Vollgar 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (56)

タイムライン

言語

en50
zh6

国・地域

us40
cn14
gb2

アクター

Vollgar4
Cobalt Strike2
PlugX1
Mirai1
LoJax1

アクティビティ

関心

タイムライン

タイプ

Not Defined28
Cloud Software4
Mail Server Software4
WordPress Plugin2
Chip Software2

ベンダー

Not Defined12
Trend Micro6
Apple4
Alt-N4
Mazda2

製品

Trend Micro Apex One6
Alt-N MDaemon4
Mazda Vehicle2
Nissan/Kia/Hyundai Vehicle2
WP-Polls Plugin2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1All in One SEO Best WordPress SEO Plugin Import/Export 特権昇格5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000920.04CVE-2021-24307
2Odoo Database Anonymization Privilege Escalation5.65.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002140.05CVE-2017-10803
3Libbitcoin Explorer Milk Sad 弱い暗号化5.35.3$0-$5k$0-$5kHighNot Defined0.001160.04CVE-2023-39910
4tagDiv Composer Plugin Facebook Login 弱い認証7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003730.01CVE-2022-3477
5Trend Micro Apex One 情報の漏洩7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44649
6Sophos Mobile Managed On-Premises XML 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.412830.00CVE-2022-3980
7iPXE TLS tls.c tls_new_ciphertext 情報の漏洩3.23.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.09CVE-2022-4087
8Dolibarr SQLインジェクション7.87.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001370.03CVE-2022-4093
9nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.50CVE-2020-12440
10Insyde Kernel UEFI Variable メモリ破損7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2022-35897
11Trend Micro Apex One Change Prevention Service メモリ破損7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44650
12Atlassian Bitbucket Server and Data Center Environment Variable 特権昇格7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.610940.02CVE-2022-43781
13Trend Micro Apex One Security Agent 競合状態7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44651
14LG SmartShare 特権昇格7.07.0$5k-$25k$5k-$25kNot DefinedNot Defined0.000540.04CVE-2022-45422
15WP-Polls Plugin HTTP Header 特権昇格6.36.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000600.04CVE-2022-1581
16Apple watchOS ImageIO 情報の漏洩5.45.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007540.03CVE-2016-3619
17D-Link G integrated Access Device4 Web Interface login.asp 特権昇格5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001240.02CVE-2022-36785
18Trend Micro Apex One 特権昇格8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44652
19Trend Micro Apex One Security Agent ディレクトリトラバーサル8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.00CVE-2022-44653
20Apple tvOS ImageIO 情報の漏洩5.45.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007540.00CVE-2016-3619

IOC - Indicator of Compromise (21)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
11.23.82.72Vollgar2020年04月02日verified
22.2.82.64Vollgar2020年04月02日verified
32.12.51.56arennes-655-1-148-56.w2-12.abo.wanadoo.frVollgar2020年04月02日verified
43.95.29.25ec2-3-95-29-25.compute-1.amazonaws.comVollgar2020年04月02日verified
54.96.46.65Vollgar2020年04月02日verified
6XX.X.XX.XXxxxxxx2020年04月02日verified
7XX.XX.XX.XXXxxxxxx2020年04月02日verified
8XX.XXX.XXX.XXXXxxxxxx2022年02月13日verified
9XX.XXX.XXX.XXXXxxxxxx2022年02月13日verified
10XX.XX.XX.XXxxxxxx2020年04月02日verified
11XXX.XX.XXX.XXXxxxxxx2022年02月13日verified
12XXX.XXX.XX.Xxxxxxx.xxxxxxxx.xxxXxxxxxx2022年02月13日verified
13XXX.XXX.XX.XXXxxxxxx2022年02月13日verified
14XXX.XXX.XX.XXXXxxxxxx2022年02月13日verified
15XXX.XXX.XX.XXXXxxxxxx2022年02月13日verified
16XXX.XX.XXX.XXxxxxxx2022年02月13日verified
17XXX.XXX.X.XXXXxxxxxx2022年02月13日verified
18XXX.XXX.XX.XXXXxxxxxx2022年02月13日verified
19XXX.XX.XX.XXXXxxxxxx2022年02月13日verified
20XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx2022年02月13日verified
21XXX.XXX.XXX.XXXXxxxxxx2020年04月02日verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3T1059.007CWE-79Cross Site Scriptingpredictive
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCWE-XXXxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
12TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/rest/api/2/user/pickerpredictive
2File/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.phppredictive
3Fileafr.phppredictive
4Filedata/gbconfiguration.datpredictive
5Filexxxx.xxxpredictive
6Filexxx/xxxxxx.xxxpredictive
7Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictive
8Filexxx/xxx.xpredictive
9Filexxxxx.xxxpredictive
10Filexxx.xxxpredictive
11Filexxx/xxx/xxx.xpredictive
12Filexxxxxx.xxxpredictive
13Libraryxxx/xx.xxxpredictive
14Libraryxxxxxxx/xxxxxxx/xxxxxx/xxx/xxxxx.xxxxxxx.xxxpredictive
15Argumentxxxxxxxxpredictive
16Argumentxxxxxpredictive
17Argumentxxxxxpredictive
18Argumentxxpredictive
19Argumentxxx_xxxpredictive
20Argumentxxxxpredictive
21Argumentxxxxxx_xxxxpredictive
22Argumentxxxxpredictive
23Argumentxxxpredictive
24Argumentxxxpredictive
25Argumentxxxxxxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!