Expiro 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (248)

时间轴

语言

en202
de18
fr8
ru8
es6

国家/地区

us102
ru52
fr6
cz4
ir4

演员

Expiro9
Ramnit2
Emotet1
Cobalt Strike1
STTEAM1

活动

利益

时间轴

类型

Not Defined70
Content Management System34
Operating System12
WordPress Plugin10
Image Processing Software10

供应商

Not Defined88
Microsoft14
Cisco8
Micro Focus4
Apache4

产品

Microsoft Windows10
WordPress6
Micro Focus VisiBroker4
Apache HTTP Server4
Mozilla Firefox4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1TikiWiki tiki-register.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.20CVE-2006-6168
2Phplinkdirectory PHP Link Directory conf_users_edit.php 跨网站请求伪造6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.08CVE-2011-0643
3Python Software Foundation BaseHTTPServer HTTP Request 拒绝服务7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.02
4Maran PHP Shop prod.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.001370.03CVE-2008-4879
5OpenSSH Authentication Username 信息公开5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.50CVE-2016-6210
6WordPress SQL注入7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001750.00CVE-2011-3130
7Apache Tomcat CORS Filter 权限升级8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.078490.02CVE-2018-8014
8DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.93CVE-2010-0966
9Apache HTTP Server suEXEC Feature .htaccess 信息公开5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.03
10WordPress WP_Query class-wp-query.php SQL注入8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
11Microsoft Office Object Remote Code Execution7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.973390.02CVE-2017-8570
12TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
13Drupal User Module 权限升级8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002080.00CVE-2016-6211
14Rockwell Automation FactoryTalk Service Platform 权限升级8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-21915
15PHP Link Directory Administration Page index.html 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.23CVE-2007-0529
16TikiWiki tiki-index.php 目录遍历7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014140.31CVE-2007-5684
17AWStats Config awstats.pl 跨网站脚本4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.19CVE-2006-3681
18vu Mass Mailer Login Page redir.asp SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.04CVE-2007-6138
19LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.71
20Suricata Rule 目录遍历6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.02CVE-2023-35852

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
15.79.71.205Expiro2022-08-01verified
25.79.71.225Expiro2022-08-01verified
318.213.250.117ec2-18-213-250-117.compute-1.amazonaws.comExpiro2022-04-28verified
418.215.128.143ec2-18-215-128-143.compute-1.amazonaws.comExpiro2022-04-28verified
535.205.61.6767.61.205.35.bc.googleusercontent.comExpiro2023-06-03verified
635.234.136.1313.136.234.35.bc.googleusercontent.comExpiro2022-08-01verified
746.165.220.145Expiro2022-04-28verified
8XX.XXX.XXX.XXXXxxxxx2022-04-28verified
9XX.XXX.XXX.XXXxxxxx2022-08-01verified
10XX.XXX.XXX.XXXxxxxx2022-08-01verified
11XX.XXX.XX.XXXXxxxxx2023-06-03verified
12XX.X.XXX.XXXxxxxx2023-06-03verified
13XX.XXX.XXX.XXXxx-xxx-xxx-xxx-xx.xxx.xxXxxxxx2022-08-01verified
14XX.XX.XX.XXXxxxxx2022-08-01verified
15XX.XX.XX.XXXXxxxxx2022-08-01verified
16XX.XXX.XXX.XXXXxxxxx2022-04-28verified
17XX.XXX.XXX.XXXxxxxx2023-06-03verified
18XX.XXX.XXX.XXXXxxxxx2022-04-28verified
19XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx2023-06-03verified
20XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx2023-06-03verified
21XXX.XX.XX.XXXxxxxx2022-08-01verified
22XXX.XXX.XX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx2022-08-01verified
23XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxx2022-04-28verified
24XXX.XXX.XXX.XXXxxxxxxx.xxx.xxxx.xxxXxxxxx2023-06-03verified
25XXX.XXX.XXX.XXXxxxxxxx.xxx.xxxx.xxxXxxxxx2022-08-01verified
26XXX.XXX.XXX.XXXXxxxxx2022-08-01verified
27XXX.XXX.XXX.XXXXxxxxx2022-08-01verified
28XXX.XXX.XXX.XXXXxxxxx2022-08-01verified
29XXX.XXX.XXX.XXXXxxxxx2022-08-01verified
30XXX.XXX.XX.XXXxxxxx2022-08-01verified
31XXX.XX.XXX.XXXXxxxxx2023-06-03verified
32XXX.XXX.XXX.XXXxxxxx2022-08-01verified
33XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxx2022-04-28verified
34XXX.XXX.XXX.XXXXxxxxx2022-05-11verified

