Orangeworm 解析

IOB - Indicator of Behavior (970)

タイムライン

言語

en928
de18
fr8
es6
it4

国・地域

vn970

アクター

アクティビティ

関心

タイムライン

タイプ

ベンダー

製品

WordPress34
Microsoft Windows24
Microsoft Exchange Server10
Google Chrome10
Apache Traffic Server8

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.900.00954CVE-2010-0966
3nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined2.800.00241CVE-2020-12440
4LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.730.00000
5Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.160.00817CVE-2014-4078
6Invision Power Services IP.Board URL サービス拒否5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00149CVE-2015-6812
7Samsung Members samsungrewards Scheme for Deeplink 特権昇格5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00224CVE-2021-25374
8Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.200.00548CVE-2017-0055
9webui-aria2 ディレクトリトラバーサル6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00437CVE-2023-39141
10PHP extractTo ディレクトリトラバーサル5.04.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00091CVE-2021-21706
11Invision Power Services IP.Board クロスサイトスクリプティング7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.020.00254CVE-2014-3149
12Synacor Zimbra Collaboration XML External Entity8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00441CVE-2016-9924
13Laravel Image Upload ValidatesAttributes.php 特権昇格5.55.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01231CVE-2021-43617
14OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.180.00440CVE-2014-2230
15WSO2 API Manager Publisher Node 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00397CVE-2020-13226
16Smarty 特権昇格7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00299CVE-2022-29221
17Apache Traffic Server 特権昇格7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.070.00157CVE-2021-37147
18WSO2 API Manager File Upload 特権昇格9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.97242CVE-2022-29464
19Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.97236CVE-2021-34473
20LanSuite LanParty Intranet System index.php SQLインジェクション5.35.0$0-$5k$0-$5kProof-of-ConceptUnavailable0.000.02746CVE-2006-1001

