SpeakUp 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

タイムライン

言語

en102
pl4
zh2
fr2

国・地域

us26
cn8
pl4
br2
fr2

アクター

SpeakUp3
Cobalt Strike2
Agrius1
Bashlite1
Mirai1

アクティビティ

関心

タイムライン

タイプ

Not Defined44
Smartphone Operating System8
WordPress Plugin6
Bug Tracking Software6
Image Processing Software4

ベンダー

Not Defined40
Reolink4
Atlassian4
Microsoft4
HP4

製品

Reolink RLC-410W4
Atlassian JIRA4
Backdoor.Win32.Psychward.b2
ImageMagick2
Camunda Modeler2

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00171CVE-2020-11953
3SmarterTools SmarterMail Email Stored クロスサイトスクリプティング5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00084CVE-2019-7211
4Backdoor.Win32.Psychward.b Service Port 8888 弱い認証7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.040.00000
5Echelon SmartServer 1/SmartServer 2/i.LON 100/i.LON 600 弱い認証8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00205CVE-2018-8859
6Cybozu Garoon 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00082CVE-2022-27661
7GitLab Community Edition/Enterprise Edition Rrunner Jobs API 特権昇格4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00081CVE-2022-2227
8Barco TransForm N Control Room Management Suite Web Application クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00078CVE-2022-26974
9BigBlueButton Chat Message 情報の漏洩5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00069CVE-2022-29232
10wolfSSL BASE64 PEM File Decoding 情報の漏洩2.22.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00063CVE-2021-24116
11Google Go IP Address net.ParseCIDR 特権昇格7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00208CVE-2021-29923
12Camunda Modeler IPC Message writeFile 特権昇格7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.030.00871CVE-2021-28154
13cocoapods-downloader 特権昇格6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00131CVE-2022-21223
14Deno 特権昇格8.68.5$0-$5k計算中Not DefinedOfficial Fix0.000.00197CVE-2022-24783
15Rockwell Automation ISaGRAF Runtime 特権昇格5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00045CVE-2020-25184
16Cost Calculator Plugin Cost Calculator Post's Layout ディレクトリトラバーサル5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00065CVE-2021-24820
17Zabbix SAML 弱い認証8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.020.97186CVE-2022-23131
18Shared Groovy Libraries Plugin 特権昇格5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00104CVE-2022-25183
19Sangoma Corporation Switchvox 特権昇格4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00109CVE-2021-45310
20Samsung Smartphone Edge Panel 情報の漏洩2.72.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00047CVE-2022-24001

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.2.73.127SpeakUp2022年02月12日verified
2X.XXX.XX.XXxxxxxxxx.xxxxxxx.xxxXxxxxxx2022年02月12日verified
3XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxxx2022年02月12日verified
4XXX.XX.XXX.XXXXxxxxxx2022年02月12日verified
5XXX.XX.XXX.XXXxxx.xxxxx.xxXxxxxxx2022年02月12日verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1059CWE-88, CWE-94Argument Injectionpredictive
3T1059.007CWE-79Cross Site Scriptingpredictive
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/kerbynetpredictive
2File/damicms-master/admin.php?s=/Article/doeditpredictive
3File/etc/quaggapredictive
4File/main?cmd=invalid_browserpredictive
5Filebackend/upcean.cpredictive
6Filexxxxxxxxx.xxxpredictive
7Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
9Filexxxx-xxxxxxxx-xxxxxx.xxxpredictive
10Filexxxx/xxxx_xxxxxxxx_xxx/xxx_xxxxpredictive
11Filexxxxxxxxx.xxxpredictive
12Filexx_xxx_xx.xpredictive
13Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictive
14Filexxxxx.xxxpredictive
15Filexxxxxxx.xxxpredictive
16Filexxxxxxx.xxxpredictive
17Filexxxx/xxxxxxxxxxxxxx.xxxxpredictive
18Filexxxxxxx:xxxxxxxxxxxxxxxxpredictive
19Filexx_xxxx/xx/predictive
20Filexxxx.xxxpredictive
21Filexxxxxxxpredictive
22Libraryxxxxxxxxxx.xxxpredictive
23Argumentxxxpredictive
24Argumentxxxxxxxxxxxxxxxpredictive
25Argumentxxxxxxxxxxxxpredictive
26Argumentxxxxxxpredictive
27Argumentxxxxxx_xxxxx_xxxpredictive
28Argumentxxpredictive
29Argumentxxpredictive
30Argumentxxxx xxxxxpredictive
31Argumentxxxxxxxxxxxxxxxxxxxpredictive
32Argumentxxxxxxxpredictive
33Argumentxxxxpredictive
34Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!