Get2 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

时间轴

语言

en40
ko8

国家/地区

us28
kr10
my8
cn2

演员

Get27

活动

利益

时间轴

类型

Not Defined18
Operating System6
Application Server Software2
Web Server2
File Transfer Software2

供应商

Not Defined6
Linux4
VMware2
Red Hat2
DZCP2

产品

Linux Kernel4
Nibbleblog2
VMware Workspace one UEM Console2
Red Hat JBoss Enterprise Application Platform2
DZCP deV!L`z Clanportal2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Image Uploader/Browser plugin Pathname pluginconfig.php 权限升级9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.006970.03CVE-2019-19502
2Linux Kernel XFS xfs_ioctl.c xfs_ioc_space 内存损坏4.94.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-4155
3jquery.json-viewer library JSON Object 权限升级5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.00CVE-2022-30241
4Juniper Web Device Manager Authentication 弱身份验证9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.04
5Microsoft Windows Kernel Cryptography Driver cng.sys CfgAdtpFormatPropertyBlock 内存损坏7.97.9$25k-$100k$25k-$100kHighOfficial Fix0.143040.00CVE-2020-17087
6Dropbear SSH Server Login Format String9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.04
7Goodtech FTP Server Connection 拒绝服务5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.006710.00CVE-2001-0188
8OSSEC Web UI search.php 跨网站脚本5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.03CVE-2016-4847
9Kong Insomnia Environment Variable 权限升级5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.02CVE-2023-40299
10Nokia NetAct Performance Manager Page XML External Entity6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2023-26058
11Linux Kernel XFS Local Privilege Escalation8.47.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000420.00CVE-2015-0274
12V-EVA Press Release Script page.php SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.001870.09CVE-2010-5047
13TikiWiki tiki-register.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010092.19CVE-2006-6168
14Microsoft Windows Remote Desktop Protocol 信息公开5.85.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.037530.07CVE-2022-22015
15Tobesoft NEXACRO17 File Creation copy 权限升级8.48.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005280.00CVE-2021-26612
16Online Book Store admin_add.php 权限升级6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.035330.00CVE-2020-19113
17VMware Workspace one UEM Console 权限升级5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.758200.00CVE-2021-22054
18lighttpd Log File mod_mysql_vhost.c 权限升级6.46.0$0-$5k$0-$5kUnprovenOfficial Fix0.011230.00CVE-2015-3200
19lighttpd Log File http_auth.c 权限升级7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011230.04CVE-2015-3200
20ShopXO phar File 权限升级8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.004880.00CVE-2021-27817

