SideCopy 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

en820
pt58
zh54
ar18
de16

国・地域

nl874
pt52
us36
fr2

アクター

RedLine Stealer6
Dorkbot4
Domestic Kitten3
SideCopy3
Cobalt Strike3

アクティビティ

関心

タイムライン

タイプ

Not Defined246
Operating System160
Content Management System36
Web Browser32
Firewall Software30

ベンダー

Not Defined210
Microsoft176
Apache30
Linux26
Google26

製品

Microsoft Windows124
Linux Kernel26
Google Android18
Apache HTTP Server14
WordPress14

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.39CVE-2020-12440
2Huawei ACXXXX/SXXXX SSH Packet 特権昇格7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.02CVE-2014-8572
3Microsoft Windows WPAD 特権昇格8.07.9$25k-$100k$0-$5kHighOfficial Fix0.909620.03CVE-2016-3213
4Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.035230.03CVE-2021-34530
5Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34487
6Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.16CVE-2017-0055
7Cisco Secure Email and Web Manager Web-based Management Interface 弱い認証9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003370.02CVE-2022-20798
8nginx Log File 特権昇格7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000920.04CVE-2016-1247
9Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.09CVE-2020-1927
10Microsoft .NET Core/Visual Studio サービス拒否6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.001950.07CVE-2021-26423
11Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k 以上$5k-$25kUnprovenOfficial Fix0.021830.04CVE-2021-26424
12Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k 以上$5k-$25kUnprovenOfficial Fix0.000440.00CVE-2021-26425
13Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k 以上$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34537
14Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.007360.00CVE-2021-34524
15Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34536
16Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.035230.00CVE-2021-34533
17Microsoft Windows Services for NFS ONCRPC XDR Driver 情報の漏洩6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.011080.00CVE-2021-36926
18Microsoft ASP.NET Core/Visual Studio 情報の漏洩4.94.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000430.04CVE-2021-34532
19Microsoft Windows Services for NFS ONCRPC XDR Driver 情報の漏洩6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.011080.00CVE-2021-36933
20Microsoft Windows Remote Desktop Client Remote Code Execution8.87.9$100k 以上$5k-$25kProof-of-ConceptOfficial Fix0.052520.02CVE-2021-34535

