Squirrelwaffle 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (316)

タイムライン

言語

en270
es38
pt2
de2
fr2

国・地域

us206
es54
br24
mx8
ru6

アクター

Qakbot6
Squirrelwaffle4
QBot2
Mirai1
Meterpreter1

アクティビティ

関心

タイムライン

タイプ

Not Defined104
Web Server26
Operating System24
Content Management System18
Router Operating System8

ベンダー

Not Defined80
Microsoft30
Apache20
Apple10
Oracle6

製品

Microsoft Windows16
Apache HTTP Server14
Microsoft Office6
Apple iOS6
phpMyAdmin4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2OpenSSH Authentication Username 情報の漏洩5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.28CVE-2016-6210
3Microsoft Windows IGMP Header 特権昇格7.56.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.004250.00CVE-1999-0918
4Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
5Microsoft Office Excel メモリ破損7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.094670.02CVE-2018-8574
6nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.59CVE-2020-12440
7Apple macOS Kernel Coldtro メモリ破損7.87.6$5k-$25k$0-$5kHighOfficial Fix0.001490.00CVE-2022-32894
8Dahua DHI-HCVR7216A-S3 DVR Protocol 弱い暗号化6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001590.00CVE-2017-6432
9Joomla CMS User Registration 特権昇格7.77.5$5k-$25k$0-$5kHighOfficial Fix0.914240.07CVE-2016-8870
10Moment.js ディレクトリトラバーサル6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.28CVE-2022-24785
11ASRock RGB Driver AsrDrv103.sys 未知の脆弱性5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2020-15368
12IBM AIX 特権昇格7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.02CVE-2017-1692
13SourceCodester Library Management System index.php SQLインジェクション7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001140.07CVE-2022-2492
14Apache HTTP Server mod_reqtimeout サービス拒否5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.05CVE-2007-6750
15Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k 以上$5k-$25kUnprovenOfficial Fix0.001210.00CVE-2022-21857
16Discourse Messaging Bus ディレクトリトラバーサル3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.00CVE-2021-43840
17Microsoft Windows MS-EFSRPC EfsRpcOpenFileRaw PetitPotam 特権昇格7.36.7$25k-$100k$0-$5kProof-of-ConceptWorkaround0.000000.03
18WordPress class-wp-object-cache.php stats クロスサイトスクリプティング4.94.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.008770.05CVE-2020-11029
19DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.53CVE-2010-0966
20Grandstream GXP16xx VoIP SSH Configuration Interface 特権昇格9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002700.03CVE-2018-17565

