Turla 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (764)

タイムライン

言語

en726
de12
ru10
it8
fr6

国・地域

fr586
us152
at12
ru4
ro2

アクター

Turla12
Meterpreter3
SilverFish2
IcedID2
Bumblebee2

アクティビティ

関心

タイムライン

タイプ

Not Defined308
Operating System40
Web Browser36
Content Management System26
WordPress Plugin24

ベンダー

Not Defined212
Microsoft74
Adobe40
Google34
Cisco18

製品

Microsoft Windows36
Google Chrome24
Microsoft Office14
Adobe Acrobat Reader10
Google Android6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Atlassian JIRA Server/Data Center Endpoint custom クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2021-43942
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3Twilio Authy 競合状態4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2020-24655
4Hgiga MailSherlock URL Parameter SQLインジェクション8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.001190.00CVE-2021-22848
5shescape _Shescape_ 特権昇格5.95.6$0-$5k計算中Not DefinedOfficial Fix0.000810.00CVE-2021-21384
6LUCY Security Awareness Software Migration Tool static 特権昇格8.57.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.010190.00CVE-2021-28132
7Google Android platform.h sound_trigger_event_alloc メモリ破損6.56.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000420.00CVE-2021-0464
8Apple iOS/iPadOS WebKit メモリ破損6.36.0$100k 以上$5k-$25kNot DefinedOfficial Fix0.002180.00CVE-2021-1844
9AfterLogic Aurora/WebMail Pro DAV DAVServer.php ディレクトリトラバーサル7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.002900.02CVE-2021-26293
10Mozilla Firefox/Firefox ESR Private Browsing Persistent 情報の漏洩6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.005540.00CVE-2017-7843
11OpenSSH Authentication Username 情報の漏洩5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.36CVE-2016-6210
12jQuery dataType script.js Cross-Domain クロスサイトスクリプティング5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.006600.06CVE-2015-9251
13QEMU pcie_sriov.c register_vfs Privilege Escalation5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.03CVE-2024-26328
14Sony PS4/PS5 exFAT UVFAT_readupcasetable メモリ破損6.86.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000590.05CVE-2022-3349
15Microsoft Outlook サービス拒否5.95.1$5k-$25k$0-$5kUnprovenOfficial Fix0.000670.00CVE-2022-35742
16Securepoint SSL VPN Client Configuration Handling 特権昇格5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2021-35523
17VMware Spring Cloud Gateway Actuator Endpoint 特権昇格9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.974990.02CVE-2022-22947
18Apache Log4j JMSSink 特権昇格6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.006100.05CVE-2022-23302
19Apache Geode Log File 情報の漏洩4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001260.04CVE-2021-34797
20Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055

