TA416 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

言語

en	40
zh	10
es	2
fr	2

国・地域

cn	44
us	2
fr	2

アクター

Mustang Panda	2
PlugX	2
PingPull	1
Cobalt Strike	1
Sliver	1

関心

タイプ

Not Defined	24
JavaScript Library	8
Content Management System	4
Cloud Software	4
Operating System	4

ベンダー

Not Defined	26
cpp-ethereum	2
SAP	2
Netgear	2
Microsoft	2

製品

Next.js	8
cpp-ethereum JSON-RPC	2
SAP Business Connector	2
DedeCMS	2
Netgear EX6100v1	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	GossipSub Topic Message 特権昇格	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00133	0.02	CVE-2022-47547
2	Apple macOS Audio メモリ破損	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00144	0.03	CVE-2019-8706
3	Juniper Junos Multiservices PIC Management Daemon サービス拒否	9.1	8.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2020-1660
4	Oracle Diagnostic Assistant Jsch/jQuery クロスサイトスクリプティング	6.1	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00660	0.00	CVE-2015-9251
5	F-Secure Safe Browser Address Bar 特権昇格	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.00	CVE-2022-28873
6	Samba AD Domain Privilege Escalation	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00099	0.00	CVE-2020-25717
7	Dmxready Site Chassis Manager クロスサイトスクリプティング	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00156	0.00	CVE-2004-2188
8	Axiomatic Bento4 mp42aac サービス拒否	4.5	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.04	CVE-2023-29575
9	Counter Box Plugin 未知の脆弱性	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00106	0.00	CVE-2022-2245
10	AVEVA Wonderware System Platform IPC Credentials 特権昇格	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00104	0.02	CVE-2019-6525
11	IBM Engineering Web UI クロスサイトスクリプティング	4.4	4.4	$0-$5k	$5k-$25k	Not Defined	Not Defined	0.00050	0.04	CVE-2020-4857
12	SAP Business Connector Resource Settings Page クロスサイトスクリプティング	3.6	3.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.02	CVE-2024-30215
13	pimcore クロスサイトスクリプティング	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00056	0.00	CVE-2023-2630
14	Apache Struts 特権昇格	9.8	9.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.95739	0.05	CVE-2013-2135
15	AirTies Air 5343v2 top.html クロスサイトスクリプティング	5.2	5.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00110	0.03	CVE-2018-17591
16	cpp-ethereum JSON-RPC miner_setEtherbase API 特権昇格	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01274	0.06	CVE-2017-12115
17	Microsoft Windows Active Directory Domain Services Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00246	0.05	CVE-2022-34691
18	Georg Ringer News SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00157	0.00	CVE-2013-4748
19	Huawei HarmonyOS Security Module サービス拒否	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00097	0.00	CVE-2022-41582
20	MySQL メモリ破損	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00907	0.00	CVE-2001-1274

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	45.154.14.235		TA416	2022年03月12日	verified	高
2	XX.XX.XXX.XXX		Xxxxx	2022年03月12日	verified	高
3	XX.XXX.XXX.XX	xx.xxx.xxx.xx.xxxxxx.xxxx.xxx	Xxxxx	2022年03月12日	verified	高
4	XXX.XXX.XXX.XX		Xxxxx	2022年03月12日	verified	高
5	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxx	2021年06月01日	verified	高

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	高
4	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
9	TXXXX.XXX	CAPEC-154	CWE-XXX	Xxxxxxxxxxxx	predictive	高
10	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
11	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
12	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
13	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/file/upload/1	predictive	高
2	File	/_error	predictive	低
3	File	article_coonepage_rule.php	predictive	高
4	File	xxxx-xxx/xxxxxxx.x	predictive	高
5	File	xxxxxxxx/xxxxxxxxx	predictive	高
6	File	xxxx.xxxxxx.xx	predictive	高
7	File	xxxxx/_xxxxx.xx	predictive	高
8	File	xxx.xxxxxxxxx	predictive	高
9	File	xxxxxx/xxxxxxx/xxxxxx/xxxx_xxxx.xxx	predictive	高
10	File	xxxxxxxxxxxx.xxx	predictive	高
11	File	xxx.xxxx	predictive	中
12	File	xxx/xxxxxx/xxxxxxxx/xxxxxxxxx.xxx	predictive	高
13	Argument	${}	predictive	低
14	Argument	xxxxxxxxxxx	predictive	中
15	Argument	xxxxxx	predictive	低
16	Argument	xxx	predictive	低
17	Argument	xxxxx	predictive	低
18	Argument	xxxxxxxxxxxxxxxx	predictive	高
19	Argument	xxx	predictive	低
20	Argument	xxxxxxxx	predictive	中
21	Network Port	xxxxx xxx-xxx	predictive	高

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!