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1109.236.85.152customer.worldstream.nlSideCopy2021年07月08日verified
2144.91.65.100vmi652772.contaboserver.netSideCopy2021年07月08日verified
3144.91.72.17vmi1717964.contaboserver.netSideCopy2024年04月02日verified
4144.91.87.179vmi778487.contaboserver.netSideCopy2022年03月23日verified
5XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021年07月08日verified
6XXX.XXX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021年12月06日verified
7XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxx.xxxXxxxxxxx2021年07月08日verified
8XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021年07月08日verified
9XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021年07月08日verified
10XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021年07月08日verified
11XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021年07月08日verified
12XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021年07月08日verified
13XXX.XX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021年07月08日verified
14XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021年07月08日verified
15XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021年07月08日verified
16XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021年07月08日verified
17XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxxxx2023年09月19日verified
18XXX.XXX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2022年03月23日verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1040CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (242)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.travis.ymlpredictive
2File/.envpredictive
3File/admin.phppredictive
4File/admin/?page=inmates/view_inmatepredictive
5File/admin/subnets/ripe-query.phppredictive
6File/apply.cgipredictive
7File/core/conditions/AbstractWrapper.javapredictive
8File/debug/pprofpredictive
9File/defaultui/player/modern.htmlpredictive
10File/dvcset/sysset/set.cgipredictive
11File/edit-db.phppredictive
12File/exportpredictive
13File/file?action=download&filepredictive
14File/forum/away.phppredictive
15File/goform/aspFormpredictive
16File/hardwarepredictive
17File/installers/common.shpredictive
18File/librarian/bookdetails.phppredictive
19File/medical/inventories.phppredictive
20File/monitoringpredictive
21File/opt/zimbra/jetty/webapps/zimbra/publicpredictive
22File/plugin/LiveChat/getChat.json.phppredictive
23File/plugins/servlet/audit/resourcepredictive
24File/plugins/servlet/project-config/PROJECT/rolespredictive
25File/procpredictive
26File/replicationpredictive
27File/RestAPIpredictive
28File/xxx/xxxxxx-xxxxxxxx-*predictive
29File/xxxxxxx/predictive
30File/xxxxxxpredictive
31File/xxxx/xxxxxx.xxx?xxx=xpredictive
32File/xxx/xxx/xxxxxpredictive
33File/xxx/xxx/xxxxxxxx.xxxpredictive
34File/xxxxxx/xxxxxx.xxxxpredictive
35File/xxxxxxxx_xxxxx/xxxxxxx/xxxxxx.xxx?x=xxxxxx_xxxxxpredictive
36File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictive
37Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
38Filexxxxxxx.xxxpredictive
39Filexxxxxxx.xxxpredictive
40Filexxx.xxxpredictive
41Filexxxxxxx.xxxpredictive
42Filexxx/xxx/xxxx-xxxpredictive
43Filexxxxx.xxxpredictive
44Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
45Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictive
46Filexxxx-xxxx.xpredictive
47Filexxxx/xxxxxxx.xxxpredictive
48Filex/xxxxxx/xxxxx.xxxpredictive
49Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictive
50Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictive
51Filexxx-xxx/xx.xxxpredictive
52Filexxx/xxxxxxx.xxpredictive
53Filexxxxx.xxxpredictive
54Filexxxxxx.xxxpredictive
55Filexxx_xxxxxx.xxxpredictive
56Filexxx.xxxpredictive
57Filexxxxxxx.xxxpredictive
58Filexxxxxx.xxxpredictive
59Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictive
60Filex_xxxxxxpredictive
61Filexxxxxxx.xxxpredictive
62Filexxxx_xxxxxx.xxxpredictive
63Filexxxxxxx/xxxxx/xxxxxx.xpredictive
64Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictive
65Filexxxx_xxxxx.xxxpredictive
66Filexxxxxxxxxxx.xxxpredictive
67Filexxx/xxxxxxxx/xxxx.xpredictive
68Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictive
69Filexxxxxxxx.xpredictive
70Filexx/xxxxxxxxx.xpredictive
71Filexx/xxxxx.xpredictive
72Filexx/xxxxx/xxxxxxx.xpredictive
73Filexxxxx.xxxpredictive
74Filexxxxxx.xxxpredictive
75Filexxxxxxxxxx.xxpredictive
76Filexxxxxxxxxxxxx.xxxxpredictive
77Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
78Filexxxxx-xxxxx.xpredictive
79Filexxxxxx_xxxxx_xxxxxxx.xpredictive
80Filexxxxx-xxxxxxxxxx.xpredictive
81Filexxx/xxxxxx.xxxpredictive
82Filexxxxx.xxxpredictive
83Filexxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxxpredictive
84Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictive
85Filexxxx_xxxx.xxxpredictive
86Filexxxx_xxxx.xxxpredictive
87Filexxxx_xxxxxx.xxpredictive
88Filexxxxxx/xxx/xxxxxxxx.xpredictive
89Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xpredictive
90Filexxxxxxx/xx_xxx.xpredictive
91Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictive
92Filexxxx.xxxpredictive
93Filexxxxx.xxxpredictive
94Filexxxxx.xxxpredictive
95Filexxxxx/predictive
96Filexxxxxxxxxx/xxxxxxxx.xpredictive
97Filexxxxxxxxxx/xxx.xpredictive