キャンペーン (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (48)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.255.93.228Turla2020年12月23日verified
245.153.241.162Turla2022年07月29日verified
362.12.39.117TurlaWaterbug2020年12月21日verified
462.68.73.57TurlaWaterbug2020年12月21日verified
562.212.226.118TurlaWaterbug2020年12月21日verified
666.178.107.140TurlaWhitebear2020年12月21日verified
770.32.39.219am-smartsales.comTurla2020年12月21日verified
872.232.222.58HOST.MJSHOSTING.COMTurlaWaterbug2020年12月21日verified
977.232.99.77Turla2020年12月21日verified
1079.110.52.218Turla2022年07月29日verified
11XX.XX.XXX.XXxxxxx.xx-xxxx.xxxXxxxx2020年12月23日verified
12XX.XX.XXX.XXXXxxxxXxxxxxxx2020年12月21日verified
13XX.XXX.XX.XXXXxxxx2021年01月01日verified
14XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxx.xxXxxxx2020年12月23日verified
15XX.XX.XXX.XXXxxxxxx.xx.xx.xxx.xxx.xxxxxxxxx.xxxxxx.xxXxxxxXxxxxxxx2020年12月21日verified
16XX.XXX.XX.XXxx.xx.xxx.xx.xxxxxx-xxxxxxx.xxxXxxxxXxxxxxxx2020年12月21日verified
17XX.XXX.XX.XXxx.xx.xxx.xx.xxxxxx-xxxxxxx.xxxXxxxxXxxxxxxx2020年12月21日verified
18XX.XXX.XXX.XXXXxxxxXxxxxxxx2020年12月21日verified
19XX.XX.XX.XXxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxxxx2022年03月22日verified
20XX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxXxxxx2020年12月23日verified
21XX.XXX.XXX.XXXXxxxxXxxxxxxx2020年12月21日verified
22XX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxxx.xxxXxxxx2020年12月23日verified
23XX.XX.XXX.XXXxxxxx.xxxxxxx.xxXxxxx2020年12月23日verified
24XX.XXX.XXX.XXXXxxxx2020年12月21日verified
25XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxx2022年07月29日verified
26XXX.XX.XX.Xxxxxxx.xxxxxxx.xxxXxxxx2020年12月23日verified
27XXX.XXX.XX.XXxxxxxxx.xxxXxxxxXxxxxxx2022年03月22日verified
28XXX.XXX.XXX.XXXXxxxx2020年12月21日verified
29XXX.XXX.XX.XXXxxxx2020年12月21日verified
30XXX.XX.XXX.XXXXxxxxXxxxxxxx2020年12月21日verified
31XXX.XX.XX.XXXxxxxxxxxx.xxxXxxxx2020年12月23日verified
32XXX.XX.XXX.XXXxxxxXxxxxxxx2020年12月21日verified
33XXX.XXX.X.XXXxxxx2020年12月22日verified
34XXX.XXX.X.XXXxxxx2020年12月22日verified
35XXX.XXX.X.XXXXxxxx2020年12月22日verified
36XXX.XXX.X.XXXXxxxx2020年12月22日verified
37XXX.XXX.X.XXXXxxxx2020年12月22日verified
38XXX.XXX.X.XXXXxxxx2020年12月22日verified
39XXX.XX.XXX.XXxx-xx-xxx-xx.xxx.xxx.xxXxxxxXxxxxxxx2020年12月21日verified
40XXX.XXX.XX.XXXxxxx2020年12月21日verified
41XXX.XXX.XX.XXXxxx-xx.xxxxx.xxxxxxx.xxXxxxxXxxxxxxx2020年12月21日verified
42XXX.XXX.XXX.XXxxxxxx-xx-xxx-xxx-xxx-xx.xxxxxx.xx-xxxx.xxxXxxxx2020年12月21日verified
43XXX.X.XX.XXXxxxxXxxxxxxx2020年12月21日verified
44XXX.X.XX.XXXxxxxXxxxxxxx2020年12月21日verified
45XXX.XX.XX.XXXxxxxxx-xxx.xx.xx.xxx.xx-xxxx.xxxxXxxxx2020年12月21日verified
46XXX.XXX.XXX.XXXXxxxxXxxxxxxx2020年12月21日verified
47XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxx.xxxXxxxx2020年12月23日verified
48XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxxxx.xxxXxxxx2020年12月21日verified

