ZuoRAT 解析

IOB - Indicator of Behavior (123)

タイムライン

言語

en96
zh26
sv2

国・地域

cn72
us52

アクター

アクティビティ

関心

タイムライン

タイプ

ベンダー

製品

Microsoft Windows8
Joomla CMS8
Oracle Database Server4
Forcepoint Email Security4
Fortinet FortiWeb2

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1QNAP QTS Photo Station 特権昇格8.58.4$0-$5k計算中Not DefinedOfficial Fix0.040.96341CVE-2019-7192
2Deltek Vision RPC over HTTP SQL SQLインジェクション8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00576CVE-2018-18251
3Mail2000 Login portal クロスサイトスクリプティング5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00334CVE-2019-15072
4Zoho ManageEngine ADSelfService Plus 特権昇格8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00562CVE-2020-11518
5Shopro Mall System SQLインジェクション8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00172CVE-2022-35154
6wix-embedded-mysql com.wix.mysql.distribution.Setup.apply 特権昇格7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00128CVE-2023-39021
7Blueriver Sava CMS fileManager.cfc ディレクトリトラバーサル5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.02116CVE-2010-3468
8Mura CMS Draggable Feeds readRSS.cfm XML External Entity6.45.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.01204CVE-2017-15639
9Gibbon 特権昇格6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.090.03342CVE-2023-34598
10Slider Revolution Plugin Image File 特権昇格7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00081CVE-2023-2359
11Essential Grid Plugin 特権昇格6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00000CVE-2023-47771
12Citrix ShareFile StorageZones Controller 特権昇格9.89.6$5k-$25k$5k-$25kNot DefinedOfficial Fix0.040.97362CVE-2023-24489
13HPE ArubaOS AirWave Client Service メモリ破損9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00187CVE-2023-45616
14VMware Workspace ONE UEM Console SAML Response Redirect6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00045CVE-2023-20886
15D-Link D-View coreservice_action_script Remote Code Execution9.89.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00000CVE-2023-44414
16Citrix XenMobile Server 特権昇格5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00248CVE-2022-26151
17y_project RuoYi GenController SQLインジェクション6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00133CVE-2022-4566
18VMware Horizon Server 情報の漏洩5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00046CVE-2023-34038
19Fortinet FortiWeb Authorization Header SQLインジェクション7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00131CVE-2020-29015
20Ignition Automation Ignition JavaSerializationCodec 特権昇格9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00000CVE-2023-39476

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.kdbgrcpredictive
2File/../../conf/template/uhttpd.jsonpredictive
3File/cgi-bin/gopredictive
4File/cgi-bin/portalpredictive
5File/etc/shadowpredictive
6File/etc/sudoerspredictive
7File/xxxxxxxxx//../predictive
8File/xxxxxxx/predictive
9Filexxx-xxx/xxxxxxxxxxxx.xxx/xxxxxxxxxxxxpredictive
10Filexxx/xxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxpredictive
11Filexxxx/xxxxxxxxxxxxx.xxxpredictive
12Filexxxxxxxxxxx.xxxpredictive
13Filexxxxxxxx/xxxxxx/xxxxx.xxxpredictive
14Filexxxxxx/xxxxxxxxxxxxpredictive
15Filexxx/xxxxxx.xxxpredictive
16Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictive
17Filexxxxx.xxxpredictive
18Filexxxxxxxxxxx-xxxx.xxpredictive
19Filexxxxxxx.xxxpredictive
20Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictive
21Filexxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxxpredictive
22Filexxx.xpredictive
23Filexxxx.xx.xxpredictive
24Filexxxxxx.xxxpredictive
25Filexxxxx/xxxx/xxxxxxx.xxxpredictive
26Filexxxxxx/xxxxxxxxxxx/xxxx_xxxxxxx.xxxpredictive
27Filexxxxxxxx.xxxpredictive
28Libraryxxxxxxx.xxxpredictive
29Argumentxxxxxxpredictive
30Argumentxxxx_xxxxxxxpredictive
31Argumentxxxxxxxxpredictive
32Argumentxxx_xxxxxx_xpredictive
33Argumentxxxxxxxxxxxpredictive
34Argumentxxxxxxxxxxpredictive
35Argumentxxxxxxpredictive
36Argumentxxxxxx_xxxxx_xxxpredictive
37Argumentxxpredictive
38Argumentxxxxxx/xxxxxx_xxxxxxpredictive
39Argumentxxxpredictive
40Argumentxxxxxxxxpredictive
41Argumentxxxxxpredictive
42Input Valuexxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxxpredictive
43Input Value\xpredictive
44Network Portxxxxxpredictive
45Network Portxxx/xx (xxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!