Wiper 解析

IOB - Indicator of Behavior (773)

タイムライン

言語

en390
de180
fr138
it38
es16

国・地域

us444
fr320
it6
ir2
de2

アクター

アクティビティ

関心

タイムライン

タイプ

ベンダー

製品

Microsoft Windows20
WordPress14
Das U-Boot8
Mozilla Firefox6
Phorum6

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.520.00943CVE-2010-0966
3Woltlab Burning Board register.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00957CVE-2007-1443
4Magic Photo Storage Website register.php 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
5YaBB register.pl メモリ破損10.08.7$0-$5k計算中UnprovenOfficial Fix0.000.17348CVE-2007-3208
6WordPress wp-register.php クロスサイトスクリプティング4.34.2$5k-$25k$0-$5kHighUnavailable0.000.00322CVE-2007-5105
7Phpwebgallery register.php クロスサイトスクリプティング4.34.3$0-$5k計算中Not DefinedNot Defined0.030.00759CVE-2007-1109
8Expinion.net News Manager Lite comment_add.asp クロスサイトスクリプティング4.33.8$0-$5k計算中UnprovenOfficial Fix0.020.00607CVE-2004-1845
9Phorum register.php クロスサイトスクリプティング6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01601CVE-2007-0769
10SSReader Ultra Star Reader ActiveX Control pdg2.dll Register メモリ破損10.09.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.05274CVE-2007-5892
11SSReader Ultra Star Reader ActiveX Control register メモリ破損7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.03599CVE-2007-5807
12StoreSprite register.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01954CVE-2007-4307
13AlstraSoft AskMe Pro register.php クロスサイトスクリプティング3.53.5$0-$5k計算中Not DefinedNot Defined0.000.00000
14Microsoft Register Server サービス拒否5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.000.00350CVE-2007-3658
15Scribe forum.php register 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.060.02167CVE-2007-5822
16WordPress wp-register.php クロスサイトスクリプティング4.34.2$5k-$25k$0-$5kHighUnavailable0.040.00533CVE-2007-5106
17Andys Chat register.php メモリ破損10.010.0$0-$5k$0-$5kNot DefinedUnavailable0.000.03106CVE-2006-7036
18PBSite register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00000
19LushiWarPlaner register.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.100.00821CVE-2007-0864
20TeamCal register.php ディレクトリトラバーサル3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00000

IOC - Indicator of Compromise (31)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
12.230.110.1372-230-110-137.ip201.fastwebnet.itWiper2022年05月20日verified
224.199.247.222webmail.capefearclinic.orgWiper2022年05月20日verified
337.71.147.186186.147.71.37.rev.sfr.netWiper2022年05月20日verified
437.99.163.162mail.futuregrp.orgWiper2022年05月20日verified
550.255.126.6550-255-126-65-static.hfc.comcastbusiness.netWiper2022年05月20日verified
658.185.154.99Wiper2021年01月01日verified
770.62.153.174rrcs-70-62-153-174.central.biz.rr.comWiper2022年05月20日verified
8XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxx.xxxx.xxXxxxx2022年05月20日verified
9XX.XX.XXX.XXXxxxxxxxx-xxx-x-xxx-xxx.xxx-xx.xxx.xxxxxxx.xxXxxxx2022年05月20日verified
10XX.XXX.XX.XXXxxxxxxxxx.xxxx.x-xxxxxxxxx.xxXxxxx2022年05月20日verified
11XX.XXX.XX.XXXXxxxx2022年05月20日verified
12XX.X.XXX.XXXxxxx.xxxxxx.xxx.xxXxxxx2022年05月20日verified
13XX.XXX.XX.XXXxxxxxxxx.xxxxxxx.xxxXxxxx2022年05月20日verified
14XX.XX.XXX.XXxx-xx-xxx-xx.xxxx.xxxxxxxx.xxXxxxx2021年01月01日verified
15XX.XX.XXX.XXXxxxxxxxxxxxxxx-xxx-x-xxx-xxx.xxx-xx.xxx.xxxxxxx.xxXxxxx2022年05月20日verified
16XX.XX.XXX.XXxx-xx-xxx-xx.xxxxx.xxxxxxxxxx.xxXxxxx2022年05月20日verified
17XX.XX.XX.XXXxx-xx-xx-xxx-xxxxxx.xxx.xxxxxxxxxxxxxxx.xxxXxxxx2022年05月20日verified
18XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx-xx.xxxxxxxxxxx.xxxXxxxx2022年05月20日verified
19XXX.XXX.XXX.XXXXxxxx2022年05月20日verified
20XXX.XXX.XX.XXXxx-xxx-xxx-xxx-xxx.xxxx.xxxxx.xxxxxxxx-xx.xxXxxxx2022年05月20日verified
21XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxx.xxxxxxxxxx.xxXxxxx2022年05月20日verified
22XXX.XX.XXX.XXXxxxx2022年05月20日verified
23XXX.XXX.XXX.XXXXxxxx2022年05月20日verified
24XXX.XXX.XX.XXXxxxxx-x.xxx-xxxxxxx.xxxXxxxx2022年05月20日verified
25XXX.XX.XXX.XXXXxxxx2021年01月01日verified
26XXX.XX.XX.XXxxxxx.xxx.xxxXxxxx2022年05月20日verified
27XXX.XXX.XXX.XXXXxxxx2022年05月20日verified
28XXX.XXX.XXX.XXxxxx-xxx-xxx-xxx-xx.xxxxxx.xxxxxxx.xxxXxxxx2022年05月20日verified
29XXX.XXX.XXX.XXXxxxxxxx.xxxxxxx.xxXxxxx2022年05月20日verified
30XXX.XX.XX.XXxxxx-xxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxxx.xxXxxxx2022年05月20日verified
31XXX.XX.XX.XXXXxxxx2021年01月01日verified

