UNC2465 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (38)

言語

en	38

国・地域

us	38

アクター

ElectrumDosMiner	1
SocGholish	1

関心

タイプ

Not Defined	4
Operating System	2
Content Management System	2

ベンダー

Esoftpro	2
Apple	2
Not Defined	2
WoltLab	2

製品

Esoftpro Online Guestbook Pro	2
Apple Mac OS X Server	2
DHIS tools	2
WoltLab Burning Book	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	2.18	0.00943	CVE-2010-0966
3	WoltLab Burning Book addentry.php SQLインジェクション	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.02	0.00804	CVE-2006-5509
4	Apple M1 Register s3_5_c15_c10_1 M1RACLES 特権昇格	8.8	8.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.03	0.00000	CVE-2021-30747
5	DHIS tools register-q.sh 特権昇格	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00000
6	Esoftpro Online Guestbook Pro ogp_show.php SQLインジェクション	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.17	0.00108	CVE-2009-4935
7	Apple Mac OS X Server 特権昇格	6.5	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2010-1821

キャンペーン (1)

These are the campaigns that can be associated with the actor:

Darkside

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	81.91.177.54	free.example.com	UNC2465	Darkside	2021年06月22日	verified	高
2	XXX.XX.XXX.XXX	xxxxxxxxx.xxxxx.xxx.xx	Xxxxxxx	Xxxxxxxx	2021年06月22日	verified	高
3	XXX.XXX.XX.XXX	xxxx.xxxxxxx.xxx	Xxxxxxx	Xxxxxxxx	2021年06月22日	verified	高

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059	CWE-94	Argument Injection	predictive	高
2	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	addentry.php	predictive	中
2	File	data/gbconfiguration.dat	predictive	高
3	File	xxx/xxxxxx.xxx	predictive	高
4	File	xxx_xxxx.xxx	predictive	中
5	File	xxxxxxxx-x.xx	predictive	高
6	Argument	xxxxxxxx	predictive	中
7	Argument	xxxxxxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!