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (312)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/.htpasswdpredictive
3File//etc/RT2870STA.datpredictive
4File/admin_ping.htmpredictive
5File/api/user/{ID}predictive
6File/bin/proc.cgipredictive
7File/CFIDE/probe.cfmpredictive
8File/cgi-bin/login_action.cgipredictive
9File/data/vendor/tclpredictive
10File/downloadpredictive
11File/etc/tomcat8/Catalina/attackpredictive
12File/files.md5predictive
13File/forum/away.phppredictive
14File/getcfg.phppredictive
15File/modules/profile/index.phppredictive
16File/modules/registration_admission/patient_register.phppredictive
17File/news.dtl.phppredictive
18File/public/plugins/predictive
19File/rapi/read_urlpredictive
20File/rest/api/2/user/pickerpredictive
21File/sbin/acos_servicepredictive
22File/scripts/iisadmin/bdir.htrpredictive
23File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictive
24File/squashfs-root/www/HNAP1/control/SetWizardConfig.phppredictive
25File/SSOPOST/metaAlias/%realm%/idpv2predictive
26File/uncpath/predictive
27File/usr/bin/pkexecpredictive
28File/ViewUserHover.jspapredictive
29File/WEB-INF/web.xmlpredictive
30File/wp-admin/admin-ajax.phppredictive
31File/wp-json/oembed/1.0/embed?urlpredictive
32File/www/cgi-bin/popen.cgipredictive
33File5.2.9\syscrb.exepredictive
34Fileaccountrecoveryendpoint/recoverpassword.dopredictive
35Filead.cgipredictive
36Filexxxxxxx.xxxpredictive
37Filexxx-xxxxxxxx.xxxpredictive
38Filexxxxx.xxxpredictive
39Filexxxxx/xxxxxx/xxxxxxx.xxxpredictive
40Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
41Filexxxxx/xxxxx.xxx?xx=xxxxxxxxxxxxpredictive
42Filexxxxx/xxxxx.xxx?xx=xxxxxx&xxxxxx=xxxx_xxxxxpredictive
43Filexxxxxxxxxxxxxx/xxxxxxxx.xxxpredictive
44Filexxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xpredictive
45Filexxxx.xxxpredictive
46Filexxxxxxxxxxx.xxxpredictive
47Filexxxx-xxxx.xpredictive
48Filexxxxxxx.xxpredictive
49Filexxxx/xxxxxxxxxxxx.xxxpredictive
50Filexx-xxxxxx/xxxx/xxxxxx-xxxxxx.xxxpredictive
51Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictive
52Filexxxx.xpredictive
53Filexxxxxx/xxxxx/xxxxx.xxxpredictive
54Filexxxx.xxxpredictive
55Filexxx-xxx/xxxx/xxxxxxxpredictive
56Filexxx-xxx/xxxxxxxxxxxx.xxxpredictive
57Filexxx.xpredictive
58Filexxxx_xxxxx.xxxpredictive
59Filexxxxx.xxxxxxxxx.xxxpredictive
60Filexxxxxxxxxx/xxxxxxx.xxxxpredictive
61Filexxxxxxxx/xxxxxxxxxx.xxxxpredictive
62Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictive
63Filexxxxxxxxxx/xxxx.xxxpredictive
64Filexxxxxxx.xxxpredictive
65Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
66Filexxxx_xxxxx.xxxpredictive
67Filexxx_xxxxx.xxxpredictive
68Filexxxxxxx/xxx/xxxxxx.xpredictive
69Filexxxxx.xxxpredictive
70Filexxxx.xxxpredictive
71Filexxxxxxxxxxxx.xxxpredictive
72Filexxxxxxxx.xxxpredictive
73Filexx/xxxxxxx.xpredictive
74Filexxxxxxxxx.xxxpredictive
75Filexxx_xxx.xxxpredictive
76Filexxx_xxxxxx.xxxpredictive
77Filexxxxxxxx/xxxx_xxxxpredictive
78Filexxxx_xxxxxxx.xxx.xxxpredictive
79Filexxxxxxxx/xxxx/xxxx.xxpredictive
80Filexxxxxx/xxxxxx/xx/xxx_xxx_xxxxx.xxxpredictive
81Filexxxx/predictive
82Filexxxxxxxx.xxxpredictive
83Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictive
84Filexxx/xxxxxx.xxxpredictive
85Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
86Filexxxxxxx/xxxxx/xxxxx.xpredictive
87Filexxxxxxxx/xxxxxxx.xxxpredictive
88Filexxxxx.xxxxpredictive
89Filexxxxx.xxxpredictive
90Filexxxxxxxx.xxxxpredictive
91Filexxxxxxxxx/xxxxx/xxx/xxx.xxxpredictive
92Filexxx?xxxx.xxxpredictive
93Filexxxxxx/xxx/xxxxxxxx.xpredictive
94Filexxxx_xxxxxx.xxxpredictive
95Filexxxxx/xxxxx/xxxxxxxx.xxxpredictive
96Filexxxxx.xxxpredictive
97Filexxxxx.xxxpredictive
98Filexxxxx/predictive
99Filexxxxxxxx.xpredictive
100Filexxxxxxxxxxx_xxxxx_xxxxxxxx.xxxpredictive
101Filexxxxxxxxxxxxxx.xxxpredictive
102Filexxx_xxxxxxx.xpredictive