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (184)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/nobodypredictive
2File/doorgets/app/views/ajax/commentView.phppredictive
3File/etc/passwdpredictive
4File/GponForm/device_Form?script/predictive
5File/index.phppredictive
6File/index.php?controller=GzUser&action=edit&id=1predictive
7File/rom-0predictive
8File/timeline2.phppredictive
9File/tmppredictive
10File/uncpath/predictive
11File/user-utils/users/md5.jsonpredictive
12File/wp-admin/admin-ajax.phppredictive
13FileAbstractController.phppredictive
14FileActBar.ocxpredictive
15Fileadclick.phppredictive
16Fileadd_comment.phppredictive
17Fileadd_ons.phppredictive
18Fileadmin.comms.phppredictive
19Fileadmin.phppredictive
20Fileadmin/bad.phppredictive
21Fileadmin/users/newpredictive
22Fileadmincp.php?app=user&do=savepredictive
23Fileajax.php?type=../admin-panel/autoload&page=manage-userspredictive
24Fileapc.phppredictive
25Filexxxxxxx.xxxpredictive
26Filexxxx_xxxxxxxxxxx.xxxpredictive
27Filexxx-xxx/predictive
28Filexxx/xxx.xpredictive
29Filexxxxxxx_xxx.xxxpredictive
30Filexxxxxxx.xpredictive
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
32Filexxxxxx_xxxxx.xpredictive
33Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictive
34Filexxxx_x.xpredictive
35Filexxxxxxx/xxxxx/xxxxxx.xpredictive
36Filexxxxxxx/xxx/xxxxx/xxx-xxxxx.xpredictive
37Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxxxxxx.xpredictive
38Filexxxxxxx.xpredictive
39Filexxxxx.xxxpredictive
40Filexxxxxxxxxxxxxx.xxpredictive
41Filexxxx.xxxpredictive
42Filexxx/xxxx/xxxx.xpredictive
43Filexxxx.xxxpredictive
44Filexxxxxxx/xxxx_xxxxxxxxx.xxxpredictive
45Filexxxxx.xxxpredictive
46Filexxxxxx/xxxxxx.xxxxpredictive
47Filexxxx.xxxpredictive
48Filexxxxxxxxx.xxxpredictive
49Filexx.xxpredictive
50Filexxx/xxxxxx.xxxpredictive
51Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictive
52Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxxpredictive
53Filexxxxx.xxxpredictive
54Filexxxxxxxxx/xxx/xxxxxx.xpredictive
55Filexxxxxxxxx/xxx/xxxx.xpredictive
56Filexxxx.xxxpredictive
57Filexxx.xxxpredictive
58Filexxx/xxx_xxxxxxx_xx.xpredictive
59Filexxxxxx/xxx/xxxxxxxx.xpredictive
60Filexxxxxxxxx/xxxx-xxxxxx.xpredictive
61Filexxxxx.xxx.xxxpredictive
62Filexxxxxxx.xxxpredictive
63Filexxxxx.xxpredictive
64Filexxxxx.xxxpredictive
65Filexxxxxx.xxx?x=xxxxxxx_xxx&xxpredictive
66Filexxxxxxxx.xxxpredictive
67Filexxx/xxx_xxx.xpredictive
68Filexx.xxxpredictive
69Filexxxx.xxxxxx.xxpredictive
70Filexxxxx/xxx/xxxx_xxxxx.xpredictive
71Filexxxx.xxxpredictive
72Filexxxxx.xxpredictive
73Filexxxxx-xxx.xpredictive
74Filexxx-xxxx.xpredictive
75Filexxxxx.xxxpredictive
76Filexxxxx.xxxpredictive
77Filexxxxxxxx.xxxpredictive
78Filexxxxxxxx.xxxxpredictive
79Filexxxxxxxx.xxxpredictive
80Filexxxxxxxx.xxxpredictive
81Filexxxxxxxx.xxpredictive
82Filexxxxxxxx_xxxxxx.xxxpredictive
83Filexxxxxxxxxpredictive
84Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictive
85Filexxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxx.xxxpredictive
86Filexxxxxxxxxxxxxxxxxx.xxxxpredictive
87Filex.xxxpredictive
88Filexxxxxx.xxxpredictive
89Filexxxxxx/xxxxxxxx.xxxpredictive
