Miori 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (110)

时间轴

语言

en88
de8
ar8
fr4
it2

国家/地区

us54
de10
il10
ru6
dz4

演员

Miori3
Mirai2
Cobalt Strike2
Rhadamanthys1
PhotoLoader1

活动

利益

时间轴

类型

Not Defined40
Content Management System6
Mail Server Software6
Web Browser6
Smartphone Operating System4

供应商

Not Defined30
Google10
Microsoft6
Joomla4
Fortinet4

产品

Google Chrome6
Joomla CMS4
Realtek Jungle SDK4
Google Android4
Microsoft Windows4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Vmware Workspace ONE Access/Identity Manager Template 权限升级9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.974360.04CVE-2022-22954
2IBM Security Access Manager Appliance Advanced Access Control 权限升级7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001670.00CVE-2018-1850
3Microsoft Windows WLAN AutoConfig Service Remote Code Execution8.87.7$100k 以及更多$5k-$25kUnprovenOfficial Fix0.022930.00CVE-2021-36965
4Google Chrome Sandbox 权限升级8.07.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.033910.02CVE-2019-5782
5Oracle MySQL Server Encryption 信息公开5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001730.04CVE-2019-2922
6Oracle MySQL Server Compiling 内存损坏9.89.4$100k 以及更多$5k-$25kNot DefinedOfficial Fix0.097610.03CVE-2019-5482
7Procmail Signal 权限升级7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2001-0905
8CA XCOM Data Transport 权限升级9.89.8$25k-$100k$5k-$25kNot DefinedNot Defined0.004030.02CVE-2012-5973
9OpenSSH Supplemental Group 权限升级4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2021-41617
10WordPress Pingback 权限升级5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.00CVE-2022-3590
11emlog index.php 信息公开5.55.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.003000.02CVE-2021-3293
12PHPWind SQL注入5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000720.03CVE-2019-6691
13Microsoft Windows Security Center API Remote Code Execution8.17.4$100k 以及更多$5k-$25kUnprovenOfficial Fix0.022680.02CVE-2022-21874
14Google Android Privilege Escalation5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001090.00CVE-2021-1049
15ONLYOFFICE Document Server NSFileDownloader 权限升级8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.008470.00CVE-2020-11534
16Microsoft Office Excel 权限升级7.36.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.013360.00CVE-2021-42292
17VMware ESXi System Call 权限升级7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2020-4005
18Microsoft Windows WLAN AutoConfig Service Remote Code Execution8.07.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.000560.00CVE-2021-36967
19D-Link DIR-816 HTTP Request Parameter form2userconfig.cgi 权限升级4.64.5$5k-$25k$5k-$25kNot DefinedNot Defined0.002550.00CVE-2021-39509
20pac-resolver PAC File Remote Code Execution5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003930.01CVE-2021-23406

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
194.177.226.227host227-226-177-94.static.arubacloud.deMiori2022-03-27verified
2XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx2022-03-27verified
3XXX.XX.XXX.XXXxxx.xxXxxxx2022-07-17verified
4XXX.XXX.XX.XXXxxxx2019-07-17verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCWE-XXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive

IOA - Indicator of Attack (38)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File.procmailrcpredictive
2File/debian/patches/load_ppp_generic_if_neededpredictive
3File/etc/fstabpredictive
4File/forms/nslookupHandlerpredictive
5File/goform/form2userconfig.cgipredictive
6File/xxxx/xxxx/xxxxxxxxxpredictive
7Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictive
8Filexxxxxxxx_xxxxxxxx_xxxxxxx.xxxpredictive
9Filexxxx.xxxxpredictive
10Filexxxxxx.xpredictive
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
12Filexxxxxxxx-xxx/xx.xxxpredictive
13Filexxxxxxx.xxpredictive
14Filexxxxxx/xxx/xxxxxxx.xxxpredictive
15Filexxx/xxxxxx.xxxpredictive
16Filexxxxxxxx/xxxxx-xxxxxxxxx.xxxpredictive
17Filexxxxxx-xxxxxxx.xxxpredictive
18Filexxxxxxx.xxxpredictive
19Filexxxxxx.xxxpredictive
20Filexxxxxx.xxxpredictive
21Filex/xxxxx.xxxpredictive
22Filexxxxxxxxxpredictive
23Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxxpredictive
24Argument-xpredictive
25Argumentxxxxxxxxpredictive
26Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictive
27Argumentxxpredictive
28Argumentxxxxxxxpredictive
29Argumentxxxxxxxxxxpredictive
30Argumentxxxxxxxx_xxxxxxxpredictive
31Argumentxxxxxxxxxxxxxxpredictive
32Argumentxxxxxxpredictive
33Argumentxxxx_xxpredictive
34Argumentxxxxxxx[]predictive
35Input Value..predictive
36Input Value::$xxxxx_xxxxxxxxxxpredictive
37Input Value|xxx${xxx}predictive
38Network Portxxx xxxxxx xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!