HomuWitch 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (29)

时间轴

语言

en26
zh4

国家/地区

sc20
cn4
ru2
us2

演员

HomuWitch3
RedLine Stealer2
Havoc1
REvil1
Kinsing1

活动

利益

时间轴

类型

Not Defined16
SSH Server Software2
Smartphone Operating System2
Library Management System Software2

供应商

SourceCodester6
Not Defined4
Papercut4
Pivotal2
Google2

产品

Papercut NG4
SourceCodester Online Food Ordering System2
Pivotal Spring Framework2
SSH2
Google Android2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1SourceCodester Sales Tracker Management System view_product.php SQL注入6.66.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.002040.04CVE-2023-0964
2SourceCodester Online Student Management System edit-class-detail.php SQL注入7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.11CVE-2023-1099
3Apache Solr Operator 信息公开4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-31391
4SourceCodester Library Management System bookdetails.php SQL注入7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003220.04CVE-2022-2214
5Itech Movie Portal Script film-rating.php Error SQL注入7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.004250.00CVE-2017-20143
6SourceCodester Employee Task Management System admin-manage-user.php Redirect7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.08CVE-2024-2569
7QNAP QuMagie SQL注入7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.00CVE-2023-41284
8Multi-Vendor Online Groceries Management System view_product.php SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.002550.04CVE-2022-26632
9PaperCut MF/NG libsmb2 权限升级9.89.7$0-$5k$0-$5kHighOfficial Fix0.970720.04CVE-2023-27350
10Papercut NG/MF 目录遍历8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.953670.02CVE-2023-39143
11Papercut NG/MF Script 权限升级7.26.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.02CVE-2023-39469
12Papercut NG 权限升级7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000810.03CVE-2023-3486
13Papercut NG XMLRPC 弱身份验证6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.022170.05CVE-2023-4568
14Pivotal Spring Framework 权限升级9.89.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.024440.00CVE-2016-1000027
15SourceCodester Online Food Ordering System view_prod.php SQL注入6.76.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.04CVE-2023-0303
16ElkaGroup Image Gallery view.php SQL注入7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001490.00CVE-2008-5037
17XXL-JOB New Password updatePwd 跨网站请求伪造5.04.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000710.07CVE-2023-0674
18ciubotaru share-on-diaspora new_window.php 跨网站脚本4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.04CVE-2017-20176
19SSH SSH-1 Protocol 弱加密7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002580.04CVE-2001-1473
20Google Android System Service 权限升级6.56.4$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000440.02CVE-2022-20434

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
178.142.0.42HomuWitch2024-03-19verified
2XX.XXX.XXX.XXXxxxxx-xxxxx.xxxx.xxxxxxxXxxxxxxxx2024-03-19verified
3XXX.XXX.XX.XXxx.xx.xxx.xxx.xx.xxx.xxXxxxxxxxx2024-03-19verified
4XXX.XXX.XXX.XXXXxxxxxxxx2024-03-19verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-CWE-XXXXxxx Xxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin-manage-user.phppredictive
2File/film-rating.phppredictive
3File/librarian/bookdetails.phppredictive
4File/xxxxxxxx/xxxx_xxxxxxx.xxxpredictive
5File/xxxx/xxxxxxxxxpredictive
6Filexxxxx/xxxxxxxx/xxxx_xxxxxxx.xxxpredictive
7Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictive
8Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictive
9Filexxx_xxxxxx.xxxpredictive
10Filexxxx.xxxpredictive
11Filexxxx_xxxx.xxxpredictive
12Argumentxxxpredictive
13Argumentxxxxxxpredictive
14Argumentxxxxxxxxxxxxpredictive
15Argumentxxpredictive
16Argumentxxxxx/xxxpredictive
17Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!