90Filexxxxxxx/xxxxx/xxxx-xxx/xxxxxx.xpredictive
91Filexxxxxxxx/xxxxxxxxxxx/xxxxx/predictive
92Filexxxxxx.xxxpredictive
93Filexxxxx.xpredictive
94Filexxxx.xpredictive
95Filexxxxxxx/xxxxxxxx.xxxpredictive
96Filexxxx.xxxpredictive
97Filexxxxxxxxxxx.xpredictive
98Filexxxxxxxxxxxxxxxx.xxxxpredictive
99Filexxxxx.xxpredictive
100Filexxxxxxxx.xpredictive
101Filexxxx-xxxxxxxx.xxxpredictive
102Filexxxxxxx.xxxpredictive
103Filexxxx/xxxxxxxx.xxxpredictive
104Filexxxxx/xxxxxxxx.xxxpredictive
105Filexxxx/xxxxxxxx.xxxpredictive
106Filexx-xxxxx/xxxxx-xxxx.xxx?xx-xxxxx-xxxxxx[]=xxxxxxxxpredictive
107Filexx-xxxxx.xxxpredictive
108Filexx-xxxxxxxx.xxxpredictive
109Filexxxxxx.xxxpredictive
110Libraryxxxxxxxx.xxxpredictive
111Libraryxxx/xxx/xxxxxx.xxpredictive
112Libraryxxx/xxx/xxxxx.xxxpredictive
113Libraryxxxxxxxx.xxxpredictive
114Libraryxxxxxxxx.xxxpredictive
115Libraryxxxx.xxxpredictive
116Libraryxxx/xxx/xxxx/xxx/xxxx.xxxpredictive
117Argumentxxxxxxxpredictive
118Argumentxxxxxxpredictive
119Argumentxxx_xxxpredictive
120Argumentxxxx_xxxxpredictive
121Argumentxxxxxxxxpredictive
122Argumentxxxx_xxpredictive
123Argumentxxxxxxxxxxxxxpredictive
124Argumentxxxxxxxpredictive
125Argumentxxxxpredictive
126Argumentxxxxxxxpredictive
127Argumentxxxxxxxxxxx/xxxx/xxxxxxxpredictive
128Argumentxxxxpredictive
129Argumentxxxxxpredictive
130Argumentxxxxxpredictive
131Argumentxxxxxxx=xxxxxxxxpredictive
132Argumentxxxxpredictive
133Argumentxxxx_xxxxxpredictive
134Argumentxxxxxxxxpredictive
135Argumentxxpredictive
136Argumentxx_xxxxxxxxpredictive
137Argumentxxxpredictive
138Argumentxxxxxxx_xxxxpredictive
139Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictive
140Argumentxxxxpredictive
141Argumentxxxxxxxxxxxxxpredictive
142Argumentxxxxxx?xxxxxxpredictive
143Argumentxxxxxxxpredictive
144Argumentxxxxpredictive
145Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
146Argumentxxxxpredictive
147Argumentxxxxpredictive
148Argumentxxxxpredictive
149Argumentxxxxxxxxpredictive
150Argumentxxxx_xxxxpredictive
151Argumentxxxxxxxxxxxxpredictive
152Argumentxxxxxxxxxpredictive
153Argumentxxxxxxxx/xxxx/xxxxxpredictive
154Argumentxxxxxxxpredictive
155Argumentxxx_xxxxpredictive
156Argumentxxxxxxxxpredictive
157Argumentxxxx/xxxxpredictive
158Argumentxxxxxxpredictive
159Argumentxxxxxxxxxxxxpredictive
160Argumentxxxxxxpredictive
161Argumentxxxpredictive
162Argumentxxxxxxxxxxpredictive
163Argumentxxxxpredictive
164Argumentxxxxxxxxpredictive
165Argumentxxxxxpredictive
166Argumentxxx/xxxxx_xxxxxxx.$predictive
167Argumentxxxxpredictive
168Argumentxxxpredictive
169Argumentxxxxxpredictive
170Argumentxxxpredictive
171Argumentxxxxxxxxpredictive
172Argumentxxxx_xxxxxpredictive
173Argumentxxxx_xxxxxpredictive
174Argumentxxxpredictive
175Argument_xxxxxx[xxxx_xxxx]predictive
176Input Valuexxxxpredictive
177Input Valuexxxxxxxxx' xxx 'x'='xpredictive
178Input Valuexxxxpredictive
179Pattern|xx|xx|xx|predictive
180Pattern|xx|xxx|xx xx xx xx|predictive
181Network Portxxxx xxxxpredictive
182Network Portxxx/xxxx (xxx)predictive
183Network Portxxx/xxxxxpredictive
184Network Portxxx xxxxxx xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!