Guccifer 2.0 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

言語

en	56
fr	2

国・地域

us	6
fr	2
ru	2

アクター

Guccifer 2.0	1

関心

タイプ

Not Defined	20
Operating System	8
Wireless LAN Software	4
Content Management System	4
WordPress Plugin	4

ベンダー

Not Defined	24
Microsoft	6
IBM	6
Linux	4
Monroe Electronics	4

製品

WordPress	4
Linux Kernel	4
Monroe Electronics R189 One-Net EAS	4
Microsoft Windows	4
Netgear D7800	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	ProFTPD mod_copy File 特権昇格	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.97188	0.03	CVE-2015-3306
2	LOCKON EC-CUBE ディレクトリトラバーサル	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00267	0.00	CVE-2013-3654
3	Monroe Electronics R189 One-Net EAS Default Configuration 弱い暗号化	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00726	0.02	CVE-2013-0137
4	Choice-wireless WIXFMR-111 ajax.cgi 弱い認証	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00519	0.02	CVE-2013-4731
5	Monroe Electronics R189 One-Net EAS 特権昇格	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00560	0.00	CVE-2013-4732
6	Monroe Electronics R189 One-Net EAS 特権昇格	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00306	0.00	CVE-2013-4733
7	Linux Kernel xdp_umem.c xdp_umem_reg メモリ破損	6.5	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00072	0.00	CVE-2020-12659
8	SAE FW-50 Remote Telemetry Unit ディレクトリトラバーサル	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00235	0.00	CVE-2020-10634
9	IBM Quality Manager Web UI クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.00	CVE-2016-6022
10	IBM Rational Quality Manager Web UI クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.00	CVE-2016-6031
11	IBM Rational Quality Manager クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.02	CVE-2016-6036
12	IBM Curam Social Program Management XML External Entity	7.8	7.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00194	0.03	CVE-2016-6111
13	Nagios クロスサイトスクリプティング	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00081	0.02	CVE-2016-6209
14	Cisco 2100 Wireless LAN Controller サービス拒否	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00181	0.02	CVE-2012-0369
15	Cisco Wireless LAN Controller Software サービス拒否	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2012-0370
16	Cisco Wireless LAN Controller Software 特権昇格	9.8	9.4	$25k-$100k	計算中	Not Defined	Official Fix	0.00369	0.02	CVE-2012-0371
17	ninja-forms Plugin 未知の脆弱性	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.00	CVE-2020-12462
18	jQuery html クロスサイトスクリプティング	5.8	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06124	0.03	CVE-2020-11022
19	Netgear WNR2000v5 メモリ破損	6.1	5.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00096	0.00	CVE-2018-21181
20	BigBlueButton 情報の漏洩	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00189	0.00	CVE-2020-12112

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	アクター	Identified	タイプ	信頼度
1	95.130.9.198	Guccifer 2.0	2020年12月23日	verified	高
2	95.130.15.34	Guccifer 2.0	2020年12月23日	verified	高
3	XX.XXX.XX.XX	Xxxxxxxx X.x	2020年12月23日	verified	高
4	XX.XXX.XX.XX	Xxxxxxxx X.x	2020年12月23日	verified	高
5	XX.XXX.XX.XX	Xxxxxxxx X.x	2020年12月23日	verified	高
6	XX.XXX.XX.XX	Xxxxxxxx X.x	2020年12月23日	verified	高
7	XX.XXX.XX.XX	Xxxxxxxx X.x	2020年12月23日	verified	高

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/Forms/	predictive	低
2	File	/see_more_details.php	predictive	高
3	File	ajax.cgi	predictive	中
4	File	xxxxxxxx.xxx	predictive	中
5	File	xxxxxxxx.xxx	predictive	中
6	File	xx/xxxxxxx-xxxxxxx.x	predictive	高
7	File	xxx/xxx/xxx_xxxx.x	predictive	高
8	File	xx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx-xxxxx-xxx	predictive	高
9	File	xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxx-xxxxxxxxxxx-xxxxx%xxxxxxxxx%xxxxxxx.xxx	predictive	高
10	File	xxxxxxx-xxxxxx.xxx	predictive	高
11	Argument	xxxx/xxxx	predictive	中
12	Argument	xx	predictive	低
13	Argument	xxx	predictive	低
14	Argument	xxxxxxx	predictive	低
15	Input Value	::$xxxxx_xxxxxxxxxx	predictive	高
16	Network Port	xxx xxxxxx xxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!