FakeAlert 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (51)

タイムライン

言語

en42
ru4
es2
fr2
de2

国・地域

us26
pt8
ru6
tr4
fr2

アクター

FakeAlert5
Wannacry1
Dridex1
Cobalt Strike1
Quasar RAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined16
WordPress Plugin4
Web Server4
Video Surveillance Software4
Image Processing Software2

ベンダー

Not Defined16
HotScripts2
Google2
Iptanus2
Basti2web2

製品

ZoneMinder4
ImageMagick2
HotScripts Clone Script2
Google Chrome2
Iptanus File Upload Plugin2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Netgear ProSAFE Network Management System getNodesByTopologyMapSearch SQLインジェクション6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.00CVE-2023-38099
2Samsung UWB Stack メモリ破損6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001700.00CVE-2022-25818
3Cisco Linksys EA2700 URL 情報の漏洩4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.08
4Basti2web Book Panel books.php SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.02CVE-2009-4889
5HotScripts Clone Script software-description.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.03CVE-2007-6084
6Linux Kernel Spectre Mitigation bugs.c spectre_v2_user_select_mitigation 情報の漏洩5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.03CVE-2023-1998
7WordPress ディレクトリトラバーサル5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.04CVE-2023-2745
8nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.37CVE-2020-12440
9Nagios XI command_test.php Privilege Escalation8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.285430.04CVE-2023-48085
10Moment.js ディレクトリトラバーサル6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.00CVE-2022-24785
11Moodle LTI Module クロスサイトスクリプティング4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.011470.02CVE-2022-35653
12ZoneMinder Language Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.384010.20CVE-2022-29806
13ZoneMinder Snapshot Action shell_exec 特権昇格8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.969280.03CVE-2023-26035
14Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.16CVE-2017-0055
15Redis Lua Script メモリ破損7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003290.08CVE-2022-24834
16Apple iOS/iPadOS Kernel Coldtro メモリ破損7.87.6$25k-$100k$5k-$25kHighOfficial Fix0.001490.00CVE-2022-32894
17Asana Desktop 情報の漏洩4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002180.02CVE-2022-26877
18Google Android App Pinning LockTaskController.java shouldLockKeyguard 弱い認証6.05.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2021-0472
19XAMPP xampp-contol.ini 特権昇格7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.005610.07CVE-2020-11107
20McAfee Network Security Management Command Line Interface 情報の漏洩5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-7284

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
13.8.23.195ec2-3-8-23-195.eu-west-2.compute.amazonaws.comFakeAlert2021年05月31日verified
23.8.191.167ec2-3-8-191-167.eu-west-2.compute.amazonaws.comFakeAlert2021年05月31日verified
318.130.240.77ec2-18-130-240-77.eu-west-2.compute.amazonaws.comFakeAlert2021年05月31日verified
4XX.XXX.XX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxxx2021年05月31日verified
5XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxx.xxxXxxxxxxxx2021年05月31日verified
6XX.XXX.XX.XXXxx-xxx-xx-xxx.xx-xxxx.xxxxxxx.xxxxXxxxxxxxx2021年05月31日verified
7XX.XXX.XX.XXXxx-xxx-xx-xxx.xx-xxxx.xxxxxxx.xxxxXxxxxxxxx2021年05月31日verified
8XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxx.xxxXxxxxxxxx2021年05月31日verified
9XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxx2021年05月31日verified
10XXX.XXX.XXX.XXXXxxxxxxxx2021年05月31日verified
11XXX.XX.XX.XXxxxxx.xxxxxxxxxxxxxxxXxxxxxxxx2021年05月31日verified
12XXX.XXX.XXX.XXXXxxxxxxxx2021年05月31日verified
13XXX.XX.XX.XXXXxxxxxxxx2021年05月31日verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/getcfg.phppredictive
2File/uncpath/predictive
3Filearch/x86/kernel/cpu/bugs.cpredictive
4Filebooks.phppredictive
5Filecoders/tiff.cpredictive
6Filexxxxxxx_xxxx.xxxpredictive
7Filexxxxxxx.xxxpredictive
8Filexxxxxx.xxxpredictive
9Filexxxxxxx.xxxpredictive
10Filexxxxxxxxxx.xxxpredictive
11Filexxxxx.xxxxxxx.xxxpredictive
12Filexxxx_xxxx.xxxpredictive
13Filexxxxxxxxxxxxxxxxxx.xxxxpredictive
14Filexxxx.xxxpredictive
15Filexxxxxxxx.xxxpredictive
16Filexxxxxxxxxx.xxxpredictive
17Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
18Filexxxxxxxx-xxxxxxxxxxx.xxxpredictive
19Filexxxxxxxxx.xxpredictive
20Filexxxxx-xxxxxx.xxxpredictive
21Libraryxxxxxx.xxxpredictive
22Argumentxxxxxxpredictive
23Argumentxxxpredictive
24Argumentxxx_xxpredictive
25Argumentxxxpredictive
26Argumentxxxx_xxpredictive
27Argumentxxpredictive
28Argumentxxxx_xxpredictive
29Argumentxxxxxxxxpredictive
30Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
31Pattern|xx|xx|xx|predictive
32Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!