11Filexxxxxx/xxxxxxxxxx.xpredictive
12Filexxxxx_xxxxxx_xxx.xxxpredictive
13Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictive
14Filexxxxxxxxxx.xxxpredictive
15Filexxxx.xxxpredictive
16Filexxxxxx.xxxpredictive
17Argumentxxxxpredictive
18Argumentxxpredictive
19Argumentxxxxxxpredictive
20Argumentxxxxxxxxxpredictive
21Argumentxxxxxxxxpredictive
22Argumentxxxxxx/xxxxxx_xxxxxxpredictive
23Argumentxxxxxx_xxxxxxpredictive
24Argumentxxxxxxpredictive
25Argumentxxxpredictive
26Argumentxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!