セクター Chemical

Timeframe: -28 days

Default Categories (89): Access Management Software, Accounting Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Atlassian Confluence Plugin, Atlassian Jira App Software, Automation Software, Backup Software, Big Data Software, Billing Software, Bug Tracking Software, Business Process Management Software, Calendar Software, Chat Software, Chip Software, Cloud Software, Communications System, Connectivity Software, Continuous Integration Software, Customer Relationship Management System, Data Loss Prevention Software, Database Administration Software, Database Software, Directory Service Software, Document Management Software, Document Processing Software, Document Reader Software, Domain Name Software, Endpoint Management Software, Enterprise Resource Planning Software, File Compression Software, File Transfer Software, Firewall Software, Firmware Software, Groupware Software, Hardware Driver Software, Health Information Software, Human Capital Management Software, Image Processing Software, Information Management Software, IP Phone Software, Knowledge Base Software, Log Management Software, Mail Client Software, Mail Server Software, Medical Device Software, Middleware, Multimedia Player Software, Network Attached Storage Software, Network Authentication Software, Network Encryption Software, Network Management Software, Network Routing Software, Network Utility Software, Office Suite Software, Operating System, Policy Management Software, Presentation Software, Printing Software, Product Lifecycle Management Software, Programming Language Software, Project Management Software, Remote Access Software, Reporting Software, Risk Management System, Router Operating System, SCADA Software, Security Testing Software, Server Management Software, Service Management Software, Software Library, Software Management Software, Solution Stack Software, Spreadsheet Software, SSH Server Software, Supplier Relationship Management Software, Supply Chain Management Software, Testing Software, Ticket Tracking Software, Unified Communication Software, Video Surveillance Software, Virtualization Software, Warehouse Management System Software, Web Browser, Web Server, Windowing System Software, Wireless LAN Software, Word Processing Software

タイムライン

ベンダー

製品

Linux Kernel350
Apple macOS42
Microsoft Windows36
Google Chrome34
Mozilla Firefox22

修復

Official Fix698
Temporary Fix0
Workaround4
Unavailable0
Not Defined92

悪用可能性

High6
Functional0
Proof-of-Concept18
Unproven32
Not Defined738

アクセスベクター

Not Defined0
Physical4
Local90
Adjacent396
Network304

認証

Not Defined0
High24
Low542
None228

ユーザー操作

Not Defined0
Required170
None624

C3BM Index

CVSSv3 Base

≤10
≤22
≤322
≤496
≤5148
≤6226
≤7100
≤8166
≤928
≤106

CVSSv3 Temp

≤10
≤22
≤328
≤492
≤5154
≤6266
≤780
≤8156
≤910
≤106

VulDB

≤10
≤22
≤334
≤4100
≤5162
≤6212
≤7104
≤8150
≤924
≤106

NVD

≤1744
≤20
≤30
≤40
≤52
≤612
≤74
≤88
≤920
≤104

CNA

≤1600
≤22
≤30
≤44
≤524
≤630
≤740
≤862
≤926
≤106

ベンダー

≤1750
≤20
≤30
≤40
≤54
≤64
≤78
≤824
≤94
≤100

0dayエクスプロイト

<1k38
<2k168
<5k38
<10k310
<25k166
<50k56
<100k16
≥100k2

本日のエクスプロイト

<1k296
<2k218
<5k146
<10k66
<25k62
<50k6
<100k0
≥100k0

闇ツールの市場規模

IOB - Indicator of Behavior (1000)

タイムライン

言語

en882
ja54
zh26
de16
es6

国・地域

cn684
jp94
us52
de18
ru8

アクター

アクティビティ

関心

タイムライン

タイプ

ベンダー

製品

Linux Kernel268
Google Chrome42
Apple macOS34
Microsoft Windows28
Mozilla Firefox18

