Stolen Pencil 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (178)

タイムライン

言語

en146
de12
sv6
es4
fr4

国・地域

us118
sv6
ir6
fr4
de4

アクター

Stolen Pencil6
Bashlite1
Ave Maria1
AsyncRAT1
Vjw0rm1

アクティビティ

関心

タイムライン

タイプ

Not Defined72
Content Management System12
Programming Language Software6
Enterprise Resource Planning Software6
Application Server Software4

ベンダー

Not Defined48
Oracle8
DZCP4
Cisco4
Microsoft4

製品

DZCP deV!L`z Clanportal4
Dolibarr4
PHP4
parsec2
Gentoo logstash-bin2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.94CVE-2010-0966
3Revive Adserver lg.php Redirect5.85.5$0-$5k$0-$5kNot DefinedOfficial Fix0.009220.04CVE-2021-22873
4DZCP deV!L`z Clanportal browser.php 情報の漏洩5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.49CVE-2007-1167
5Wuzhicms group.php SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001720.02CVE-2022-27431
6phpPgAds/phpAdsNew lib-sessions.inc.php SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
7LionWiki index.php 特権昇格6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.015720.00CVE-2020-27191
8E-theni URL aff_liste_langue.php 特権昇格7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.034050.00CVE-2003-1256
9PHPSurveyor dumplabel.php SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
10PHP-Nuke Kleinanzeigen module modules.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.001000.00CVE-2008-3512
11ZeeBuddy editadgroup.php SQLインジェクション8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002850.00CVE-2017-15976
12DCP-Portal golink.php SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
13baigo CMS opt_base.inc.php 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.012930.00CVE-2019-9227
14SourceCodester Online Boat Reservation System POST Parameter login.php クロスサイトスクリプティング4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001310.04CVE-2023-1030
15Xoops userinfo.php SQLインジェクション5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003160.00CVE-2002-0216
16VMware ESXi VMX 特権昇格7.26.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2021-22042
17Apache Log4j Lookup サービス拒否6.46.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.966250.04CVE-2021-45105
18Fast C++ CSV Parser csv.h trim_chars メモリ破損8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006590.00CVE-2018-13421
19October CMS 未知の脆弱性6.56.3$0-$5k$0-$5kFunctionalOfficial Fix0.001960.00CVE-2017-16244
20automad FileController.php import 特権昇格7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.04CVE-2023-7037

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
11.3.4.1Stolen Pencil2018年12月09日verified
22.2.6.5Stolen Pencil2018年12月09日verified
35.196.169.223ip223.ip-5-196-169.euStolen Pencil2020年12月20日verified
4XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxx Xxxxxx2020年12月20日verified
5XX.XXX.XXX.XXxxxxx Xxxxxx2020年12月20日verified
6XXX.XXX.XXX.XXxxxxxxxxxxxxxxxxxxxxxx.xxXxxxxx Xxxxxx2020年12月20日verified
7XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxx Xxxxxx2020年12月20日verified
8XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxx Xxxxxx2020年12月20日verified
9XXX.XX.XX.XXXXxxxxx Xxxxxx2020年12月20日verified
10XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx.xxxx.xxxxxxxxx.xxxXxxxxx Xxxxxx2020年12月20日verified
11XXX.XXX.XXX.XXXXxxxxx Xxxxxx2020年12月20日verified

