TA413 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

言語

en	44
zh	20

国・地域

cn	44
us	18
gb	2

アクター

TA413	3
Cobalt Strike	2

関心

タイプ

Not Defined	18
Network Management Software	8
Content Management System	6
Firewall Software	6
Cloud Software	4

ベンダー

Not Defined	18
Microsoft	4
NEC	2
Intellian	2
D-Link	2

製品

PRTG Network Monitor	8
Microsoft Azure Open Management Infrastructure	2
NEC SOCKS5	2
Microsoft Windows	2
Intellian Aptus Web	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Fortinet FortiOS SSL VPN メモリ破損	8.7	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00261	0.00	CVE-2021-26109
2	Cisco Wireless LAN Controller CAPWAP 情報の漏洩	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00227	0.00	CVE-2018-0442
3	PRTG Network Monitor Screenshot 情報の漏洩	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.00	CVE-2021-27220
4	PRTG Network Monitor Web Console 特権昇格	6.7	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.53682	0.04	CVE-2018-9276
5	WordPress wp-db-backup.php ディレクトリトラバーサル	7.3	6.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	0.02	CVE-2008-0194
6	WordPress wp_crop_image ディレクトリトラバーサル	5.9	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.95884	0.02	CVE-2019-8943
7	open-graph 特権昇格	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00236	0.03	CVE-2021-23419
8	Microsoft Windows Win32k Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00048	0.06	CVE-2024-20683
9	Oracle Database Java VM 特権昇格	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00182	0.03	CVE-2018-3004
10	Sierra Wireless AirLink LS300 特権昇格	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00439	0.02	CVE-2018-10251
11	Apple iOS/iPadOS WebKit メモリ破損	6.3	6.0	$100k 以上	$25k-$100k	High	Official Fix	0.00243	0.00	CVE-2022-22620
12	Apache APR-util apr-util apr_rmm.c apr_rmm_realloc Remote Code Execution	10.0	9.4	$25k-$100k	$0-$5k	Proof-of-Concept	Not Defined	0.10955	0.00	CVE-2009-2412
13	rails_multisite 特権昇格	7.4	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.00	CVE-2021-41263
14	RDoc Filename Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00065	0.06	CVE-2021-31799
15	Fortinet FortiOS/FortiProxy autod Daemon 特権昇格	8.3	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.02	CVE-2021-26110
16	Citrix ADC/Gateway/SD-WAN WANOP SAML Authentication 特権昇格	5.5	5.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00152	0.02	CVE-2021-22920
17	ManageEngine Desktop Central Notification Server 特権昇格	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00111	0.00	CVE-2021-28960
18	Palo Alto PAN-OS GlobalProtect Portal メモリ破損	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00234	0.03	CVE-2021-3064
19	Cisco IOS XE CAPWAP Packet メモリ破損	8.0	7.9	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00137	0.00	CVE-2021-34769
20	Fortinet FortiOS Two Factor Authentication 弱い認証	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02923	0.00	CVE-2020-12812

キャンペーン (1)

These are the campaigns that can be associated with the actor:

FriarFox Browser Extension

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	115.126.6.47		TA413	FriarFox Browser Extension	2021年05月31日	verified	高
2	XXX.XX.X.XX		Xxxxx	Xxxxxxxx Xxxxxxx Xxxxxxxxx	2021年05月31日	verified	高
3	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxx.xxx	Xxxxx	Xxxxxxxx Xxxxxxx Xxxxxxxxx	2021年05月31日	verified	中

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	高
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
5	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
7	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/public/login.htm	predictive	高
2	File	/usr/bin/sonia	predictive	高
3	File	index.php	predictive	中
4	File	xxxxxxxxxx.xxx	predictive	高
5	File	xxxx/xxx_xxx.x	predictive	高
6	File	xxxxx.xxx	predictive	中
7	File	xxxxx.x	predictive	低
8	File	xxxxxxxxxxxxx.xxx	predictive	高
9	File	xxx xxxxxxx	predictive	中
10	File	xx-xx-xxxxxx.xxx	predictive	高
11	Library	xxxxxxxxxxx.xxx	predictive	高
12	Argument	xxxxxx	predictive	低
13	Argument	xxxxxxx	predictive	低
14	Argument	xxxx->xxxxxxx	predictive	高
15	Input Value	.xxx?/../../xxxx.xxx	predictive	高
16	Input Value	xxxxxxxx	predictive	中

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!