Emissary 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (8)

タイムライン

言語

zh6
en2

国・地域

cn6

アクター

Emissary2

アクティビティ

関心

タイムライン

タイプ

Access Management Software2
Not Defined2
Content Management System2

ベンダー

NetIQ2
Thomas R. Pasawicz2
Not Defined2

製品

NetIQ Access Manager2
Thomas R. Pasawicz HyperBook Guestbook2
WordPress2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1WordPress WP_Query class-wp-query.php SQLインジェクション8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
2qtranslate-x Plugin 未知の脆弱性5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002020.00CVE-2015-9431
3NetIQ Access Manager iManager Admin Console Credentials 情報の漏洩7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.005680.00CVE-2016-5757
4Microsoft Edge メモリ破損6.05.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.063160.00CVE-2018-8301
5PHP 特権昇格6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.006830.02CVE-2012-0057
6Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Emissary

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1101.55.33.92Lotus BlossomEmissary2020年12月17日verified
2101.55.33.95Lotus BlossomEmissary2020年12月17日verified
3101.55.121.79Lotus BlossomEmissary2020年12月17日verified
4XXX.XXX.XX.XXXXxxxx XxxxxxxXxxxxxxx2020年12月17日verified
5XXX.XXX.XXX.XXXXxxxx XxxxxxxXxxxxxxx2020年12月17日verified
6XXX.X.XXX.XXXXxxxx XxxxxxxXxxxxxxx2020年12月17日verified
7XXX.X.XXX.XXXXxxxx XxxxxxxXxxxxxxx2020年12月17日verified
8XXX.XXX.XXX.Xxxxxxx.xxx.xxxx.xxx.xxXxxxxxxx2020年12月23日verified
9XXX.XXX.XX.XXxxxxxx.xxx.xxx.xxXxxxx XxxxxxxXxxxxxxx2020年12月17日verified
10XXX.XX.XXX.XXXxxxx XxxxxxxXxxxxxxx2020年12月17日verified
11XXX.XX.XXX.XXxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2020年12月23日verified
12XXX.XXX.XX.XXXxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxx XxxxxxxXxxxxxxx2020年12月17日verified
13XXX.XXX.XX.XXXxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxx2021年08月29日verified
14XXX.XXX.XXX.XXXxxxx XxxxxxxXxxxxxxx2020年12月17日verified
15XXX.XXX.XXX.XXXxxxx XxxxxxxXxxxxxxx2020年12月17日verified

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1068CWE-264Execution with Unnecessary Privilegespredictive
2TXXXXCWE-XXXxx Xxxxxxxxxpredictive
3TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1Filedata/gbconfiguration.datpredictive
2Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-xpredictive
3Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
4Argumentxxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!