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • ProxyShell/ProxyLogon

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
123.111.163.24223-111-163-242.static.hvvc.usSquirrelwaffleProxyShell/ProxyLogon2022年02月22日verified
224.55.112.61dynamic.libertypr.netSquirrelwaffle2022年06月12日verified
324.229.150.5424.229.150.54.cmts-static.sm.ptd.netSquirrelwaffleProxyShell/ProxyLogon2022年02月22日verified
445.46.53.140cpe-45-46-53-140.maine.res.rr.comSquirrelwaffle2022年06月12日verified
547.22.148.6ool-2f169406.static.optonline.netSquirrelwaffle2022年06月12日verified
6XX.XX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxxxxx2022年06月12日verified
7XX.XXX.XXX.XXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxxxxx2022年06月12日verified
8XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx2022年02月22日verified
9XX.XX.XX.XXxxx-xx-xx-xx-xx.xx.xxx.xx.xxxXxxxxxxxxxxxxx2022年06月12日verified
10XX.XXX.XXX.XXx-xx-xxx-xxx-xx.xxxx.xx.xxxxxxx.xxxXxxxxxxxxxxxxx2022年06月12日verified
11XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxx.xx.xxxXxxxxxxxxxxxxx2022年06月12日verified
12XX.XX.XXX.XXXx-xx-xx-xxx-xxx.xxxx.xx.xxxxxxx.xxxXxxxxxxxxxxxxx2022年06月12日verified
13XX.XXX.XXX.XXXxxxxxxxxxxx-xxx-x-xx-xxx.xxx-xxx.xxx.xxxxxxx.xxXxxxxxxxxxxxxx2022年06月12日verified
14XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxxxx.xxxxxx.xxXxxxxxxxxxxxxx2022年06月12日verified
15XX.XX.XX.XXXxxx.xxxxxx-xx-xx.xxxxxxx.xxxxxx.xxXxxxxxxxxxxxxx2022年06月12日verified
16XXX.XXX.XXX.XXXxxxxxxxxxxxxx2022年06月12日verified
17XXX.XXX.XXX.XXxxxxx-xxxx.xxxxxxxxx.xxx.xxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx2022年02月22日verified
18XXX.XXX.XXX.XXxxx.xxxxxx.xxxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx2022年02月22日verified
19XXX.XX.XXX.XXxx.xxx.xx.xxx.xxx.xxx.xxxXxxxxxxxxxxxxx2022年06月12日verified
20XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxx.xxx.xxxXxxxxxxxxxxxxx2022年06月12日verified
21XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxx.xxxxx.xxxXxxxxxxxxxxxxx2022年06月12日verified
22XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxx.xxx.xxXxxxxxxxxxxxxx2022年06月12日verified
23XXX.XXX.XX.XXxxx-xxx-xx-xx.xxx.xxxxxxxx.xxXxxxxxxxxxxxxx2022年06月12日verified
24XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxxxxxxx-xxxxxxxx.xxx.xxXxxxxxxxxxxxxx2022年06月12日verified
25XXX.XXX.XXX.XXXxxxxxxxxxxxxx2022年02月22日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXXCAPEC-0CWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
14TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictive
17TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (134)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.procmailrcpredictive
2File/cgi-bin/ExportALLSettings.shpredictive
3File/cgi-bin/ExportAllSettings.shpredictive
4File/config/getuserpredictive
5File/etc/passwdpredictive
6File/include/chart_generator.phppredictive
7File/index.phppredictive
8File/product_list.phppredictive
9File/qsr_server/device/rebootpredictive
10File/resource/file/api/save?auto=1predictive
11File/snmpGetpredictive
12File/tmppredictive
13File/uncpath/predictive
14File/wp-admin/admin-ajax.phppredictive
15Fileadministrator/components/com_media/helpers/media.phppredictive
16Fileadm_program/modules/dates/dates_function.phppredictive
17Filexxxx/xxxxxxxx.xxxpredictive
18Filexxxxxxxxx/xxxxxxxxxxxxxpredictive
19Filexxxx-xxxx.xpredictive
20Filexxxx.xxxpredictive
21Filexxxxx/xxx.xpredictive
22Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxxxxxxx\xxxxxx.xxxpredictive
23Filexxxxx-xx-xxxxxx-xxxxx.xxxpredictive
24Filexxxxxxx.xxxpredictive
25Filexxxxxxx_xx.xxxpredictive
26Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
27Filexxxx/xxxxxxxxxx/xxxxxxx/xxxxxxx.xxxxpredictive
28Filexxxxxxx.xxxpredictive
29Filexxxxxxx/xxx/xxxxx/xxxxxxxxxxxxpredictive
