BelialDemon 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

语言

en	22

演员

BelialDemon	1

利益

类型

Not Defined	12
Ticket Tracking Software	2
Cloud Software	2
Smartphone Operating System	2

供应商

Not Defined	4
Tenda	4
United Planet	2
Symantec	2
SonicBOOM	2

产品

osTicket	2
Tenda W30E	2
United Planet Intrexx Professional	2
Symantec Messaging Gateway	2
ownCloud	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	SonicBOOM riscv-boom 权限升级	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.00	CVE-2020-29561
2	United Planet Intrexx Professional 跨网站脚本	4.8	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00089	0.00	CVE-2020-24188
3	Huawei Mate 20 Digital Balance 权限升级	3.9	3.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00058	0.00	CVE-2020-1831
4	Aviatrix Controller Web Interface 跨网站请求伪造	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.00	CVE-2020-13416
5	Tenda Tenda W30E NatStaticSetting 内存损坏	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.00	CVE-2022-45516
6	Tenda W30E CertListInfo 内存损坏	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.00	CVE-2022-45525
7	thinkphp-bjyblog AdminBaseController.class.php exit 跨网站脚本	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.00	CVE-2021-43682
8	WPG Plugin 内存损坏	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01367	0.00	CVE-2021-27362
9	ownCloud 权限升级	6.8	6.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2020-28645
10	Star Practice Management Web WIP Detail 权限升级	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00065	0.00	CVE-2020-28401
11	Microsoft .NET Framework XML 拒绝服务	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00410	0.00	CVE-2018-0764
12	Wireshark Dissection Engine 拒绝服务	4.2	4.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00334	0.00	CVE-2020-26419
13	Sympa SOAP API authenticateAndRun 权限升级	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00266	0.00	CVE-2020-29668
14	Symantec Messaging Gateway Web UI 信息公开	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00065	0.02	CVE-2020-12595
15	Google Chrome Omnibox 弱身份验证	6.4	6.1	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00542	0.00	CVE-2020-6565
16	osTicket ajax.draft.php _uploadInlineImage 跨网站脚本	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00078	0.00	CVE-2020-24917
17	uppy Package 权限升级	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00327	0.00	CVE-2020-8205

活动 (1)

These are the campaigns that can be associated with the actor:

Matanbuchus

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	活动	Identified	类型	可信度
1	34.94.151.129	129.151.94.34.bc.googleusercontent.com	BelialDemon	Matanbuchus	2021-08-29	verified	中
2	XX.XXX.XX.XX	xx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxxx	Xxxxxxxxxxx	2021-08-29	verified	中
3	XX.XXX.XXX.XXX	xxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxxx	Xxxxxxxxxxx	2021-08-29	verified	中

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1059.007	CWE-79	Cross Site Scripting	predictive	高
2	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
3	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/goform/CertListInfo	predictive	高
2	File	/goform/NatStaticSetting	predictive	高
3	File	xxxxxxxxxxxxxxxxxxx.xxxxx.xxx	predictive	高
4	File	xxxxxxx/xxxx.xxxxx.xxx	predictive	高
5	Argument	xxxxxxxxxx	predictive	中
6	Argument	xxxx	predictive	低
7	Argument	xxxxxxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!