98Filexxxx.xpredictive
99Filexxxx.xxxpredictive
100Filexxxxxx_xxxxx_xxxxxxx.xpredictive
101Filexxxxxxxxxxxxxxxx.xpredictive
102Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictive
103Filexxx/xxxxxxxxx/x_xxxxxx.xpredictive
104Filexxxx.xxxpredictive
105Filexxx_xxxxxxx.xpredictive
106Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
107Filexxx_xx.xpredictive
108Filexxxxxxxxxxxxxxxxx.xxxpredictive
109Filexxxx_xxxxxx.xpredictive
110Filexxxxxxxxx.xxx.xxxpredictive
111Filexxxxxxx.xxxpredictive
112Filexxxxxxxx.xxxxpredictive
113Filexxxxxxxxxxxxx.xxxxpredictive
114Filexxxxxx.xpredictive
115Filexxxxxxxxxxxxx.xxxpredictive
116Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
117Filexxxxxxxx.xxxpredictive
118Filexxxxxxx.xxxpredictive
119Filexxxxx.xxxpredictive
120Filexxxxxxxx.xxxpredictive
121Filexxxxxxx.xpredictive
122Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
123Filexxxx_xxx_xx.xpredictive
124Filexx_xxx.xpredictive
125Filexxxxxx.xpredictive
126Filexxxxx.xxxpredictive
127Filexxxx-xxxxxx.xpredictive
128Filexxxxxxx.xpredictive
129Filexxx/xxx_xxxxx.xpredictive
130Filexxxxxxx.xxxpredictive
131Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
132Filexxx_xxx.xpredictive
133Filexxxx-xxxxx.xxxpredictive
134Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictive
135Filexxxx.xxxxxxxxx.xxxpredictive
136Filexxxx_xxxx.xxxpredictive
137Filexxxxxx.xxxpredictive
138Filexxx.xxxpredictive
139Filexxx.xxxxxxpredictive
140Filexxxxxx/xx/xxxx.xxxpredictive
141Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
142Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictive
143Filexx-xxxxxxxx/xxxx.xxxpredictive
144Filexx/xx/xxxxxpredictive
145Filexx_xxxxxxx.xpredictive
146File_xxxxxxxx/xxxxxxxx.xxxpredictive
147File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictive
148Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictive
149Libraryxxxxxxxxxx/xxxxxxxx.xpredictive
150Libraryxxxxxxxx.xxxpredictive
151Libraryxxxxxxxxx.xxxpredictive
152Libraryxxxxxxxx.xxxpredictive
153Libraryxxxxxx.xxx.xxx.xxxpredictive
154Libraryxxxxxxxx.xxxpredictive
155Libraryxxxxx.xxxpredictive
156Libraryxxxxxxxx.xxxpredictive
157Libraryxxxxxxxx.xxxpredictive
158Argument-xpredictive
159Argumentxxxxx.xxxxxxxxpredictive
160Argumentxxxxxx_xxxxpredictive
161Argumentxxxxxxxxpredictive
162Argumentxxxpredictive
163Argumentxxxxxpredictive
164Argumentxxx_xxpredictive
165Argumentxxxx_xxpredictive
166Argumentxxxxxxpredictive
167Argumentxxxxxxx xxxxpredictive
168Argumentxxxxxxxxxxpredictive
169Argumentxxxxxxxpredictive
170Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictive
171Argumentxxxxxpredictive
172Argumentxxxxxx_xxxxpredictive
173Argumentxxxxxxxpredictive
174Argumentxxxx_xxpredictive
175Argumentxxxxpredictive
176Argumentxxxxxxxxpredictive
177Argumentxxpredictive
178Argumentxxpredictive
179Argumentxxxxxxxxxxxxxxpredictive
180Argumentxxxxxxxpredictive
181Argumentxxxxx[xxxxx][xx]predictive
182Argumentxxxx_xxxxxx_xxxxpredictive
183Argumentxxxx x xxxxpredictive
184Argumentxxxxxxxxx/xxxxxxxxxpredictive
185Argumentxxxxpredictive
186Argumentxxxxxxxxxxxxxxxxxxxxpredictive
187Argumentxxpredictive
188Argumentxxxxxxx/xxxx/xxxxxxxxpredictive
189Argumentxxxxx/xxxxxxpredictive
190Argumentxxxxpredictive
191Argumentxxxxxxxxpredictive
192Argumentxxxxxxxxpredictive
193Argumentxxxxxxxxpredictive
194Argumentxxxxxxxxxpredictive
195Argumentxxx_xxxpredictive
196Argumentxxxxxxxxxxxxxpredictive
197Argumentxxxxxxpredictive
198Argumentxxxxxxxpredictive
199Argumentxx_xxxxxxx_xxxxxxxpredictive
200Argumentxxxxxxxxxxxxxpredictive
201Argumentxxxxxpredictive
202Argumentxxxxxxx_xxxpredictive
203Argumentxxxxpredictive
204Argumentxxxxxxxxxxxxxpredictive
205Argumentxxxxxxxpredictive
206Argumentxxxxxxpredictive
207Argumentxxxxxxxx_xxxxxpredictive
208Argumentxxxxxxxxxxxxpredictive
209Argumentxxxxxxpredictive
210Argumentxxxxxpredictive
211Argumentxxxpredictive
212Argumentxxx/xxxxxxxpredictive
213Argumentxxxxxxpredictive
214Argumentxxxpredictive
215Argumentxxxxxxxx-xxxxxxxxpredictive
216Argumentxxxxxxxxxxxxxxpredictive
217Argumentxxxpredictive
218Argumentxxxxpredictive
219Argumentxxxxxxxxpredictive
220Argumentxxxxxxxpredictive
221Argumentxxxx->xxxxxxxpredictive
222Argumentx-xxxxxxxxx-xxxpredictive
223Argumentxxxpredictive
224Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictive
225Argument_xxx_xxxxxxxxxxx_predictive
226Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
227Input Value.%xx.../.%xx.../predictive
228Input Value//predictive
229Input Valuexxx xxxxxxxxpredictive
230Input Valuex%xx%xxxxx%xxx=x%xxxxxxx%xxxxxxxx%xxx,xxxx(),x,x,x,x,x,x,x,x,xxxxxxxx(),x,x,x,x,x,x,x,x,x,x,x,x,x--+predictive
231Input Valuexxxxxxxxpredictive
232Input Valuexxxxxxxxx' xxx 'x'='xpredictive
233Input Valuexxxxxpredictive
234Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictive
235Input Value\xpredictive
236Input Value….//predictive
237Pattern|xx|predictive
238Network Portxxxxxpredictive
239Network Portxx xxxxxxx xxx.xx.xx.xxpredictive
240Network Portxxxxx xxx-xxx, xxxpredictive
241Network Portxxx/xx (xxxxxx)predictive
242Network Portxxx xxxxxx xxxxpredictive

参考 (7)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!