FontOnLake 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (36)

时间轴

语言

en26
zh10

国家/地区

cn28
us8

演员

FontOnLake2
APT291
Cobalt Strike1
Beapy1

活动

利益

时间轴

类型

Not Defined18
Operating System8
Programming Tool Software2
Cloud Software2
SSH Server Software2

供应商

Microsoft12
Not Defined10
GNU2
AnyMacro2
Apache2

产品

Microsoft Windows8
GNU binutils2
AnyMacro AnyMacro Mail System2
Microsoft OneDrive2
Apache Commons FileUpload2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Penta WAPPLES 权限升级7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2022-35582
2GNU binutils BFD Library opncls.c bfd_zalloc 内存损坏4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.001320.03CVE-2018-17359
3UUSee UUPlayer ActiveX control ActiveX Control 权限升级9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.010630.00CVE-2011-2590
4Oracle MySQL Server Client programs Privilege Escalation7.16.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000950.03CVE-2023-21980
5Penta WAPPLES 错误配置7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2022-31322
6Spring Boot Admins Notifier env 权限升级7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002620.02CVE-2022-46166
7Apache Commons FileUpload Request Part 拒绝服务5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.033590.00CVE-2023-24998
8redis-py Async Command 信息公开4.03.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.02CVE-2023-28858
9Microsoft Windows Win32k Local Privilege Escalation7.87.4$25k-$100k$0-$5kHighOfficial Fix0.003500.05CVE-2021-1732
10Microsoft Windows L2TP Privilege Escalation7.87.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.008270.02CVE-2022-30211
11ZStack REST API 权限升级5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004820.00CVE-2021-32836
12ZhongBangKeJi CRMEB UploadService.php Getshell 权限升级5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.003090.02CVE-2020-21787
13WP Fastest Cache 目录遍历3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.002940.00CVE-2021-20714
14Atlassian Bamboo Double OGNL Evaluation Java 权限升级8.38.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010400.00CVE-2017-14589
15Atlassian Confluence Server 信息公开4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.963210.07CVE-2021-26085
16Google Chrome V8 Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.243800.02CVE-2020-16040
17ExifTool djvu File Remote Code Execution6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.924380.02CVE-2021-22204
18Microsoft Windows DNS Server SigRed 内存损坏10.09.8$25k-$100k$0-$5kHighOfficial Fix0.944580.04CVE-2020-1350
19Huawei NIP6800/Secospace USG6600/Secospace USG9500 内存损坏7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001100.05CVE-2020-1876
20Microsoft Windows NTLM 信息公开5.44.7$25k-$100k$0-$5kUnprovenOfficial Fix0.006540.04CVE-2021-1678

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
127.102.130.63FontOnLake2021-10-10verified
2XX.XXX.XX.XXXXxxxxxxxxx2021-10-10verified
3XX.XXX.XXX.XXXXxxxxxxxxx2021-10-10verified
4XXX.XXX.XXX.XXXXxxxxxxxxx2021-10-10verified
5XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxx.xxxXxxxxxxxxx2021-10-10verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/crmeb/crmeb/services/UploadService.phppredictive
2File/envpredictive
3File/s/predictive
4Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictive
5Filexxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictive
6Filexxxx.xpredictive
7Filexxxxxxx.xxxpredictive
8Filexxxxxx.xpredictive
9Filexxxxxx.xpredictive
10Libraryxxxx.xxxpredictive
11Argument-x/-xpredictive
12Argumentxxxxxxpredictive
13Argumentxxxxxxxxxx[xxx][x]predictive
14Argumentxxxxxxxxxxxpredictive
15Argumentxxpredictive
16Input Value..\predictive
17Network Portxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!