30Filexxxx.xxxpredictive
31Filexxxxxxxx.xxxpredictive
32Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
33Filexxxxxxx.xxxpredictive
34Filexxxxxxxx/xxxx/xxxx.xxpredictive
35Filexxxx-xxxx.xxpredictive
36Filexxxxxx.xxxpredictive
37Filexxx/xxxxxx.xxxpredictive
38Filexxxxxxx.xxxpredictive
39Filexxxxxxxx/xxxxxxx/xxxxxxxx_xxxx.xxxpredictive
40Filexxxxx.xxxpredictive
41Filexxxxx.xxxpredictive
42Filexxxxxxx.xxxpredictive
43Filexxx.x/xxxxxx.xpredictive
44Filexxxxxxxxx/xxxxxx.xxx.xxxpredictive
45Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictive
46Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictive
47Filexxxxxxx/xxxx_xxx_xxxxx.xxxpredictive
48Filexxxxx.xxxxpredictive
49Filexxx.xxxpredictive
50Filexxxxxxxx_xxxxxx.xxxpredictive
51Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictive
52Filexxxxx_xxxxxx_xxx.xxxpredictive
53Filexxxxx.xxxpredictive
54Filexxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxxpredictive
55Filexxxxxxxxxxxxxxxx.xxpredictive
56Filexxxxxxx.xxxpredictive
57Filexxxxx.xxxxpredictive
58Filexxx-xxxx.xpredictive
59Filexxxxxxxxx.xxxpredictive
60Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
61Filexxxx-xxxxxxxx.xxxpredictive
62Filexxxxx-xx-xxxxxx="xxxxxxxxx"/predictive
63Filexxxx_xxxxxxxx.xxxpredictive
64Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictive
65Filexx/xxxxxx/xxxxxpredictive
66Filexxxxxxxx.xxxpredictive
67Filexxxxxx.xxxpredictive
68Filexxxxxxxxxx.xxxpredictive
69Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxx_xxxxxx_xxxxxxpredictive
70Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
71File\xxxxxxx\xxxxxxxxx\xxxxxxxxxxxxxxxxxxpredictive
72File~/xxxxx.xxxpredictive
73Libraryxx/xxx/xxxx_xxxxxx.xxxpredictive
74Libraryxxxxxxxxx.xxxpredictive
75Libraryxxxxxxxxxxxxx.xxxpredictive
76Libraryxxxxxx.xxxpredictive
77Libraryxxxxxxxx.xxxpredictive
78Libraryxxxxxxxxx.xxxpredictive
79Libraryxxxxxxxxxxxxxxxxx.xxxpredictive
80Argument--xxxxxxxpredictive
81Argument-xpredictive
82Argumentx@xxxxpredictive
83Argumentxxxxxxxx_xxxxpredictive
84Argumentxxxxxpredictive
85Argumentxxxxxxxxpredictive
86Argumentxxxxxxxxxxpredictive
87Argumentxxxpredictive
88Argumentxxx_xxx_xxpredictive
89Argumentxxxxxxxxxxxxxxxpredictive
90Argumentxxxpredictive
91Argumentxxxxpredictive
92Argumentxxxx_xxxxpredictive
93Argumentxxxxxpredictive
94Argumentxxxx_xxxxxxxpredictive
95Argumentxxpredictive
96Argumentxxxxxxxxxxxpredictive
97Argumentxxx_xxxpredictive
98Argumentxxxxxxx_xxxpredictive
99Argumentxxpredictive
100Argumentxxxxpredictive
101Argumentxxxxpredictive
102Argumentxxxxxxxxpredictive
103Argumentxxxxxxxxpredictive
104Argumentxxxx[xxxxxxx]predictive
105Argumentxxxxxxxpredictive
106Argumentxxxxxxpredictive
107Argumentxxxxxpredictive
108Argumentxx_xxxxpredictive
109Argumentxxxxxxxpredictive
110Argumentxxxxx_xxxxxxpredictive
111Argumentxxxxxxxxpredictive
112Argumentxxxxxxxxxxpredictive
113Argumentxxxxxxpredictive
114Argumentxxxx_xxxpredictive
115Argumentxxxxxxpredictive
116Argumentxxxxxxx_xxpredictive
117Argumentxxxxx/xxxxxpredictive
118Argumentxxxpredictive
119Argumentxxxxxxpredictive
120Argumentxxxxxxxxpredictive
121Argumentxxxxxxxx/xxxxpredictive
122Argumentxxxxxxxx:xxxxxxxxpredictive
123Argument_xxx_xxxxxxxxxxx_predictive
124Input Value..%xxpredictive
125Input Valuex</xx><xxxxxx>xxxxx(x)</xxxxxx>predictive
126Input Value::$xxxxx_xxxxxxxxxxpredictive
127Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictive
128Input Valuexxxxxxxxpredictive
129Input Valuexxxxxxxxx:xxxxxxxxpredictive
130Input Valuexxx.xxx[xxxxx]predictive
131Network Portxxxpredictive
132Network Portxxx/xx (xxx)predictive
133Network Portxxx/xxxx (xxx)predictive
134Network Portxxx xxxxxx xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!