Leviathan 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

タイムライン

言語

en24
it12

国・地域

us20
cn2
ir2
ru2

アクター

Leviathan3
APT281
Zeus1
Qakbot1
Cobalt Strike1

アクティビティ

関心

タイムライン

タイプ

Not Defined8
Content Management System4
File Transfer Software4
Cloud Software2
Remote Access Software2

ベンダー

Not Defined14
Trend Micro2
Cloud Foundry2
Netop2
HP2

製品

Trend Micro Threat Discovery Appliance2
Cloud Foundry CF Networking Release2
Drupal2
Netop Remote Control2
HP HP-UX2

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1Drupal SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.000.00135CVE-2008-2999
2Unisoc S8000 Telephony Service サービス拒否3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00042CVE-2022-48447
3Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 サービス拒否7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00172CVE-2023-20079
4Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 特権昇格9.89.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.00287CVE-2023-20078
5iRZ RUH2 Firmware Patch 弱い認証6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00226CVE-2016-2309
6Joomla SQLインジェクション6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00142CVE-2022-23797
7Microsoft Access メモリ破損7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00232CVE-2020-1582
8libvirtd API virDomainSaveImageGetXMLDesc 特権昇格7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00045CVE-2019-10161
9nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.100.00241CVE-2020-12440
10Desiscripts Desi Short URL Script index.php 弱い認証7.36.9$0-$5k計算中Proof-of-ConceptNot Defined0.000.00933CVE-2009-2642
11Cisco FirePOWER Management Center Web UI メモリ破損8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00107CVE-2019-12688
12vsftpd deny_file 未知の脆弱性3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00312CVE-2015-1419
13phpMyAdmin 情報の漏洩6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.18290CVE-2019-6799
14WallacePOS resetpassword.php クロスサイトスクリプティング5.25.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00101CVE-2017-7388
15Linksys Spa921 サービス拒否7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000.01834CVE-2006-7121
16Zabbix zabbix_agentd 情報の漏洩4.03.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00042CVE-2007-6210
17BEA WebLogic Mobility Server 弱い認証7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.02056CVE-2007-6384
18Netop Remote Control Guest Client メモリ破損4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00063CVE-2017-5216
19Samsung Mobile Phone Application Installation bad_alloc 特権昇格4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00055CVE-2017-5217
20Splunk Header クロスサイトスクリプティング4.34.3$0-$5k$0-$5kHighNot Defined0.050.00213CVE-2014-8380

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
154.87.87.13ec2-54-87-87-13.compute-1.amazonaws.comLeviathan2020年12月23日verified
254.242.66.219ec2-54-242-66-219.compute-1.amazonaws.comLeviathan2020年12月23日verified
3XX.XX.XXX.XXXXxxxxxxxx2020年12月23日verified
4XX.XX.XXX.XXXXxxxxxxxx2020年12月23日verified
5XX.XX.XXX.XXXXxxxxxxxx2020年12月23日verified
6XXX.XXX.XXX.XXXXxxxxxxxx2020年12月17日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1Fileencrypt.cpredictive
2Fileept.cpredictive
3Filexxxxx.xxxpredictive
4Filexxxxx:xxxxxxxxxxx.xxpredictive
5Filexxxx-xxx.xxxpredictive
6Filexxxxxxxxxx-xxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxpredictive
7Argumentxxxxxxxpredictive
8Argumentxxxxxxx_xxpredictive
9Argumentxxxpredictive
10Argumentxxxxxpredictive
11Input Valuexxxxxx/**/xxxx.predictive
12Input Valuexxxxxxxxxx:xxxxxx("xxx xx xxxxxxxxxxx");predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!