Sality 解析

IOB - Indicator of Behavior (40)

タイムライン

言語

en28
de6
ru4
pl2

国・地域

us12
ru12
pt8
de4

アクター

アクティビティ

関心

タイムライン

タイプ

ベンダー

製品

Maianscriptworld Maian Recipe2
b3log Symphony2
Microsoft IIS2
vu Mass Mailer2
WordPress2

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1WordPress wp-trackback.php mb_convert_encoding 弱い暗号化5.35.1$5k-$25k計算中Not DefinedOfficial Fix0.040.03358CVE-2009-3622
2Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00053CVE-2022-28507
3YaPiG view.php クロスサイトスクリプティング4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01368CVE-2005-1886
4WordPress wp-register.php クロスサイトスクリプティング4.34.2$5k-$25k$0-$5kHighUnavailable0.000.00322CVE-2007-5105
5MetInfo URL Redirector login.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00107CVE-2017-11718
6phpRaid register.php 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
7vu Mass Mailer Login Page redir.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00181CVE-2007-6138
8DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.560.00943CVE-2010-0966
9Symantec Endpoint Protection Manager SAP XML Parser XML External Entity7.36.6$5k-$25k$0-$5kHighOfficial Fix0.000.83177CVE-2013-5014
10Mozilla Firefox/Thunderbird/Firefox ESR NPAPI Plugin 未知の脆弱性6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00419CVE-2019-11712
11Linux Kernel oom_kill.c __oom_reap_task_mm メモリ破損4.74.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00062CVE-2017-18202
12Node.js HTTP Header サービス拒否6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02355CVE-2018-12121
13TestLink Plugin summary.jelly クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00053CVE-2018-1000113
14Microsoft Windows Windows Media Player 情報の漏洩2.52.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00157CVE-2017-11768
15W3C Jigsaw Host Header クロスサイトスクリプティング6.35.7$0-$5k計算中Proof-of-ConceptOfficial Fix0.020.01034CVE-2002-1053
16Microsoft Windows Subsystem for Linux 特権昇格6.45.8$25k-$100k計算中Proof-of-ConceptOfficial Fix0.000.00213CVE-2018-0743
17Microsoft Windows DirectX 情報の漏洩5.14.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-0837
18WordPress wpdb->prepare SQLインジェクション8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00389CVE-2017-16510
19Microsoft Lync/Skype for Business Security Feature 特権昇格7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00284CVE-2018-8238
20Iptanus File Upload Plugin Shortcode クロスサイトスクリプティング6.05.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00185CVE-2018-9172

IOC - Indicator of Compromise (31)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.101.0.44Sality2022年04月12日verified
220.53.203.50Sality2022年08月01日verified
320.72.235.82Sality2022年08月01日verified
420.81.111.85Sality2022年08月01日verified
520.84.181.62Sality2022年08月01日verified
620.103.85.33Sality2022年08月01日verified
720.109.209.108Sality2022年08月01日verified
8XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx2022年08月01日verified
9XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx2022年08月01日verified
10XX.XXX.XXX.XXXxxxxx2022年04月08日verified
11XX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxx-xxxx.xxx.xxxXxxxxx2022年04月12日verified
12XX.XX.X.XXxxxxxxx.x.xxxxxxxxx.xxxXxxxxx2022年04月12日verified
13XX.XXX.XXX.XXXxxxxx2022年04月08日verified
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxx2022年04月08日verified
15XX.XXX.XXX.XXXXxxxxx2022年04月12日verified
16XX.XXX.XX.XXXxx-xxx-xx-xxx-xxxxxx.xxxxxxx.xxxXxxxxx2023年10月29日verified
17XX.XXX.XXX.XXxx-xxxxx.xx.xxxxxxxxxxxxx.xxXxxxxx2022年04月12日verified
18XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxx2022年04月12日verified
19XXX.XX.XX.XXxxxxxxxxxxx.x.xxxxxxxxx.xxxXxxxxx2022年04月12日verified
20XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx2022年04月12日verified
21XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxx2022年04月12日verified
22XXX.X.XXX.XXXXxxxxx2022年04月12日verified
23XXX.XXX.XX.XXx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx2022年04月12日verified
24XXX.XX.XXX.Xxx-xxxxx.xxx.xx.xxXxxxxx2022年04月12日verified
25XXX.XX.XX.XXXXxxxxx2022年04月08日verified
26XXX.XX.XXX.XXXXxxxxx2022年04月08日verified
27XXX.XX.XXX.XXXXxxxxx2022年04月08日verified
28XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx2022年04月08日verified
29XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxx-xxxx.xxxXxxxxx2022年04月08日verified
30XXX.XX.XX.XXxxxx.xxxxxxx.xxXxxxxx2022年04月08日verified
31XXX.XX.XX.XXXxxx.xxxxxxx.xxXxxxxx2022年04月12日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1059CWE-94Argument Injectionpredictive
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
5TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/getcfg.phppredictive
2File/settings/avatarpredictive
3Filebin/icingapredictive
4Fileinc/config.phppredictive
5Fileindex.phppredictive
6Filexxxxxx/xxxxx.xxxpredictive
7Filexxxxxx.xxpredictive
8Filexx/xxx_xxxx.xpredictive
9Filexxx.xxxpredictive
10Filexxxxx.xxxpredictive
11Filexxxxxxxx.xxxpredictive
12Filexxxxxxxxxxxxxxxxxxx/xxxxxxx.xxxxxpredictive
13Filexxxxxxxxx.xxpredictive
14Filexxxx/xxxxxxxxxxxx.xpredictive
15Filexxxx.xxxpredictive
16Filexx-xxxxxxxx.xxxpredictive
17Filexx-xxxxxxxxx.xxxpredictive
18Argumentxxxxxxxxpredictive
19Argumentxxxxxxxxxpredictive
20Argumentxxxxxxxpredictive
21Argumentxxxxxxxxxxxpredictive
22Argumentxxxxxpredictive
23Argumentxxpredictive
24Argumentxxxxxxpredictive
25Argumentxxxxxxxxpredictive
26Argumentxxxxpredictive
27Argumentxxxxxxx_xxxpredictive
28Argumentxxxxxxxxpredictive
29Argumentxxxxxxxxxxxxxpredictive
30Argumentxxxx_xxxxxpredictive
31Argument_xxxxxxxpredictive
32Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
33Pattern|xx|xx|xx|predictive
34Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)predictive
35Network Portxxx xxxxxx xxxxpredictive

参考 (6)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!