Icloader 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (131)

时间轴

语言

en98
ru22
es4
de4
zh4

国家/地区

ru96
us20
ua12
de4

演员

Dfni2
Rig Exploit Kit1
Gamaredon1
BEAR1
GreyEnergy1

活动

利益

时间轴

类型

Not Defined44
Operating System16
Web Server6
Content Management System6
Network Encryption Software4

供应商

Not Defined30
Microsoft22
Oracle4
Linux4
HP4

产品

Microsoft Windows12
Linux Kernel4
Dropbear SSH4
Linux Foundation Xen4
Microsoft SQL Server4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Microsoft Windows Advanced Local Procedure Call Privilege Escalation9.28.7$25k-$100k$5k-$25kFunctionalOfficial Fix0.006830.02CVE-2023-21674
2IBM Security AppScan Enterprise Enterprise Source Database 弱加密9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.000820.00CVE-2013-3989
3raspap-webgui activate_ovpncfg.php 权限升级8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.899660.00CVE-2022-39986
4Microsoft Windows Kernel Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000530.00CVE-2022-21881
5Microsoft Windows SMB Witness Service 权限升级8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.001200.00CVE-2023-21549
6Microsoft SQL Server Privilege Escalation8.17.4$25k-$100k$0-$5kUnprovenOfficial Fix0.000430.05CVE-2022-23276
7PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.02CVE-2022-24663
8HP 3PAR Service Processor SP 信息公开4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.001100.02CVE-2015-5443
9Oracle Java SE/Java SE Embedded Deployment 内存损坏10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.011950.03CVE-2013-5788
10WooCommerce PayU India Payment Gateway Plugin Purchase Price 权限升级6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001140.05CVE-2019-14978
11WooCommerce Instamojo Payment Gateway Plugin Purchase amount Price 权限升级7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.00CVE-2019-14977
12Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.08CVE-2017-0055
13Omron CX-One CX-Programmer Password Storage 信息公开5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2015-0988
14Apache HTTP Server smbvalid/smbval authensmb 内存损坏10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.001330.02CVE-1999-1237
15Add Link to Facebook Plugin profile.php 跨网站脚本4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000570.03CVE-2018-5214
16openmosix libmosix.c this 内存损坏4.04.0$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2008-1865
17Netgate pfSense XML File config.xml restore_rrddata 权限升级5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.459280.01CVE-2023-27253
18User Post Gallery Plugin 权限升级8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.042520.00CVE-2022-4060
19eSST Monitoring 权限升级7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2023-41631
20Joomla Webservice Endpoint 权限升级5.45.4$5k-$25k$5k-$25kNot DefinedNot Defined0.952140.04CVE-2023-23752

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
15.149.248.134Icloader2022-04-08verified
2XXX.XX.XXX.XXxxxxxx-xx.xxx.xxXxxxxxxx2022-04-08verified
3XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx2022-04-08verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-88, CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/ajax/openvpn/activate_ovpncfg.phppredictive
2File/objects/getImageMP4.phppredictive
3File/payu/icpcheckout/predictive
4File/uncpath/predictive
5Fileadmin.phppredictive
6Fileasn1fix_retrieve.cpredictive
7Filebigsam_guestbook.phppredictive
8Filebooks.phppredictive
9Filecard/pay/.../amountpredictive
10Filexxxxxxxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxxxxx.xxxpredictive
13Filexxxxxx.xxxpredictive
14Filexx/xx_xxxxxxx.xxxpredictive
15Filexxxxxxxx.xxxpredictive
16Filexxxxxxx/xxxx/xxxxxx/xxxxxxx.xpredictive
17Filexxxxx.xxxpredictive
18Filexxxxxxxx.xxxpredictive
19Filexxxxxxx.xxxpredictive
20Filexxxxxxxxx.xxxpredictive
21Filexxx/xxxxxx.xxxpredictive
22Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictive
23Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictive
24Filexxxx_xxxx.xxxpredictive
25Filexxxxxxxx.xpredictive
26Filexxxxxxxx.xxxpredictive
27Filexxx/xxxx/xxxx_xxxx.xpredictive
28Filexxxx.xxxxxx.xxpredictive
29Filexxx/xxxxx.xxxxpredictive
30Filexxxxx-xxxxxxx.xxxpredictive
31Filexxxxxxx.xxxpredictive
32Filexxxx.xxxpredictive
33Filexxxxxxx.xxxpredictive
34Filexxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxxpredictive
35Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
36Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictive
37Filexxxxxxx-xxxxxxx.xxxpredictive
38Filexx/xx/xxxxxxxxx_xxxxxxxxxxx.xxxpredictive
39Filexxxx.xxxpredictive
40Filexxxx/xxxxxxxxxxxx.xxxpredictive
41Filexxx.xxxxxxxx.xxxpredictive
42Filexxxxxxxx.xxxpredictive
43Filexx-xxxxx/xxxxxxx.xxxpredictive
44Libraryxxxxxx.xxxpredictive
45Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictive
46Libraryxxxxxxxx.xxx.xxxpredictive
47Argumentxxxxx_xxxxxxxx_xxpredictive
48Argumentxxxxxxxxxpredictive
49Argumentxxxxxxxxpredictive
50Argumentxxxxxxpredictive
51Argumentxxx_xxxpredictive
52Argumentxxxpredictive
53Argumentxxx_xxpredictive
54Argumentxxx_xxpredictive
55Argumentxxxpredictive
56Argumentxxxx_xxpredictive
57Argumentxxxxxxxxpredictive
58Argumentxxpredictive
59Argumentxxpredictive
60Argumentxxxxpredictive
61Argumentxxxx_xxpredictive
62Argumentxxpredictive
63Argumentxxxxxxxxxxxxxxxxpredictive
64Argumentxxxxxx/xxxxxx_xxxxxxpredictive
65Argumentxxxxxxpredictive
66Argumentxxxxpredictive
67Argumentxxxxxxxpredictive
68Argumentxxx_xxpredictive
69Argumentxxxpredictive
70Argumentxxxxpredictive
71Argumentxxxxxpredictive
72Argumentxxxpredictive
73Argumentxxxxxxpredictive
74Argumentxxxxxxxxpredictive
75Argumentxxxxxxxx/xxxxpredictive
76Argumentxxxxxxxx:xxxxxxxxpredictive
77Input Valuexxx[…]predictive
78Input Valuexxxxxxxxx:xxxxxxxxpredictive
79Network Portxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!