Shlayer 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

言語

en	18
fr	2

国・地域

us	16
fr	2
ir	2

アクター

Shlayer	1
Remcos	1

関心

タイプ

Not Defined	14
Web Server	4
Programming Language Software	2

ベンダー

Neato	2
Python Software Foundation	2
Not Defined	2
Thomas R. Pasawicz	2
Plohni	2

製品

Neato Botvac Connected	2
Neato Botvac 85	2
Python Software Foundation BaseHTTPServer	2
lighttpd	2
Thomas R. Pasawicz HyperBook Guestbook	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	4.17
2	lighttpd mod_evhost/mod_simple_vhost ディレクトリトラバーサル	5.3	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.14448	0.00	CVE-2013-2324
3	Samsung DSP Driver ELF Library 特権昇格	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00078	0.02	CVE-2021-25371
4	Seowon Intech SLC-130/SLR-120S system_log.cgi 特権昇格	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.96263	0.00	CVE-2020-17456
5	Cisco Unified Communications Manager Database User Privilege 情報の漏洩	5.8	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00093	0.00	CVE-2022-20791
6	Neato Botvac Connected USB Serial Port 特権昇格	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00109	0.02	CVE-2018-20785
7	Neato Botvac Connected/Botvac 85 Black Box Log rc4_crypt RC4 弱い暗号化	3.4	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00060	0.00	CVE-2018-17177
8	Facebook WhatsApp/WhatsApp Business/WhatsApp Desktop RTCP Flag Parser 情報の漏洩	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00138	0.02	CVE-2021-24043
9	Qualcomm Snapdragon Wired Infrastructure and Networking TrustZone BSP メモリ破損	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2020-11259
10	Qualcomm Snapdragon Wired Infrastructure and Networking TrustZone BSP メモリ破損	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2020-11258
11	Python Software Foundation BaseHTTPServer HTTP Request サービス拒否	7.5	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.02
12	Dell SupportAssist Client 特権昇格	7.1	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00248	0.00	CVE-2019-3719
13	Acunetix Web Vulnerability Scanner サービス拒否	3.7	3.5	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.02
14	Plohni Advanced Comment System Installation index.php 特権昇格	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00997	0.04	CVE-2009-4623
15	OpenSSH Authentication Username 情報の漏洩	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.46	CVE-2016-6210
16	Forescout CounterACT 特権昇格	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00452	0.00	CVE-2012-4985
17	ForeScout CounterACT クロスサイトスクリプティング	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00195	0.00	CVE-2012-1825
18	Apache HTTP Server Limit Directive ap_limit_section メモリ破損	6.4	6.3	$5k-$25k	$0-$5k	High	Official Fix	0.97305	0.03	CVE-2017-9798
19	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	34.225.46.51	ec2-34-225-46-51.compute-1.amazonaws.com	Shlayer		2022年08月28日	verified	中
2	XX.XX.XX.XX		Xxxxxxx		2022年08月28日	verified	高

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CWE-22, CWE-36	Path Traversal	predictive	高
2	T1059	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
6	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	高
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
8	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/bin/rc4_crypt	predictive	高
2	File	/forum/away.php	predictive	高
3	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
4	File	xxxxx.xxx	predictive	中
5	File	xxxxxx_xxx.xxx	predictive	高
6	Argument	xxx_xxxx	predictive	中
7	Argument	xxxxxxxx	predictive	中
8	Argument	xxxxxx	predictive	低
9	Argument	xxxxxxxx	predictive	中
10	Argument	xxxxxxx	predictive	低
11	Argument	xxxxxxxx	predictive	中
12	Input Value	*^xxxxx!x	predictive	中
13	Input Value	../	predictive	低
14	Network Port	xxx xxxxxx xxxx	predictive	高

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!