TA406 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (59)

タイムライン

言語

en48
es4
de4
ja2
ru2

国・地域

us36
gb8
es2
ru2
de2

アクター

TA4064
BumbleBee3
Cobalt Strike3
RedLine Stealer2
Meterpreter2

アクティビティ

関心

タイムライン

タイプ

Not Defined20
Operating System4
Office Suite Software4
E-Commerce Management Software2
Smartphone Operating System2

ベンダー

Not Defined12
Microsoft6
Ecommerce Online2
Google2
Apache2

製品

Microsoft Windows4
Ecommerce Online Store Kit2
Google Android2
Apache Xerces Java2
OpenBB2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.006620.00CVE-2022-37958
2Secomea GateManager 特権昇格5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.04CVE-2022-25782
3Microsoft Windows Mark of the Web 未知の脆弱性5.44.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.003430.00CVE-2022-41091
4Synacor Zimbra Collaboration Suite sudo Configuration zmslapd 特権昇格8.38.3$0-$5k$0-$5kHighOfficial Fix0.001140.04CVE-2022-37393
5vsftpd Service Port 6200 特権昇格8.58.4$25k-$100k$25k-$100kNot DefinedWorkaround0.842150.24CVE-2011-2523
6Genivia gSOAP WS-Addressing Plugin メモリ破損8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.037860.02CVE-2020-13576
7Citrix ADC/Gateway クロスサイトスクリプティング4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.072180.01CVE-2023-24488
8sitepress-multilingual-cms Plugin class-wp-installer.php 未知の脆弱性6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005790.04CVE-2020-10568
9Kingsoft WPS Office Registry wpsupdater.exe 特権昇格5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.009240.02CVE-2022-24934
10Microsoft Windows Scripting Language 競合状態7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.004160.00CVE-2022-41118
11php-fusion downloads.php クロスサイトスクリプティング5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001590.00CVE-2020-12708
12Gallarific PHP Photo Gallery script gallery.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001120.04CVE-2011-0519
13Gallery My Photo Gallery image.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
14Host Web Server phpinfo.php phpinfo 情報の漏洩5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000000.04
15ESMI PayPal Storefront products1h.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.054680.00CVE-2005-0936
16Ecommerce Online Store Kit shop.php SQLインジェクション9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
17Simple Real Estate Portal System SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001720.00CVE-2022-28410
18Microsoft Office Remote Code Execution5.85.3$5k-$25k$0-$5kUnprovenOfficial Fix0.002200.00CVE-2022-29107
19automad Dashboard クロスサイトスクリプティング3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000540.09CVE-2022-1536
20Encode httpx 特権昇格5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.00CVE-2021-41945

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1108.62.12.11TA4062021年11月21日verified
2XXX.XXX.XXX.XXXXxxxx2021年11月21日verified
3XXX.XXX.XXX.Xxxxxxx-xx.xxxxxxxxxxx.xxxXxxxx2021年11月21日verified
4XXX.XXX.XX.XXXXxxxx2021年11月21日verified
5XXX.XXX.XXX.XXXXxxxx2021年11月21日verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1CAPEC-10CWE-20, CWE-119, CWE-120, CWE-125, CWE-189, CWE-190, CWE-287, CWE-352, CWE-362, CWE-400, CWE-404, CWE-835, CWE-862, CWE-863Unknown Vulnerabilitypredictive
2T1006CAPEC-126CWE-22Path Traversalpredictive
3TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx Xxxxxxxxxpredictive
4TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
9TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/admin_manage/deletepredictive
2File/my_photo_gallery/image.phppredictive
3File/reps/classes/Users.php?f=delete_agentpredictive
4File/s/predictive
5Filexxxxxxxxx.xxxpredictive
6Filexx.xxxpredictive
7Filexxxxxxxxx/xxxxxxxxx.xxxpredictive
8Filexxxxxxx/xxx/xxxxxxxx/xx.xpredictive
9Filexxxxxxx.xxxpredictive
10Filexxx/xxxxxx.xxxpredictive
11Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
12Filexxxxxxx.xxxpredictive
13Filexxxxxxxxxx.xxxpredictive
14Filexxxx.xxxpredictive
15Filexxxx.xxxpredictive
16Filexxxxxxxxxx.xxxpredictive
17Filexxxxxxxpredictive
18Argumentxxxxxxxxpredictive
19Argumentxxx_xxpredictive
20Argumentxxxxx.xxx/xxxxx.xxxxxxpredictive
21Argumentxxpredictive
22Argumentxxxxxpredictive
23Argumentxxxxxxpredictive
24Argumentxxxpredictive
25Argumentxxxxxpredictive
26Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictive
27Input Valuexxxx</xxxxx><xxxxxx>xxxxx("xxxx")</xxxxxx><xxxxx>predictive
28Network Portxxx/xxxxpredictive
29Network Portxxx/xxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!