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Microsoft Windows Wi-Fi Driver 特権昇格8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000520.80CVE-2024-30078
2Parsec Automation TrackSYS pagedefinition 特権昇格5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.55CVE-2024-6188
3ESET NOD32 Antivirus 特権昇格7.67.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.45CVE-2024-2003
4SolarWinds Serv-U ディレクトリトラバーサル6.96.9$0-$5k$0-$5kHighNot Defined0.343430.40CVE-2024-28995
5deepjavalibrary djl ディレクトリトラバーサル9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.35CVE-2024-37902
6itsourcecode Document Management System edithis.php SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.30CVE-2024-6014
7Microsoft Edge 未知の脆弱性4.34.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000460.35CVE-2024-38093
8GNU Emacs ol.el org-link-expand-abbrev 特権昇格6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.40+CVE-2024-39331
9Fortinet FortiOS Command メモリ破損7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.40CVE-2024-23110
10ASUS ZenWiFi XT8 弱い認証9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000910.21CVE-2024-3080
11Nextcloud Server 2FA 弱い認証7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.30CVE-2024-37313
12Microsoft Windows Message Queuing メモリ破損9.88.5$25k-$100k$25k-$100kUnprovenOfficial Fix0.003490.21CVE-2024-30080
13itsourcecode Event Calendar process.php regDelete SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.21CVE-2024-6009
14VMware Spring Cloud Skipper Upload Package Request 特権昇格8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.05CVE-2024-22263
15VMware vCenter Server/Cloud Foundation sudo 弱い認証8.17.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.20CVE-2024-37081
16PHP PKCS1 Padding openssl_private_decrypt Marvin Attack 情報の漏洩4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000640.16CVE-2024-2408
17Tessi Docubase Document Management クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.07CVE-2024-37672
18Linux Kernel ntfs3 サービス拒否5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.06CVE-2024-38625
19Linux Kernel sch_multiq multiq_tune メモリ破損8.07.6$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000450.15CVE-2024-36978
20Linux Kernel soundwire メモリ破損8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.16CVE-2024-38635

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP rangeアクタータイプ信頼度
15.228.72.0/24TrickBot (with pwgrab)predictive
223.154.177.0/24B1txor20predictive
3XX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictive
4XX.XXX.XXX.X/XXXxxxxpredictive
5XX.XX.XX.X/XXXxxxxxxxxpredictive
6XX.XX.XXX.X/XXXxxxxxxxpredictive
7XXX.XXX.XXX.X/XXXxxxxxxxpredictive
8XXX.XXX.X.X/XXXxxxxxxxxpredictive
9XXX.XXX.X.X/XXXxxxxx Xxxxxxpredictive
10XXX.XXX.XXX.X/XXXxxxxx Xxxxxxpredictive
11XXX.XX.XX.X/XXXxxxxxxxpredictive
12XXX.XX.XXX.X/XXXxxxxx Xxxxxxpredictive
13XXX.XXX.XXX.X/XXXxxxxxxx Xxxxxxpredictive
14XXX.XXX.XX.X/XXXxxxxxxxpredictive
15XXX.XX.XX.X/XXXxxxxpredictive
16XXX.XXX.XX.X/XXXxxxxxpredictive
17XXX.XXX.X.X/XXXxxxxpredictive