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22, CWE-23, CWE-425Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-88, CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5T1068CWE-250, CWE-264, CWE-269, CWE-274, CWE-284Execution with Unnecessary Privilegespredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
12TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
19TXXXX.XXXCWE-XXXXxxxxxxxpredictive
20TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
21TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
22TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
23TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
24TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (185)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File%APPDATA%\Securepoint SSL VPNpredictive
2File/admin/index2.htmlpredictive
3File/Api/ASFpredictive
4File/etc/shadowpredictive
5File/etc/target/saveconfig.jsonpredictive
6File/execpredictive
7File/form/index.php?module=getjsonpredictive
8File/hcms/admin/index.php/language/ajaxpredictive
9File/jsonrpcpredictive
10File/pms/admin/crimes/manage_crime.phppredictive
11File/product.phppredictive
12File/ram/pckg/advanced-tools/nova/bin/netwatchpredictive
13File/redpass.cgipredictive
14File/registerCpepredictive
15File/rest/collectors/1.0/template/custompredictive
16File/sitecore/shell/Invoke.aspxpredictive
17File/system?action=ServiceAdminpredictive
18File/uncpath/predictive
19File/Uploadspredictive
20File/User/saveUserpredictive
21File/webapps/Bb-sites-user-profile-BBLEARN/profile.formpredictive
22File/wp-admin/customization.phppredictive
23Filex.xxx.xxx\xxxx\xxxxxxxx.xxxpredictive
24Filexxxxxx/xxxxxxxxxxxpredictive
25Filexxxxx.xxxpredictive
26Filexxxxx/xxxxxxxxx.xxxpredictive
27Filexxxxx/xxxxx.xxxpredictive
28Filexxxxx/xxxxxxx/xxx-xxxxxx-xxxxxxxxx/xxxxxxx/xxxxx-xxxxxx-xxxxxxxxx-xxxx.xxxpredictive
29Filexxxxx_xxxxxx.xxxpredictive
30Filexxx_xxxx.xxpredictive
31Filexxxxxxxxxxxx/xxxx-xxx-xxxx/xxxxxx/xxxxx/xxx/xxxx/xxxxxx.xxxpredictive
32Filexxxxx_xxxx.xxxpredictive
33Filexxx.xxxpredictive
34Filex:\xxxxxxxxxxxxx\predictive
35Filex:\xxxxxxxxxxxx\predictive
36Filex:\xxxpredictive
37Filex:\xxxxxxxxxx.xxx\predictive
38Filexxxxxx.xpredictive
39Filexxxxx/predictive
40Filexxx-xxx/xx.xxxpredictive
41Filexxxxx/xxxxxxxx-xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxx.xxxpredictive
42Filexxxxx.xxxpredictive
43Filexxx.xxxpredictive
44Filexxxxx/xxx_xxxxx.xpredictive
45Filexxxxxx/xxx.xpredictive
46Filexxxxxxx.xxxpredictive
47Filexxxx.xxpredictive
48Filexxxxxxxx_xxxx.xxpredictive
49Filexxxxxxxpredictive
50Filexxxxxx/xxx.xxxpredictive
51Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
52Filexxxxxx.xxxpredictive
53Filexxxxxxxxx.xxxpredictive
54Filexxxx/xxxxxxx.xpredictive
55Filexxxxxxxxxxx.xxxpredictive
56Filexxxxxx.xpredictive
57Filexxx.xxxpredictive
58Filexxxxxxxxxxxx.xxxpredictive
59Filexxxxxxxxxxx.xxxpredictive
60Filexxxxxxx/xxxx/xxxxxxx/xxxxxxx_xxx.xpredictive
61Filexxxxxxxxxx.xxxpredictive
62Filexxxxx.xxxpredictive
63Filexxxxxxx.xxxpredictive
64Filexxxxxxxx.xpredictive
65Filexxxxx.xxxpredictive
66Filexxx/xxxx/xxxx.xpredictive
67Filexxx/xxxx/xxxx_xxxxxx.xpredictive
68Filexxxx.xxpredictive
69Filexxxxxxxx.xxxpredictive
70Filexxx.xxxpredictive
71Filexxxx.xxxpredictive
72Filexxxxxxxxx.xxpredictive
73Filexxx-xxxxx.xpredictive
74Filexxxx_xxxx.xpredictive
75Filexx/xxx/xxxx_xxxxx.xpredictive
76Filexxx.xxxpredictive
77Filexxxxxxx/xxxxxxxxx/xxxxxxxxx/xxxxxxxxx/xxx_xxxxxxxxxxxxx.xxxpredictive
78Filexxxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictive
79Filexxxxx.xxpredictive
80Filexxxxx.xxxpredictive
81Filexxxxx_xxxxx.xxxpredictive
82Filexxxx/xxxxpredictive
83Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictive
84Filexxxxxx.xpredictive
85Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
86Filexxxxxxxxxxxxxx.xxxpredictive
87Filexxxxxxxxxxx/xx_xxxxx.xpredictive
88Filexxxxxxxxxxx/xx_xxxxxxxxxx.xpredictive
89Filexxxxxxxxxx/xxx/xxxxxx.xpredictive
90Filexxxxx.xxxxpredictive
91Filexxx_xxxxx_xxxxx.xpredictive
92Filexx_xxxxxx.xpredictive
93Filexxxxxxxxxxx.xxxpredictive
94Filexxxxxxxx.xpredictive
95Filexxxxxxx.xxpredictive
96Filexxxx.xxxpredictive
97Filexxxxxxxx/xxxxxx.xpredictive
98Filexxxxxx/xxxxxx/xxxxxxpredictive
99Filexxxxxxxxxxxxxxxxxxxx.xxxpredictive
100Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
101Filexxxxxxxx_xxxx.xxxpredictive
102Filexxxxxx.xxpredictive
103Filexxxxxx.xxxx.xxxpredictive
104Filexxxx-xxxxxxxx.xxxpredictive
105Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
106Filexxxxxxxxx.xxxpredictive
107Filexxxx-xxxxxxxx.xxxpredictive
108Filexxxx_xxxxx.xpredictive
109Filexxxx.xxxxpredictive
110Filexxxx\xxxxxx_xxxx.xxxpredictive
111Filexxxx.xxxpredictive
112Filexxxxx/xxxxx.xxpredictive
113Filexxxx_xxxxxxx.xxxpredictive
114Filexxx/xxx-xxxxxxx-xxxx.xxxpredictive
115Filexxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictive
116Filexxxxxxx.xxxpredictive
117Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
118Filexx-xxxxx.xxxpredictive
119Filexx-xxxxxxxxx.xxxpredictive
120Libraryxxxxxxxxx.xxxpredictive
121Libraryxx/xxx/xxxxxxx.xxxpredictive
122Libraryxxxxxxxx.xxxpredictive
123Libraryxxxxxxxxxx.xxxpredictive
124Libraryxxxxxx.xxxpredictive
125Libraryxxxxxxxx.xxxpredictive
126Libraryxxxxx.xxxpredictive
127Argumentxxxxxxxxxxpredictive
128Argumentxxxpredictive
129Argumentxxx_xxxpredictive
130Argumentxxxxxxxxxxxpredictive
131Argumentxxxxxxxxpredictive
132Argumentxx_xx_xxxxxxx_xxxxx_xxxxx_xxxxx_xx/xx_xx_xxxxxxx_xxxxx_xxx_xxxx/xx_xx_xxxxxxx_xxxxx_xx_xxx/xxxxxxx_xxxx_xxxx/xx_xx_xxxxxxx_xxxxx_xx_xxxpredictive
133Argumentxxxxxxxxxxpredictive
134Argumentxxxxpredictive
135Argumentxxxpredictive
136Argumentxxxxxxxxxxpredictive
137Argumentxxxxxxxxxxxpredictive
138Argumentxxxpredictive
139Argumentxxxxxxxxpredictive
140Argumentxxxxpredictive
141Argumentxxxxpredictive
142Argumentxxxxxxpredictive
143Argumentxxxxxxxpredictive
144Argumentxxxxxxpredictive
145Argumentxxxxpredictive
146Argumentxxxx_xxxx/xxxxxxx_xxxxxxxxxxxpredictive
147Argumentxxpredictive
148Argumentxx_xxx/xx_xxxpredictive
149Argumentxxxx_xxxxx_xxx_xxxxxxxpredictive
150Argumentxxxxxxxxxpredictive
151Argumentxxxxxxxx_xxxpredictive
152Argumentxxpredictive
153Argumentxxxx xxxxpredictive
154Argumentxxx_xxpredictive
155Argumentxxxxxxxxpredictive
156Argumentxxxxxxxxxxxxpredictive
157Argumentxxx_xxxxxxx_xxxpredictive
158Argumentxxx[xxxx_xx]predictive
159Argumentxxxxxxxxx xxxxxxpredictive
160Argumentxxxxxxx_xxxxpredictive
161Argumentxxxxxxpredictive
162Argumentxxxxxxpredictive
163Argumentxxxxxxxxpredictive
164Argumentxxxxxxxxpredictive
165Argumentxxxxxxxxxxxpredictive
166Argumentxxxxxxpredictive
167Argumentxxxxxxx xxxxpredictive
168Argumentxx_xxxxxxxpredictive
169Argumentxxxxpredictive
170Argumentxxxx_xxxxxpredictive
171Argumentxxxx_xxxxpredictive
172Argumentxxxxx/xxxpredictive
173Argumentxxxxxxx/xxxxxxxxxxxpredictive
174Argumentxxxxxxxxxxxpredictive
175Argumentxx_xxpredictive
176Argumentxxxxxxxx-xxxxxxxxxx-xxxxxpredictive
177Argumentxxxxpredictive
178Argumentxxxxxxxpredictive
179Argumentxxxpredictive
180Argumentxxxxxxxxpredictive
181Argumentxxxx_xxxxxx/xxxxx_xxxxxxpredictive
182Argument_xxxxpredictive
183Argument_xxx_xxxxxxxxxxx_predictive
184Input Valuexxx_xxxxxxxxpredictive
185Network Portxxx/xxxx (xx-xxx)predictive

参考 (12)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!