Shamoon 2 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

言語

en	48
ru	6

国・地域

us	46
ru	6
cn	2

アクター

Shamoon 2	4
Meterpreter	1
QakBot	1

関心

タイプ

Not Defined	12
Image Processing Software	12
Testing Software	10
Groupware Software	6
Router Operating System	6

ベンダー

Not Defined	16
IBM	12
Microsoft	8
TP-LINK	8
D-Link	2

製品

LibTIFF	12
IBM Rational Collaborative Lifecycle Management	10
IBM Rational Quality Manager	10
IBM Rational Team Concert	10
IBM Rational DOORS Next Generation	10

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	ClamAV Antivirus AutoIt Module サービス拒否	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00063	0.02	CVE-2023-20212
2	Microsoft SharePoint 特権昇格	6.1	5.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00471	0.00	CVE-2017-8569
3	Ditty Plugin クロスサイトスクリプティング	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00100	0.00	CVE-2022-0533
4	Moxa TN-4900/TN-5900 特権昇格	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.00	CVE-2023-34217
5	D-Link DAP-2660 GET Request adv_resource メモリ破損	5.5	5.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00082	0.03	CVE-2023-39749
6	TP-LINK TL-WR841N/TL-WR940N/TL-WR941ND WlanSecurityRpm メモリ破損	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.03	CVE-2023-39747
7	TP-LINK TL-WR841N/TL-WR940N/TL-WR941ND GET Request AccessCtrlAccessRulesRpm メモリ破損	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.00	CVE-2023-39745
8	TP-LINK TL-WR1041N V2 GET Request NetworkCfgRpm サービス拒否	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.00	CVE-2023-39748
9	Private Internet Access 特権昇格	8.8	8.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00044	0.00	CVE-2022-27092
10	ASUS RT-AC88U Download Master Title 特権昇格	5.9	5.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.00	CVE-2020-29655
11	Mole Adult Portal Script profile.php SQLインジェクション	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00129	0.02	CVE-2009-4673
12	4images categories.php クロスサイトスクリプティング	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00207	0.00	CVE-2015-7708
13	4homepages 4images member.php クロスサイトスクリプティング	3.5	3.4	$0-$5k	$0-$5k	High	Official Fix	0.00111	0.00	CVE-2009-2131
14	Kentico CMS CMS Administration Dashboard install.aspx 特権昇格	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.14830	0.04	CVE-2017-17736
15	FileZilla Server PORT 特権昇格	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.17	CVE-2015-10003
16	Microsoft SharePoint Content 特権昇格	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03414	0.00	CVE-2015-1700
17	Microsoft SharePoint Server クロスサイトスクリプティング	4.8	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01035	0.00	CVE-2017-0107
18	Microsoft SharePoint Server クロスサイトスクリプティング	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00187	0.00	CVE-2017-8654
19	Microsoft Excel メモリ破損	7.0	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.48559	0.02	CVE-2016-7236
20	ownCloud scan.php 情報の漏洩	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00439	0.03	CVE-2016-1499

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	5.254.100.200		Shamoon 2	2024年02月15日	verified	高
2	45.63.10.99	45.63.10.99.vultrusercontent.com	Shamoon 2	2024年02月15日	verified	高
3	XX.XX.XXX.XX	xx.xx.xxx.xx.xxxxx.xxx	Xxxxxxx X	2020年12月23日	verified	中
4	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxx.xxx	Xxxxxxx X	2020年12月23日	verified	中
5	XX.XX.XXX.XX		Xxxxxxx X	2024年02月15日	verified	高
6	XXX.XXX.XXX.XXX	xxxxxxxxxxx.xxx	Xxxxxxx X	2024年02月15日	verified	高
7	XXX.XXX.XXX.XXX	xxxxxxxxxxxx.xxxxxxx.xxxx	Xxxxxxx X	2024年02月15日	verified	高

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1040	CWE-294	Authentication Bypass by Capture-replay	predictive	高
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	高
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/adv_resource	predictive	高
2	File	/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp	predictive	高
3	File	/userRpm/AccessCtrlAccessRulesRpm	predictive	高
4	File	/userRpm/NetworkCfgRpm	predictive	高
5	File	/xxxxxxx/xxxxxxxxxxxxxxx	predictive	高
6	File	/xxxxxx/xx/xxxxxxxxxxx.xxx	predictive	高
7	File	xxxxx/xxxxxxxxxx.xxx	predictive	高
8	File	xxxxxxxx.xxx	predictive	中
9	File	xxxxxxxxxx/xxxxxxx.xxxx	predictive	高
10	File	xxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxx	predictive	高
11	File	xxxxxx.xxx	predictive	中
12	File	xxxxxxx.xxx	predictive	中
13	File	xxx.xxx~xxxxxxxxxxxxxx!xxx/xxxxxxxxx	predictive	高
14	File	xxx.xxx~xx~xxxx~xxx~xxxxxxx~xxxxxxxx~xxx/xxxxxxxxxxx	predictive	高
15	File	xxx_xxxxxxxx.x	predictive	高
16	File	xxx_xxxxxxx.x	predictive	高
17	File	xxx_xxxxx.x	predictive	中
18	File	xxxxx/xxxxxxxx.x	predictive	高
19	File	xxxxx/xxxxxx.x	predictive	高
20	File	xxxxx/xxxxxxxx.x	predictive	高
21	Argument	xxx_xxxxxxxxxxx	predictive	高
22	Argument	xxx	predictive	低
23	Argument	xxxxx	predictive	低
24	Argument	xxxx	predictive	低
25	Argument	xxxxxxxxxxx	predictive	中
26	Argument	xxxxxxxxxxxx	predictive	中
27	Argument	xxxx_xxxxxxxx	predictive	高
28	Argument	xxxx_xx	predictive	低
29	Input Value	<xxxxxx>xxxxx(x)</xxxxxx>	predictive	高
30	Network Port	xxx/xxxx	predictive	中

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!