Emissary 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (8)

语言

en	6
zh	2

国家/地区

cn	4
us	2

演员

Emissary	4
Potao	1

利益

类型

WordPress Plugin	2
Programming Language Software	2
Web Browser	2

供应商

Not Defined	4
Microsoft	2

产品

qtranslate-x Plugin	2
PHP	2
Microsoft Edge	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	WordPress WP_Query class-wp-query.php SQL注入	8.5	8.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00318	0.02	CVE-2017-5611
2	qtranslate-x Plugin 跨网站请求伪造	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00202	0.00	CVE-2015-9431
3	NetIQ Access Manager iManager Admin Console Credentials 信息公开	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00568	0.00	CVE-2016-5757
4	Microsoft Edge 内存损坏	6.0	5.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.06316	0.00	CVE-2018-8301
5	PHP 权限升级	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00683	0.02	CVE-2012-0057
6	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192

活动 (1)

These are the campaigns that can be associated with the actor:

Emissary

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	活动	Identified	类型	可信度
1	101.55.33.92		Lotus Blossom	Emissary	2020-12-17	verified	高
2	101.55.33.95		Lotus Blossom	Emissary	2020-12-17	verified	高
3	101.55.121.79		Lotus Blossom	Emissary	2020-12-17	verified	高
4	XXX.XXX.XX.XXX		Xxxxx Xxxxxxx	Xxxxxxxx	2020-12-17	verified	高
5	XXX.XXX.XXX.XXX		Xxxxx Xxxxxxx	Xxxxxxxx	2020-12-17	verified	高
6	XXX.X.XXX.XXX		Xxxxx Xxxxxxx	Xxxxxxxx	2020-12-17	verified	高
7	XXX.X.XXX.XXX		Xxxxx Xxxxxxx	Xxxxxxxx	2020-12-17	verified	高
8	XXX.XXX.XXX.X	xxxxxx.xxx.xxxx.xxx.xx	Xxxxxxxx		2020-12-23	verified	高
9	XXX.XXX.XX.XX	xxxxxx.xxx.xxx.xx	Xxxxx Xxxxxxx	Xxxxxxxx	2020-12-17	verified	高
10	XXX.XX.XXX.XX		Xxxxx Xxxxxxx	Xxxxxxxx	2020-12-17	verified	高
11	XXX.XX.XXX.XX	xxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxxx		2020-12-23	verified	高
12	XXX.XXX.XX.XXX	xxxxxxxxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxxx	Xxxxxxxx	2020-12-17	verified	高
13	XXX.XXX.XX.XXX	xxxxxxxxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxxx		2021-08-29	verified	高
14	XXX.XXX.XXX.XX		Xxxxx Xxxxxxx	Xxxxxxxx	2020-12-17	verified	高
15	XXX.XXX.XXX.XX		Xxxxx Xxxxxxx	Xxxxxxxx	2020-12-17	verified	高

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1068	CWE-264	Execution with Unnecessary Privileges	predictive	高
2	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
3	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	data/gbconfiguration.dat	predictive	高
2	File	xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-x	predictive	高
3	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	高
4	Argument	xxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxx	predictive	高

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!