IOC - Indicator of Compromise (81)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
127.101.221.227Get22023-09-24verified
227.101.222.24Get22023-11-17verified
327.101.222.186Get22023-10-25verified
4101.78.26.130Get22023-09-26verified
5103.86.130.35amis.unimap.edu.myGet22024-02-04verified
6103.86.130.50edev.unimap.edu.myGet22024-01-30verified
7103.86.130.51usis.unimap.edu.myGet22024-01-29verified
8103.86.130.54courseregdip.unimap.edu.myGet22024-01-30verified
9103.86.130.61elearninglab.unimap.edu.myGet22024-02-07verified
10103.86.130.67ipam1.unimap.edu.myGet22024-01-28verified
11103.86.130.68imsic.unimap.edu.myGet22024-01-28verified
12103.86.130.72kedatangan.unimap.edu.myGet22024-02-04verified
13103.86.130.74security.unimap.edu.myGet22024-01-26verified
14103.86.130.76ofis.unimap.edu.myGet22024-01-30verified
15103.86.130.78misos.unimap.edu.myGet22024-03-03verified
16103.86.130.79opa.unimap.edu.myGet22024-01-31verified
17103.86.130.83icthelpdesk.unimap.edu.myGet22024-02-07verified
18XXX.XX.XXX.XXx-xxx.xxxxxx.xxx.xxXxxx2024-02-07verified
19XXX.XX.XXX.XXxxxxxx.xxxxxx.xxx.xxXxxx2024-02-05verified
20XXX.XX.XXX.XXxxx.xxxxxx.xxx.xxXxxx2024-01-28verified
21XXX.XX.XXX.XXXxxx.xxxxxx.xxx.xxXxxx2024-03-03verified
22XXX.XX.XXX.XXXxxxxxxxxx.xxxxxx.xxx.xxXxxx2024-02-06verified
23XXX.XX.XXX.XXxxxx.xxxxxx.xxx.xxXxxx2024-01-27verified
24XXX.XX.XXX.XXxxxxxxxx.xxxxxx.xxx.xxXxxx2024-01-26verified
25XXX.XX.XXX.XXxxx.xxxxxx.xxx.xxXxxx2024-01-30verified
26XXX.XX.XXX.XXxxxxxxx-xxxxxxxx.xxxxxx.xxx.xxXxxx2024-03-03verified
27XXX.XX.XXX.XXxxxxxxx.xxxxxx.xxx.xxXxxx2024-01-31verified
28XXX.XX.XXX.XXxxxxx.xxxxxx.xxx.xxXxxx2024-02-07verified
29XXX.XX.XXX.XXxxxxxxx.xxxxxx.xxx.xxXxxx2024-02-01verified
30XXX.XX.XXX.XXxxxx.xxxxxx.xxx.xxXxxx2024-02-02verified
31XXX.XX.XXX.XXXxxx2024-01-28verified
32XXX.XX.XXX.XXXXxxx2024-02-09verified
33XXX.XX.XXX.XXXXxxx2024-02-02verified
34XXX.XX.XXX.XXXXxxx2024-02-01verified
35XXX.XX.XXX.XXXXxxx2024-02-03verified
36XXX.XX.XXX.XXXXxxx2024-02-01verified
37XXX.XX.XXX.XXXXxxx2024-03-03verified
38XXX.XX.XXX.XXXXxxx2023-10-01verified
39XXX.XX.XXX.XXXXxxx2023-11-04verified
40XXX.XXX.XX.XXxxx2024-04-03verified
41XXX.XXX.XX.XXxxx2023-11-16verified
42XXX.XXX.XX.XXXXxxx2023-09-23verified
43XXX.X.XXX.XXXXxxx2023-11-04verified
44XXX.XX.X.XXXXxxx2023-11-04verified
45XXX.XX.X.XXXXxxx2023-11-17verified
46XXX.XX.XX.XXXXxxx2023-11-05verified
47XXX.XX.XX.XXXXxxx2023-11-22verified
48XXX.XXX.XXX.XXXXxxx2024-01-23verified
49XXX.XXX.XXX.XXXXxxx2023-09-23verified
50XXX.XXX.XXX.XXXXxxx2023-09-23verified
51XXX.XXX.XXX.XXXXxxx2023-09-24verified
52XXX.XXX.XXX.XXXXxxx2023-09-24verified
53XXX.XXX.XXX.XXXXxxx2023-09-26verified
54XXX.XXX.XXX.XXXXxxx2023-10-15verified
55XXX.XXX.XXX.XXXXxxx2023-10-28verified
56XXX.XXX.XXX.XXXXxxx2024-04-03verified
57XXX.XXX.XXX.XXXXxxx2023-09-23verified
58XXX.XXX.XXX.XXXXxxx2023-09-23verified
59XXX.XXX.XXX.XXXxxx2023-10-01verified
60XXX.XXX.XXX.XXXXxxx2023-09-26verified
61XXX.XXX.X.XXXxxx2023-09-30verified
62XXX.XXX.X.XXxxxxx_xxx.xxx.xx.xxXxxx2023-09-28verified
63XXX.XXX.XXX.XXXXxxx2023-10-02verified
64XXX.XX.XXX.XXXXxxx2023-09-25verified
65XXX.XXX.XX.XXXXxxx2024-04-03verified
66XXX.XXX.XX.XXXXxxx2024-04-03verified
67XXX.XX.XX.XXXxxx2023-10-03verified
68XXX.XX.XX.XXXxxx2023-10-16verified
69XXX.XX.XX.XXXxxx2023-09-28verified
70XXX.XX.XX.XXXxxx2023-12-10verified
71XXX.XX.XX.XXXxxx2023-11-29verified
72XXX.XX.XX.XXXxxx2023-10-28verified
73XXX.XX.XX.XXXxxx2024-03-03verified
74XXX.XX.XX.XXXxxx2024-04-03verified
75XXX.XX.XX.XXXxxx2023-12-16verified
76XXX.XX.XX.XXXXxxx2023-09-26verified
77XXX.XX.XX.XXXXxxx2023-10-27verified
78XXX.XX.XX.XXXXxxx2024-01-12verified
79XXX.XX.XX.XXXXxxx2023-10-15verified
80XXX.XX.XX.XXXXxxx2023-12-25verified
81XXX.XX.XX.XXXXxxx2023-12-16verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3TXXXXCAPEC-242CWE-XXXxxxxxxx Xxxxxxxxxpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/tmppredictive
2Fileadmin.phppredictive
3Fileadmin_add.phppredictive
4Filexxx.xxxpredictive
5Filexxxxxxx/xxxxxxx/xxxxxxx/xx_xxxxx/xxxxx.xxxpredictive
6Filexxxxxxx/xxx/xxxx/xxxxxx.xpredictive
7Filexxxx_xxxx.xpredictive
8Filexxx/xxxxxx.xxxpredictive
9Filexxx_xxxxx_xxxxx.xpredictive
10Filexxxx.xxxpredictive
11Filexxxxxxxxxxxxxx.xxxpredictive
12Filexxxxxxxxxxxx.xxxpredictive
13Filexxxx/xxxxxx.xxxpredictive
14Filexxxx-xxxxxxxx.xxxpredictive
15Filexxx/xxx_xxxxx.xpredictive
16Libraryxxxxxxxxx.xxxpredictive
17Argumentxxxxxxxxpredictive
18Argumentxxxxxxpredictive
19Argumentxxxx_xxxxxx_xxxxxxxxxpredictive
20Argumentxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!