TA577 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (168)

タイムライン

言語

en142
fr14
es6
de4
pl2

国・地域

us100
nl22
fr14
co8
tr4

アクター

TA5774
Bumblebee1
Ave Maria1
IcedID1
BitRAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined46
Content Management System16
WordPress Plugin10
Web Server6
Multimedia Player Software4

ベンダー

Not Defined46
Microsoft12
Apache6
Oracle2
Check Point2

製品

Django6
Microsoft IIS6
Oracle WebLogic Server2
Check Point Mobile Access2
Check Point SSL VPN2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1phpPgAds adclick.php 未知の脆弱性5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.45CVE-2005-3791
2PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.18CVE-2015-4134
3OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.000000.49CVE-2014-2230
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.000000.00CVE-2007-1192
5PHPWind goto.php クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.03CVE-2015-4135
6E-topbiz Viral DX 1 adclick.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.000000.04CVE-2008-2867
7Cisco Linksys Router tmUnblock.cgi 特権昇格9.89.2$25k-$100k$0-$5kHighWorkaround0.000000.00
8Boa Terminal 特権昇格5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.07CVE-2009-4496
9Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000000.13CVE-2017-0055
10ActionApps tv_email.php3 特権昇格6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05CVE-2006-2686
11vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000000.09CVE-2018-6200
12vu Mass Mailer Login Page redir.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.07CVE-2007-6138
13Spidersales viewCart.asp SQLインジェクション9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03CVE-2004-0348
14Microsoft IIS File Name Tilde 特権昇格6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.04CVE-2005-4360
15XenForo 特権昇格8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
16Download Monitor Plugin 特権昇格6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.04CVE-2024-3269
17Campcodes Complete Web-Based School Management System all_teacher.php クロスサイトスクリプティング3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.06CVE-2024-4713
18Qamar Sheeraz & Nasir Ahmad Mega Addons for Elementor Plugin 特権昇格5.45.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00CVE-2024-32515
19Microsoft Outlook Remote Code Execution7.46.8$5k-$25k$0-$5kUnprovenOfficial Fix0.000000.04CVE-2024-21378
20NopCommerce Redirect6.26.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.09CVE-2022-26954

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
186.250.12.217lfbn-tou-1-665-217.w86-250.abo.wanadoo.frTA5772023年05月31日verified
292.154.17.149laubervilliers-656-1-150-149.w92-154.abo.wanadoo.frTA5772023年05月31日verified
3XXX.XX.XXX.XXXxxxx2024年02月01日verified
4XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxx.xxx.xx.xxxXxxxx2023年05月31日verified
5XXX.XXX.XXX.XXXxxxx2024年02月01日verified
6XXX.XXX.XX.XXXxxx.xxxxxxxx.xxxXxxxx2024年02月01日verified
7XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxx.xxx.xxx.xxXxxxx2023年05月31日verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-36Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (91)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/Account/login.phppredictive
2File/adminapi/system/file/openfilepredictive
3File/b2b-supermarket/shopping-cartpredictive
4File/listplace/user/ticket/createpredictive
5File/modules/profile/index.phppredictive
6File/nova/bin/dot1xpredictive
7File/services/config/config.xmlpredictive
8File/signup.phppredictive
9File/uncpath/predictive
10File/view/all_teacher.phppredictive
11File?r=recruit/interview/export&interviews=xpredictive
12Filexxxxxxx.xxxpredictive
13Filexxxxx.xxxpredictive
14Filexxxxx/xxxxxx_xxxxxx_xxxxxxx/xxxxx-xxx-xxxxx.xxxpredictive
15Filexxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxpredictive
16Filexxxxxxx.xxpredictive
17Filexxxxx.xxxpredictive
18Filexxx_xxxxxxxxx.xxxpredictive
19Filexxxxxxxxxxxxxxxxx.xxxxpredictive
20Filexxx-xxx/xxxxxxpredictive
21Filexxxxxx\xxx.xpredictive
22Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
23Filexxxx.xxxpredictive
24Filexxxxxx-xxxxxxxx.xxxpredictive
25Filexxxxxxx/xx/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictive
26Filexxxx.xxxpredictive
27Filexxxxxx.xxxpredictive
28Filexxxxxxxxxxxxx.xxxpredictive
29Filexxxx_xxxx.xpredictive
30Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
31Filexxxxx.xxxxpredictive
32Filexxxxx.xxxpredictive
33Filexxxxx.xxpredictive
34Filexxxxxxxx.xxpredictive
35Filexxxxx.xxxpredictive
36Filexxxxxxxxxx.xxxpredictive
37Filexxxxxxxxxxxx.xxxpredictive
38Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
39Filexxxxxx-xxxxxxx-xxxx.xxxpredictive
40Filexxxxx/xxxxxxxx.xxxpredictive
41Filexxxxxxxxx.xxxpredictive
42Filexx_xxxxx.xxxxpredictive
43Filexx/xxxxxx/xxxxxxx/xxx.xxpredictive
44Filexxxx-xxxxxxxx.xxxpredictive
45Filexxxxxxxx.xxxpredictive
46Filexx-xxxxx/xxxx.xxxpredictive
47Filexx-xxxxxxxxxxx.xxxpredictive
48Filexx-xxxxx-xxxxx-xxxxxxxx.xxxpredictive
49Filexxxx.xxpredictive
50Argument$_xxxxxxpredictive
51Argumentxxxxxxxpredictive
52Argumentxxxpredictive
53Argumentxxxxxxxxpredictive
54Argumentxxxxxpredictive
55Argumentxxxxxxpredictive
56Argumentxxx_xxpredictive
57Argumentxxxpredictive
58Argumentxxxxxxpredictive
59Argumentxxxxxxxpredictive
60Argumentxxxxxxxxxxx_xxx_xxxxpredictive
61Argumentxxxxpredictive
62Argumentxxxxxxxx[xxxxxxx_xx]predictive
63Argumentxxxxx xxxx/xxxx xxxxpredictive
64Argumentxxxx xxxxpredictive
65Argumentxxxxxxx[xx_xxx_xxxx]predictive
66Argumentxxxxxxxxxxpredictive
67Argumentxxxxxpredictive
68Argumentxxxxxxxpredictive
69Argumentxxxxpredictive
70Argumentxxxxxxxxpredictive
71Argumentxxxxxx_xxpredictive
72Argumentxxxxxxxxxpredictive
73Argumentxxxxxxxxpredictive
74Argumentxxxxxpredictive
75Argumentxxxx_xxpredictive
76Argumentxxxxxxxxxxxpredictive
77Argumentxxxpredictive
78Argumentxxxxpredictive
79Argumentxxxxxxpredictive
80Argumentxxxxxxxxpredictive
81Argumentxxxx->xxxxxxxpredictive
82Argumentx-xxxxxxxxx-xxx/xxxxxx-xxpredictive
83Argumentxx-xxxxxx_xxxxpredictive
84Argument_xxxxxxpredictive
85Input Value%xxpredictive
86Input Value.xxxpredictive
87Input Value::$xxxxx_xxxxxxxxxxpredictive
88Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictive
89Network Portxxxx/xxxxxpredictive
90Network Portxxx/xxxxpredictive
91Network Portxxx xxxxxx xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!