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
8TXXXXCWE-XXXxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (135)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/api/admin/articles/predictive
2File/admin/photo.phppredictive
3File/admin/transactions/track_shipment.phppredictive
4File/api/browserextension/UpdatePassword/predictive
5File/boat/login.phppredictive
6File/book-services.phppredictive
7File/coreframe/app/member/admin/group.phppredictive
8File/forum/away.phppredictive
9File/home/coursespredictive
10File/horde/util/go.phppredictive
11File/owa/auth/logon.aspxpredictive
12File/secure/EditSubscription.jspapredictive
13File/systemrw/predictive
14File/tmp/supp_logpredictive
15File?r=recruit/bgchecks/export&checkids=xpredictive
16Fileaccount.phppredictive
17FileActivityStarter.javapredictive
18Fileadmin/content.phppredictive
19Filexxxxx/xxxxxxxxxxx.xxxpredictive
20Filexxxxx/xxxxx.xxxpredictive
21Filexxxxx/xxxx.xxxpredictive
22Filexxxxx\xxxxxxx\xxxxx.xxx#xxxx_xxxxpredictive
23Filexxxxxxxx_xxx_xxxxxxx.xxxpredictive
24Filexxxxxxxx_xxxxxx_xxxxxxx.xxxpredictive
25Filexxx_xxxxx_xxxxxx.xxxpredictive
26Filexxx-xxxxx/xxxxxxxx-xxxpredictive
27Filexx_xxxxxxxxxx.xxxpredictive
28Filexxxxxxx.xxxpredictive
29Filexxx/xxx.xxxpredictive
30Filexxxxxxxx.xxxpredictive
31Filexxxxx.xxxpredictive
32Filexxxxxx.xxxpredictive
33Filexxxxx_xxxxxx.xxxpredictive
34Filexxxxxxx_xxx.xxxpredictive
35Filexxx.xpredictive
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
37Filexxxxx.xxxpredictive
38Filexxxxxx.xxxpredictive
39Filexxxxxx.xxxpredictive
40Filexxxxxx.xxxpredictive
41Filexxxxxxx.xxxpredictive
42Filexxxxxxxxxxxxxxx.xxxpredictive
43Filexxxxxxxxx.xxxpredictive
44Filexxxxxxxxxxxxxx.xxxpredictive
45Filexxxx.xxxpredictive
46Filexxxxxx.xxxpredictive
47Filexxx/xxxxxx.xxxpredictive
48Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
49Filexxxxx.xxxpredictive
50Filexxx/xxx_xxx_xx.xxxxpredictive
51Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictive
52Filexxxxx.xxxpredictive
53Filexxxxx/xxx/xxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxxpredictive
54Filexxxxx.xxxpredictive
55Filexx.xxxpredictive
56Filexxxxxx.xxxpredictive
57Filexxxx/xxxx_x_xxxxxx/xxxx.xxxpredictive
58Filexxxxxxx.xxxpredictive
59Filexxxxxxx/xxxxxxx/xxxxx/xxxxxxx.xxxpredictive
60Filexxx_xxxx.xxxpredictive
61Filexxx_xxxx.xxx.xxxpredictive
62Filexxx-xxx/xxxxxxxxx.xxxpredictive
63Filexxxxx.xxxpredictive
64Filexxxxxxx/xxxx.xxxpredictive
65Filexxxxxxxx.xxxpredictive
66Filexxxxxxx_xxxxxxx.xxxpredictive
67Filexxxxxxxxxxxxx.xxxpredictive
68Filexxxxxxxx.xxxpredictive
69Filexxxxxxxxxx.xxxpredictive
70Filexxxxxxx-xxxxxxx.xxxpredictive
71Filexxx/xxxx/xxxxxxxxxxx/xxxxx/xxxxx.xxxpredictive
72Filexxxx/xxxx.xxxpredictive
73Filexxxxxxxx.xxxpredictive
74Filexxxx_xxxx_xxxxxxx.xxxpredictive
75Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
76Filexxx.xxxpredictive
77Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictive
78Filexxxxxxxx/xxxxxxx.xxxxpredictive
79Filexx-xxxxx/xxxxx.xxxpredictive
80Filexxxxxxx.xxxxpredictive
81Libraryxxxxx.xxxpredictive
82Libraryxxx-xxxxxxxx.xxx.xxxpredictive
83Argument/xxx/xxxxxxxxxxx/xxxxxx/xx_xxxxxxxxxx.xxx?xxx=<xxxxx-xxx>/xxxxxxxx=x/xxxxxxxpredictive
84Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictive
85Argumentxxxxxxxxpredictive
86Argumentxxxxxxxxxpredictive
87Argumentxx_xxxxxpredictive
88Argumentxx_xxxx_xxxxpredictive
89Argumentxxxxx_xxxpredictive
90Argumentxxxxxxxxpredictive
91Argumentxxxxxxxpredictive
92Argumentxxxxpredictive
93Argumentxxxxxxxxxxxxpredictive
94Argumentxxxx/xxxxxx/xxxpredictive
95Argumentxxxxxxxpredictive
96Argumentxxxxxxx xxxxpredictive
97Argumentxxxxxxxxpredictive
98Argumentxxxxx_xxpredictive
99Argumentxxpredictive
100Argumentxxxxpredictive
101Argumentxx_xxpredictive
102Argumentxxpredictive
103Argumentxxxxxxxpredictive
104Argumentxxxxxxxpredictive
105Argumentxxpredictive
106Argumentxxpredictive
107Argumentxxxxxxxxxpredictive
108Argumentxxxx_xxxxpredictive
109Argumentxxxxxxpredictive
110Argumentxxx_xxxx_x/xxx_xxxx_xpredictive
111Argumentxxxpredictive
112Argumentxx_xxxxpredictive
113Argumentxxxxxxxpredictive
114Argumentxxx_xxpredictive
115Argumentxxxxx[x][xxx]predictive
116Argumentxxxpredictive
117Argumentxxxxxxpredictive
118Argumentxxxxxxxxxxpredictive
119Argumentxxxxxxxxxpredictive
120Argumentxxxpredictive
121Argumentxxx_xxxxpredictive
122Argumentxxx_xxxxxxxpredictive
123Argumentxxxxxxxxxpredictive
124Argumentxxxpredictive
125Argumentxxxxxpredictive
126Argumentxxxx_xxpredictive
127Argumentxxxxxx_xxpredictive
128Argumentxxxxxpredictive
129Argumentxxxxxpredictive
130Argumentxxxpredictive
131Argumentxxpredictive
132Argumentxxxpredictive
133Argumentxxxxxxxxpredictive
134Argument_xxxxxxxpredictive
135Input Value%xxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!