DEV-0322 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (86)

语言

en	58
zh	20
es	2
pl	2
de	2

国家/地区

cn	50
us	34

演员

DEV-0322	8
Cobalt Strike	5
APT41	1

利益

类型

Not Defined	42
Router Operating System	6
File Transfer Software	4
Firewall Software	4
Operating System	4

供应商

Not Defined	32
Adobe	10
Texas Imperial Software	2
Tenda	2
TP-LINK	2

产品

Adobe Magento Commerce	10
Texas Imperial Software wftpd	2
Tenda AC15	2
Tenda AC1900	2
jforum	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	CTI	EPSS	CVE
1	MGB OpenSource Guestbook email.php SQL注入	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.85	0.01302	CVE-2007-0354
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	VMware Horizon Client/Horizon Message Framework Library 信息公开	6.4	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00379	CVE-2018-6970
4	Sustainsys.Saml2 未知漏洞	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.00054	CVE-2023-41890
5	WeiYe-Jing datax-web HTTP POST Request killJob 权限升级	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.33	0.00256	CVE-2023-7116
6	cskefu 权限升级	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00084	CVE-2022-36521
7	Apple macOS AppleMobileFileIntegrity 信息公开	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00060	CVE-2023-23499
8	Tesla Model 3 Mobile App Phone Key Authentication 弱身份验证	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00047	CVE-2022-37709
9	SSH SSH-1 Protocol 弱加密	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06	0.00258	CVE-2001-1473
10	Laravel PendingBroadcast.php __destruct 权限升级	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00049	CVE-2022-31279
11	EmdedThis GoAhead 权限升级	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.03418	CVE-2021-42342
12	Next.js URL 拒绝服务	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00374	CVE-2021-43803
13	Next.js _error.js Redirect	5.0	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00062	CVE-2021-37699
14	Swagger UI CSS 权限升级	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.01741	CVE-2019-17495
15	OpenSSL c_rehash 权限升级	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.09738	CVE-2022-1292
16	Hikvision Product Message 权限升级	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.97493	CVE-2021-36260
17	HD-Network Real-time Monitoring System Parameter lang 目录遍历	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.05404	CVE-2021-45043
18	CodeIgniter HTTP Request 权限升级	8.3	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00195	CVE-2022-24711
19	jwt-go Access Restriction 权限升级	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00193	CVE-2020-26160
20	Yoast SEO Plugin REST Endpoint posts 信息公开	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00173	CVE-2021-25118

活动 (2)

These are the campaigns that can be associated with the actor:

CVE-2021-35211
Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	活动	Identified	类型	可信度
1	24.64.36.238	mail.target-realty.com	DEV-0322	ManageEngine ADSelfService Plus	2021-11-11	verified	高
2	45.63.62.109	45.63.62.109.vultr.com	DEV-0322	ManageEngine ADSelfService Plus	2021-11-11	verified	中
3	45.76.173.103	45.76.173.103.vultr.com	DEV-0322	ManageEngine ADSelfService Plus	2021-11-11	verified	中
4	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxx.xxx	Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021-11-11	verified	中
5	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxx.xxx	Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021-11-11	verified	中
6	XX.XXX.XXX.XX	xxxxxxx-xxx-xxx-xx-xxx-xxx-xx.xxxxxx.xx	Xxx-xxxx	Xxx-xxxx-xxxxx	2021-07-14	verified	高
7	XX.XX.XX.XX	xxxx-xx-xx-xx-xx.xx.xxx.xx.xxx	Xxx-xxxx	Xxx-xxxx-xxxxx	2021-07-14	verified	高
8	XX.XXX.XXX.XX	xxxx-xxx-xxx-xx.xx.xx.xxx.xxx	Xxx-xxxx	Xxx-xxxx-xxxxx	2021-07-14	verified	高
9	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxx.xxx	Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021-11-11	verified	中
10	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxxxxx.xxx	Xxx-xxxx	Xxx-xxxx-xxxxx	2021-07-14	verified	高
11	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxx.xxx	Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021-11-11	verified	中
12	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxx.xxx	Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021-11-11	verified	中
13	XXX.XXX.XX.XXX		Xxx-xxxx	Xxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx	2021-11-11	verified	高
14	XXX.XXX.XX.XX	xx.xx.xxx.xxx.xxxxxx.xxxx.xxxxx.xx	Xxx-xxxx	Xxx-xxxx-xxxxx	2021-07-14	verified	高

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-21, CWE-22, CWE-23	Path Traversal	predictive	高
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	T1059	CWE-94	Argument Injection	predictive	高
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
10	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
11	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	高
12	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
13	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
14	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/api/log/killJob	predictive	高
2	File	/language/lang	predictive	高
3	File	admin/conf_users_edit.php	predictive	高
4	File	c_rehash	predictive	中
5	File	data/gbconfiguration.dat	predictive	高
6	File	xxxxx.xxx	predictive	中
7	File	xxxx.xxx	predictive	中
8	File	xxxxxx/xxxxxxxxxxxx	predictive	高
9	File	xxxxxxxxxxxxxxxxxxx.xxxx	predictive	高
10	File	xxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxx	predictive	高
11	File	xxxxx_xxxxxxx.xxx	predictive	高
12	File	xxxxxxx.x	predictive	中
13	File	xxxxxxx.xxx	predictive	中
14	File	xxxxx/_xxxxx.xx	predictive	高
15	File	xxxxx.xxx	predictive	中
16	File	xxxxxxxx.xxx	predictive	中
17	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	高
18	File	xxxxxxxx_xxxx.xxx	predictive	高
19	File	xxxxxxxxxxxxxxxxxxxxxxxxx.xx	predictive	高
20	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	高
21	File	xx/xxxxxxxxx/xx	predictive	高
22	File	xxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	高
23	File	xxx/xxx-xxxxxxxxxx/xxxx-xxxxxx/xxxxxx.xxx	predictive	高
24	File	xx-xxxxx.xxx	predictive	中
25	File	xx/xx/xxxxx	predictive	中
26	Argument	--xxxxxx/--xxxxxxxx	predictive	高
27	Argument	xxxxxxxxxx	predictive	中
28	Argument	xxxxx_xxxxxx	predictive	中
29	Argument	xx	predictive	低
30	Argument	xx	predictive	低
31	Argument	xxxxx	predictive	低
32	Argument	xxxxxxx_xxx	predictive	中
33	Argument	xxxxxxxxx	predictive	中
34	Argument	xxxxxx_xxx	predictive	中
35	Argument	x_xxxxxxxx	predictive	中
36	Argument	xxxxxxx.xx-xxxxx-xxxx	predictive	高
37	Input Value	/../	predictive	低
38	Input Value	[]xxxxxx{}/x["xxx"]	predictive	高
39	Pattern	xxxxxxxxxxx	predictive	中
40	Network Port	xxx/xxxx	predictive	中

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!