TTP - Tactics, Techniques, Procedures (26)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-29, CWE-425Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument Injectionpredictive
5T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
6T1068CAPEC-104CWE-250, CWE-264, CWE-266, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
9TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
10TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCAPEC-55CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
17TXXXX.XXXCAPEC-220CWE-XXXXxxxxxxxx Xxxxxxxxxpredictive
18TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictive
19TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
20TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
21TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
22TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
23TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
24TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
25TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
26TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (109)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/api/v1/getbodyfilepredictive
2File/asn1/ber_encoder.cpredictive
3File/etc/passwdpredictive
4File/login/backup_codepredictive
5File/phpmybackuppro/backup.phppredictive
6File/phpmybackuppro/get_file.phppredictive
7File/phpmybackuppro/scheduled.phppredictive
8File/proc/net/ptypepredictive
9File/proc/net/sunrpc/nfspredictive
10File/proc/sys/kernel/hung_task_timeout_secspredictive
11File/proc/vmallocinfopredictive
12File/proxypredictive
13File/sys/kernel/config/nullb/nullb0predictive
14File/xxx/xxxxxx/xxxxxxxpredictive
15File/xx/xxxxxx/xxxxxxxxxxxxxxpredictive
16Filexxxx/xxx/xxx/xxx/xxx.xpredictive
17Filexxxx/xxx/xxx/xxx.xpredictive
18Filexxxxxxx_xxxx_xxxxxxx_xxxxxx_xxx.xpredictive
19Filexxxxx/xxx-xxxxxx.xpredictive
20Filexxxxxxx.xpredictive
21Filexxxxx.xxxxpredictive
22Filexxxxxxx/xxxx/xxxx/xxxxx.xpredictive
23Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxxxx/xx/xxx_xxx.xpredictive
24Filexxxxxxx/xxx/xxxxxx/xxxxxx_xxxx.xpredictive
25Filexxxxxxx/xxxx/xxxxxx/xxxxxx_xxx.xpredictive
26Filexxxxxxx/xxx/xxxxxx/xxxxxx_xxxx.xpredictive
27Filexxxxxxx/xxx/xxxx/xxx.xpredictive
28Filexxxxxxx.xxxpredictive
29Filexxxx_xxxxxx.xpredictive
30Filexxxxx_xxxx.xxpredictive
31Filexx/xxxx/xxx.xpredictive
32Filexx/xxxxx/xxxxx.xpredictive
33Filexxxxxx/xxxxxx/xxxxxxxx/xxxx.xxxpredictive
34Filexxxxxxx/xxxxx/xxxxxxx.xpredictive
35Filexxxxx.xxxpredictive
36Filexxxxx.xpredictive
37Filexx/xxxxxxxxxpredictive
38Filexxxxxx/xxx/xxx_xxxxxxxxx.xpredictive
39Filexxxxxx/xxx/xxxxxx.xpredictive
40Filexxxxxx/xxxxxxx/xxxxx.xpredictive
41Filexxxxxx/xxxxx/xxxx_xxxxxx.xpredictive
42Filexxxx/xx.xxpredictive
43Filexx/xxxxxxx.xpredictive
44Filexxx/xxxx/xxx.xpredictive
45Filexxx/xxxx/xxxx.xpredictive
46Filexxx/xxxxxxx/xxxx.xpredictive
47Filexxx/xxxx/xx_xxxx.xpredictive
48Filexxx/xxxxx/xxxxxxxx.xpredictive
49Filexxx/xxxxxxxxx/xxxxxxxxx_xxxxx.xpredictive
50Filexxx/xxx/xxx_xxxx.xpredictive
51Filexxxxx/predictive
52Filexxxx/xxxxx/xxxxx.xxxpredictive
53Filexxxx.xpredictive
54Filexxxxxxx.xxxpredictive
55Filexxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxxx/xxxxxxx.xxxpredictive
56Filexxxxxxxxx.xpredictive
57Filexxx.xpredictive
58Library/xxxx/xxx/xxxxxxx/xxx/xxxxxxxx.xpredictive
59Library/xxxxxxx/xxxxx/xxxx.xpredictive
60Libraryxxxxxxx/xxxxx/xxxxxxx-xxxxxx.xpredictive
61Libraryxxxxxxx/xxxxx/xxxxxx.xpredictive
62Libraryxxxxxxx/xxxxx/xxxx.xpredictive
63Libraryxxxxxxx/xxxxx/xxxxxx.xpredictive
64Libraryxxx/xxxx_xxxxxx.xpredictive
65Libraryxxx/xxxxxxxxxxxx.xpredictive
66Libraryxxx/xxxx_xxxxx.xpredictive
67Libraryxxx/xxx.xpredictive
68Libraryxxx/xxx_xxxx.xpredictive
69Libraryxxx/xxxxxxxx.xpredictive
70Libraryxxx/xxxx_xxx.xpredictive
71Libraryxxxxxx.xxxpredictive
72Libraryxxx/xxxxxx/xx_xxxxxxx.xpredictive
73Argumentxxxxxxxpredictive
74Argumentxxxxxxxx/xxpredictive
75Argumentxxxpredictive
76Argumentxxxxxpredictive
77Argumentxxxxxxpredictive
78Argumentxxxx_xxxxxx_xxxxxxxxxpredictive
79Argumentx_x/x_x/xxxxxpredictive
80Argumentxxxx[]predictive
81Argumentxxxxxpredictive
82Argumentxxxxxx xxxxpredictive
83Argumentxxxxxxxxpredictive
84Argumentxx_xxxxxxx_xxxpredictive
85Argumentxxxxx/xxxxxpredictive
86Argumentxxxxpredictive
87Argumentxxpredictive
88Argumentxxpredictive
89Argumentxxxxxxxxxxpredictive
90Argumentxx_xxxxxxx/xx_xxxxxxpredictive
91Argumentxxxxxxpredictive
92Argumentxxxxxxxpredictive
93Argumentxxxxxpredictive
94Argumentxxxxpredictive
95Argumentxxxxx[]predictive
96Argumentxxxxxxxxpredictive
97Argumentxxxpredictive
98Argumentxxxx.xxxxxxx_xxxpredictive
99Argumentxxxxxxxxpredictive
100Argumentxxxxxxxxxxxxxxpredictive
101Argumentxxxxxxxpredictive
102Argumentxxxpredictive
103Argumentxxxpredictive
104Argumentxxxxxxpredictive
105Argumentxxxxxxxxpredictive
106Argumentxxxxxxxxxxxxpredictive
107Argumentxxxxpredictive
108Argumentx-xxxxx-xxxxxxxpredictive
109Argument_xxxxxxxx_xxxxpredictive

Do you know our Splunk app?

Download it now for free!