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
19TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
20TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (136)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File.htaccesspredictive
2File/ajax-files/followBoard.phppredictive
3File/DATAREPORTSpredictive
4File/etc/gsissh/sshd_configpredictive
5File/Forms/predictive
6File/forum/away.phppredictive
7File/getcfg.phppredictive
8File/maint/modules/home/index.phppredictive
9File/uncpath/predictive
10Fileaccount.asppredictive
11Fileaddentry.phppredictive
12Fileadmin/conf_users_edit.phppredictive
13Fileapi.phppredictive
14Fileawstats.plpredictive
15Filecarbon/resources/add_collection_ajaxprocessor.jsppredictive
16Filexxx-xxx/xxx/xxxxxx.xxpredictive
17Filexxx.xxpredictive
18Filexxxxxx.xxxpredictive
19Filexxxxx_xxxx.xxxpredictive
20Filexxxxxxxx/xxxxxxxxxx.xxxxpredictive
21Filexxxxxx/xxx.xpredictive
22Filexxx.xxx.xxxxpredictive
23Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictive
24Filexxxxxxx/xxx_xxxxxxx.xxxpredictive
25Filexxxxxx-xxxx.xpredictive
26Filexxxxx_xxxx.xpredictive
27Filexxxxxxxx.xxxpredictive
28Filexxx/xxxx/predictive
29Filexxxxxxxxxxxxxx.xxxpredictive
30Filexxxx_xxxxxxx.xxx.xxxpredictive
31Filexxx/xxxxxxxxxx.xpredictive
32Filexxxxx.xxxpredictive
33Filexxxx.xxxpredictive
34Filexxxx/xxxxxx.xpredictive
35Filexxxxxxxx.xxxpredictive
36Filexxx/xxxxxx.xxxpredictive
37Filexxxxx.xxxxpredictive
38Filexxxxx.xxxpredictive
39Filexxxxxx/xxxxx/xxxxx.xpredictive
40Filexxxxxxx/xxxx-xxxx.xpredictive
41Filexxxxx.xxxpredictive
42Filexxxx.xpredictive
43Filexxxxxx/xxxxxx.xpredictive
44Filexxxxxxxxxx/xxxxx.xpredictive
45Filexx/predictive
46Filexxx_xxxxx_xxxxxx_xxxxx.xxxpredictive
47Filexxxx.xxxxxxxxxx.xxxpredictive
48Filexxxxxxxx_xxxxxx.xxxpredictive
49Filexxxxx-xxxx.xxxpredictive
50Filexxxx.xxxpredictive
51Filexxxxxxxpredictive
52Filexxxxxx.xxxpredictive
53Filexxxxxxxxxxx_xxxxxx/xxxxxxxxxxxx/xxx_xxxxxxxxxxx.xxxpredictive
54Filexxxxx.xxxpredictive
55Filexxxxxxx.xxpredictive
56Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictive
57Filexxxxxxxxx.xxxpredictive
58Filexxxxxxxxxx.xxxpredictive
59Filexxxxxxxxxxx.xxxpredictive
60Filexxxxxxxxx_xxxxxxxxx.xxxpredictive
61Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictive
62Filexxxxxxx.xxxpredictive
63Filexxxx-xxxxx.xxxpredictive
64Filexxxx-xxxxxxxx.xxxpredictive
65Filexxxxxx.xxxpredictive
66Filexxxxxx-xxxxxxx-xxxx.xxxpredictive
67Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictive
68Filexxxxxxx.xxxpredictive
69Filexxxxxxxxxxxxxxx.xxxpredictive
70Filexxxxx_xx.xxxpredictive
71Filexxxx/xx_xxxxxxx.xxxpredictive
72Filexxxxx/xxxxx.xxpredictive
73Filexxxxxx.xxxpredictive
74Filexxxxxxx/xxxxxx.xpredictive
75Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictive
76Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictive
77Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
78Filexxxxxx.xxxpredictive
79Library/xxx/xxx/xxxx.xxxpredictive
80Libraryxxx/xxxx/xxxxxx.xxpredictive
81Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictive
82Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictive
83Libraryxxxxxxx.xxxpredictive
84Libraryxxxxxx/x/xxxxxxxxpredictive
85Argumentxxxxxxxxpredictive
86Argumentxxxxxpredictive
87Argumentxxxxpredictive
88Argumentxxxpredictive
89Argumentxxxxxxxpredictive
90Argumentxxxxxxxxxxxxxx/xxxxxxxxxxpredictive
91Argumentxxxxxxpredictive
92Argumentxxxxxx[xxxxxxx_xxx]predictive
93Argumentxxxxxxxxxxxxxxxxpredictive
94Argumentxxxxxxxxpredictive
95Argumentxxxxxxxx_xxxxx[]predictive
96Argumentxxxxxxxxxpredictive
97Argumentxxx_xxxxxxxxpredictive
98Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictive
99Argumentxxxxxxxxxpredictive
100Argumentxxxpredictive
101Argumentxxxxpredictive
102Argumentxxx_xxxpredictive
103Argumentxxxxpredictive
104Argumentxx_xxxxxxxxpredictive
105Argumentxxxxpredictive
106Argumentxxxpredictive
107Argumentxxxxxxxxpredictive
108Argumentxxxxxxxxpredictive
109Argumentxxxx[xxxxxxxxxxxxxxxxx]predictive
110Argumentxxxx_xxxxpredictive
111Argumentxxxxx_xxxx_xxxxpredictive
112Argumentxxxpredictive
113Argumentxxxxxxxxpredictive
114Argumentxxxxxpredictive
115Argumentxxxxpredictive
116Argumentxxxxxxpredictive
117Argumentxxxxxxxxxxxxxpredictive
118Argumentxxxxpredictive
119Argumentxxxxpredictive
120Argumentxxxxxxxxpredictive
121Argumentxxxxxxxxpredictive
122Argumentxxxpredictive
123Argumentxxxxpredictive
124Argumentxxxx->xxxxxxxpredictive
125Argumentxxxxx_xxxxxxpredictive
126Argumentxxxxxpredictive
127Input Value#/+predictive
128Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictive
129Input Value../predictive
130Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
131Input Value\xpredictive
132Network Portxxxxpredictive
133Network Portxxx/xxxxpredictive
134Network Portxxx/xxxxpredictive
135Network Portxxx/xxx (xxxx)predictive
136Network Portxxx xxxxxx xxxxpredictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!