SessionManager 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

言語

zh	14
en	12

国・地域

cn	22
ir	2
us	2

アクター

Gelsemium	2
Cobalt Strike	2

関心

タイプ

Not Defined	14
Operating System	2
Programming Language Software	2
Content Management System	2
File Transfer Software	2

ベンダー

Not Defined	8
Microsoft	2
prototypejs	2
Jfinal	2
Hikvision	2

製品

Microsoft Windows	2
Redis	2
prototypejs Prototype JavaScript framework	2
sentry-sdk	2
Jfinal CMS	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	ZCMS ThinkPHP SQLインジェクション	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00209	0.02	CVE-2020-19705
2	sentry-sdk Session 情報の漏洩	5.6	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00090	0.02	CVE-2023-28117
3	IBM CTSS Text Editor Password 情報の漏洩	3.3	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.03
4	Permalink Manager Lite Plugin クロスサイトスクリプティング	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.04	CVE-2024-2738
5	Michael Leithold DSGVO All in One for WP Plugin 未知の脆弱性	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.05	CVE-2024-27967
6	Google Chrome V8 Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00045	0.00	CVE-2024-2625
7	Huawei SXXXX XML Parser 特権昇格	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.03	CVE-2017-15346
8	prototypejs Prototype JavaScript framework Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00406	0.04	CVE-2008-7220
9	NVIDIA GeForce Experience nvcontainer.exe 特権昇格	7.0	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2020-5978
10	Microsoft Windows Runtime Remote Code Execution	8.1	7.4	$100k 以上	$5k-$25k	Unproven	Official Fix	0.47432	0.00	CVE-2022-21971
11	Parallels Plesk Panel index.htm クロスサイトスクリプティング	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00112	0.02	CVE-2019-18793
12	Discuz! admin.php クロスサイトスクリプティング	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.02	CVE-2018-19464
13	ZCMS SQLインジェクション	8.5	8.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00386	0.02	CVE-2015-7346
14	ZCMS クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.02	CVE-2019-9078
15	Microsoft Windows Print Spooler Local Privilege Escalation	7.5	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.96825	0.02	CVE-2021-1675
16	Jfinal CMS FileManagerController.java FileManager.rename 特権昇格	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00202	0.00	CVE-2020-19155
17	Redis BIT Command 情報の漏洩	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01713	0.03	CVE-2021-32761
18	OpenLiteSpeed WebAdmin Console 特権昇格	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00244	0.02	CVE-2020-5519
19	FileZilla Server PORT 特権昇格	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.09	CVE-2015-10003
20	ThinkPHP index.php SQLインジェクション	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00173	0.02	CVE-2018-10225

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	202.182.123.185	202.182.123.185.vultrusercontent.com	SessionManager		2022年07月05日	verified	高
2	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxxxxxx		2022年07月05日	verified	高

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059.007	CWE-79	Cross Site Scripting	predictive	高
2	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	admin.php	predictive	中
2	File	index.php	predictive	中
3	File	xxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxx	predictive	高
4	File	xxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	高
5	File	xxxxxxxxxxx.xxx	predictive	高
6	File	xxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxx	predictive	高
7	File	xxxx/xxx.xxx?xx=xxxxxx	predictive	高
8	Argument	xxxxxxxx	predictive	中
9	Argument	xxxxxxxx	predictive	中
10	Input Value	xxxxxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!