103Filexxxxxxxxxxxxxxxxx.xxxpredictive
104Filexxxxxx_xxxxxx/xxxxxxx/xxx.xxx.xxxx.xxxxxx.xxxxxxx.xxxxxxxxxxx.xxxpredictive
105Filexx/xxxxpredictive
106Filexxxxxxxx.xxxpredictive
107Filexxxxx_xxxxx.xxxpredictive
108Filexxxxxxx.xxxpredictive
109Filexxx-xxxxxxxx/xxx-xxxxxxxx.xxxpredictive
110Filexxxx.xxxpredictive
111Filexxx/xxxx/xxxx.xxpredictive
112Filexxxxxxx/xxxxxxx/xxxx/xxxxxx.xpredictive
113Filexxxxx_xxxxx.xxxpredictive
114Filexxxxx_xxx.xxxpredictive
115Filexxxx.xxxpredictive
116Filexxxxxxxx.xxxpredictive
117Filexxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
118Filexxx/xxx.xxxpredictive
119Filexxxxxxx.xpredictive
120Filexxxxx.xxxpredictive
121Filexxxxx.xxxpredictive
122Filexxxxxxxx.xxpredictive
123Filexxxxxxxxxx.xxxpredictive
124Filexxxxxxxx.xxxpredictive
125Filexxxxxxxxxxxx.xxxxpredictive
126Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictive
127Filexxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxx.xxxpredictive
128Filexxxxx/xxxxxxx.xxxxxxxpredictive
129Filexxxxxxxxxxxxxxx.xxxxpredictive
130Filexxx.xxxpredictive
131Filexxxx.xxxpredictive
132Filexxxxxx.xpredictive
133Filexxxxxx.xxpredictive
134Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictive
135Filexxxxxxxx/xxxx/xxxxxxx/xxxxx.xxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
136Filexxxx-xxxxxx.xpredictive
137Filexxxx.xxxpredictive
138Filexxxxxxxxxxxx.xxxpredictive
139Filexxxxxxxxxxxxxx.xxxpredictive
140Filexxxxxxxxxxxxxxx.xxxpredictive
141Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
142Filexxxxxx.xxxpredictive
143Filexxxxx.xxxpredictive
144Filexxxxx\xxxxxxxxxxx\xxxxxxxxxxx.xxxpredictive
145Filexxxx.xxxpredictive
146Filexxxxxxxx-xxxxxxxxxxx.xxxpredictive
147Filexxx/xxxxxxxx.xpredictive
148Filexxxxxx.xxxpredictive
149Filexxxxx.xpredictive
150Filexxxxxxxxxxxxxx.xxxxpredictive
151Filexxxxxxxx.xpredictive
152Filexxxxx-xxxx.xxxpredictive
153Filexxx.xxxpredictive
154Filexxxxxxxx/xxxxxxxxpredictive
155Filexxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictive
156Filexxxx_xxxxx.xxxpredictive
157Filexxxxx.xpredictive
158Filexxx/xxx/xxx-xxx/xxxx.xxxpredictive
159Filexxxxxxxx.xxxpredictive
160Filexxxxxx/xxxxxx.xxxxpredictive
161Filexxxxxxxxx.xxxpredictive
162Filexxxxxxxxxxxx.xxxpredictive
163Filexxxxxxxxxxx.xxxpredictive
164Filexxx.xxxpredictive
165Filexxxxxxxxx/xxxxxxxxpredictive
166Filexx-xxxxx/xxxxx-xxxx.xxx?xxx_xxxxx=xxxx_xxxxxxxpredictive
167Filexx-xxxxx/xxxxx-xxx.xxx?xxxxxxx-xxxxxxxxpredictive
168Filexx-xxxxx/xxxxxx-xxxx.xxxpredictive
169Filexx-xxxxxxx/xxxxxxxpredictive
170Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
171Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictive
172Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
173Filexx-xxxxxxxx/xxxx.xxxpredictive
174Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictive
175Filexx-xxxxx.xxxpredictive
176Filexx-xxxxxxxx.xxxpredictive
177Filexxx/xxxx/xxxxx/xxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictive
178Filexxxxxxxpredictive
179Filexxxx.xxxpredictive
180File\xxx\xxxxxxxx\xxxxxxxx\xxxxxxxx.xxxpredictive
181Library/_xxx_xxx/xxxxx.xxxpredictive
182Libraryxxx.xxxpredictive
183Libraryxxxxxxxxxxx.xxxpredictive
184Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictive
185Libraryxxx/xxxx/xxxxx.xxxpredictive
186Libraryxxxxxx.xxxpredictive
187Libraryxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictive
188Libraryxxx/xxxxxxxxxxx/xxxx_xxxxxxx.xxxpredictive
189Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictive
190Libraryxx/xxx.xxx.xxxpredictive
191Libraryxxxxxxx.xxx.xx.xxxpredictive
192Libraryxxxxxxxxxx.xxxpredictive
193Argument--xxxx=xxxpredictive
194Argumentxxxxxpredictive
195Argumentxxpredictive
196Argumentxxxxxx_xxxxpredictive
197Argumentxxxxxxxxpredictive
198Argumentxxxx_xxpredictive
199Argumentxxxxxxxxpredictive
200Argumentxxxxxxxpredictive
