Poisoned Handover 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (240)

タイムライン

言語

en240

国・地域

us236
cn4

アクター

Poisoned Handover2
Poisoned Hurricane1
Zusy1

アクティビティ

関心

タイムライン

タイプ

Not Defined46
Application Server Software18
Banking Software6
Web Browser4
Groupware Software4

ベンダー

Oracle20
IBM16
Huawei10
Not Defined8
Microsoft6

製品

IBM WebSphere Application Server8
Mozilla Thunderbird4
Oracle FLEXCUBE Universal Banking4
Pulse Connect Secure4
Citrix Virtual Apps4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Huawei HiSilicon printf メモリ破損7.36.6$5k-$25k計算中Proof-of-ConceptNot Defined0.021910.00CVE-2020-24214
2Huawei P30 Pro Message 情報の漏洩4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2020-9107
3Oracle FLEXCUBE Investor Servicing Unit Trust 特権昇格3.13.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000700.00CVE-2017-3487
4Oracle Communications Diameter Signaling Router User Interface 未知の脆弱性6.15.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000830.00CVE-2020-14788
5IBM WebSphere Portal Error Code Host 情報の漏洩5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003760.00CVE-2014-4746
6IBM WebSphere Application Server Error Message 情報の漏洩2.72.7$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2020-4629
7Huawei P30 Pro Message メモリ破損4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2020-9108
8Huawei HiSilicon RTSP Stream 情報の漏洩3.33.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.001740.00CVE-2020-24216
9V-Zug Combi-Steam MSLQ 弱い認証7.56.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000700.04CVE-2019-17219
10Oracle Retail Data Extractor for Merchandising Knowledge Module 弱い認証3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001910.00CVE-2020-9488
11Verint Impact 360 help_popup.jsp クロスサイトスクリプティング6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000900.00CVE-2019-12773
12Apache CloudStack baremetal 特権昇格8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002950.00CVE-2019-17562
13Citrix Virtual Apps/XenDesktop 特権昇格8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2020-8269
14GNU C Library search.texi 特権昇格7.67.6$0-$5k$0-$5kNot DefinedOfficial Fix0.007290.02CVE-1999-0199
15Microsoft Edge PDF Reader メモリ破損6.05.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.461120.00CVE-2020-1568
16United Planet Intrexx Professional クロスサイトスクリプティング4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2020-24188
17Huawei Taurus-AL00A XFRM Module 情報の漏洩4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2020-9087
18Pulse Secure Virtual Traffic Manager 情報の漏洩4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.00CVE-2018-20307
19V-Zug Combi-Steam MSLQ Password Policy 弱い認証6.26.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002220.02CVE-2019-17215
20FiberHome VDSL2 Modem HG 150-UB Cookie 弱い認証8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.060720.00CVE-2018-9248

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Poisoned Handover

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
158.64.139.10Poisoned HandoverPoisoned Handover2021年01月01日verified
2112.175.143.2Poisoned HandoverPoisoned Handover2021年01月01日verified
3XXX.XXX.XXX.XXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx2021年01月01日verified
4XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx2021年01月01日verified
5XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx2021年01月01日verified
6XXX.XX.XXX.Xxx-xxx-xx-xxx-x.xxxxxxxxxx.xxxXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx2021年01月01日verified
7XXX.XXX.XX.XXXXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx2021年01月01日verified
8XXX.XX.XXX.XXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx2021年01月01日verified

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
14TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/cgi-bin/predictive
3Filecci_dirpredictive
4Filexxx.xxx.xxxxx.xxxxxxxxxx.xxxxpredictive
5Filexxxxxxx.xxxpredictive
6Filexxxxxxx/xxxxxxxxxx.xxpredictive
7Filexxxxxx/xxxxxx.xxxxpredictive
8Filexxxxxxx\xxxxxxxxxx.xxxpredictive
9Filexxxxxxxxxxxxxxxxxx.xxxpredictive
10Filexxxxxxxpredictive
11Filexx/xx.xpredictive
12Filexxxxxxxxxxxxxxxxx.xxxpredictive
13Filexxx/xxxx/xxxx_xxxxx.xxxpredictive
14Argumentxxxxxxxpredictive
15Argumentxxxpredictive
16Argumentxxxxpredictive
17Argumentxxxxxxxpredictive
18Argumentxxxpredictive
19Argumentxxxxxpredictive
20Input Valuexxxxxxxpredictive
21Network Portxxx/xx (xxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!