201Argumentxxx_xxxpredictive
202Argumentxxxpredictive
203Argumentxxxxxxxxxpredictive
204Argumentxxxxxxxx/xxxxxxxxxxxxpredictive
205Argumentxxxxxxxxxxpredictive
206Argumentxxxxxpredictive
207Argumentxxx_xxpredictive
208Argumentxxxpredictive
209Argumentxxxpredictive
210Argumentxxxxxxxpredictive
211Argumentxxxxxxpredictive
212Argumentxxxxxxxxxxpredictive
213Argumentxxxxpredictive
214Argumentxxxx_xxxxxx_xxxxpredictive
215Argumentxxx_xxxx/xxx_xxxxxxxpredictive
216Argumentxxxx_xxxxxx=xxxxpredictive
217Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictive
218Argumentxxxpredictive
219Argumentxxxxpredictive
220Argumentxxxxxxxxpredictive
221Argumentxxxxxxxxpredictive
222Argumentxxxxxx_xxxx/xxxx_xxxxpredictive
223Argumentxxxxpredictive
224Argumentxxxxxxxxpredictive
225Argumentxxxxxxxpredictive
226Argumentxxpredictive
227Argumentxxxx/xxxxpredictive
228Argumentxxxxpredictive
229Argumentxxxxpredictive
230Argumentxxxxxxxxpredictive
231Argumentxxxxpredictive
232Argumentxxpredictive
233Argumentxx_xxxxxxxxpredictive
234Argumentxxxxx xxxxxpredictive
235Argumentxxxxxxxxx_xxxxpredictive
236Argumentxxxx_xxxx/xxxx_xxxxpredictive
237Argumentxxxx xxxxxxxpredictive
238Argumentxxxxx[xxxxx][xx]predictive
239Argumentxxxxxxxxpredictive
240Argumentxxxx_xxxxpredictive
241Argumentxxxxpredictive
242Argumentxxxxxxxxxpredictive
243Argumentxxxxxxxpredictive
244Argumentxxxpredictive
245Argumentxxxpredictive
246Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictive
247Argumentxxxpredictive
248Argumentxxxpredictive
249Argumentxxxxxpredictive
250Argumentxxxxpredictive
251Argumentxxxx/xxxxxxxpredictive
252Argumentxxxx[]predictive
253Argumentxxxx_xxxxxx/xxxx_xxx/xxxxxxx/xxxx_xxxxxx/xxxx_x/xxxx_xpredictive
254Argumentxxxx-xxx-xxxxxxxxxpredictive
255Argumentxxxxxx xxxxxxpredictive
256Argumentxxxxxxxxpredictive
257Argumentxxxxxxxxpredictive
258Argumentxxxx_xxxxpredictive
259Argumentxxxxxxxxpredictive
260Argumentxxxxxx[xxxx].xxxpredictive
261Argumentxx_xxxxpredictive
262Argumentxxx_xxxx_xxxxxx_xxxx_xxxxxxx_xxxxx_xxxxxxx_xxxxxx_xxxx_xx_xxxxxx_xxxxpredictive
263Argumentxxxxxxxxxxxpredictive
264Argumentxxxxxxxxpredictive
265Argumentxxxxxxxxxxxpredictive
266Argumentxxxxxxpredictive
267Argumentxxxxxxxxxx/xxxxxpredictive
268Argumentxxxxxx_xxxpredictive
269Argumentxxxxxxxxxxpredictive
270Argumentxxxxxxxpredictive
271Argumentxxxxxxxxpredictive
272Argumentxxxpredictive
273Argumentxxxxxxxx[xxxx]predictive
274Argumentxxxx xxxxpredictive
275Argumentxxxxx_xxpredictive
276Argumentxxxxxxxxxxxxpredictive
277Argumentxxx_xxxpredictive
278Argumentxxxxxxxxxx[xxxx]predictive
279Argumentxxxxxpredictive
280Argumentxxxxxxxpredictive
281Argumentxxxpredictive
282Argumentxxxxxxxpredictive
283Argumentxxxx-xxxxxpredictive
284Argumentxxxxxxpredictive
285Argumentxxxxxxxxpredictive
286Argumentxxxxxxxx/xxxxpredictive
287Argumentxxxxxxxx/xxxxxxxxpredictive
288Argumentxxxx->xxxxxxxpredictive
289Argumentx-xxxxxxxxx-xxxpredictive
290Argument_xx_xxxxpredictive
291Argument_xxx_xxxxxxx_xxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxx_xxxxpredictive
292Argument_xxxxxxxpredictive
293Argument_xxxxxpredictive
294Input Value%xx%xx%xxpredictive
295Input Value..predictive
296Input Value../predictive
297Input Value.xxx?/../../xxxx.xxxpredictive
298Input Value/%xxpredictive
299Input Value/..predictive
300Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictive
301Input Value??x:\predictive
302Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
303Input Valuexxx?xxxx.xxxpredictive
304Input Valuexxxxxxxxxx:xxxxxxxxxpredictive
305Pattern|xx|predictive
306Network Portxxxxxpredictive
307Network Portxxx/xxxx (xxxxx)predictive
308Network Portxxx/xxxxpredictive
309Network Portxxx/xxxxpredictive
310Network Portxxx/xxxxxpredictive
311Network Portxxx/xxx (xxxx)predictive
312Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!