Not Petya 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (132)

时间轴

语言

en112
es6
pl4
de4
ko2

国家/地区

us110
ru4

演员

Not Petya2
Remcos1

活动

利益

时间轴

类型

Not Defined50
Web Server12
Log Management Software8
Operating System6
Content Management System6

供应商

Not Defined42
Microsoft10
Apache6
DUware4
Synacor4

产品

Microsoft Windows6
Apache HTTP Server6
Synacor Zimbra Collaboration Suite4
nginx4
gpm2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Tiki Admin Password tiki-login.php 弱身份验证8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.70CVE-2020-15906
2SPIP spip.php 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.73CVE-2022-28959
3LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.07
4DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.02CVE-2010-0966
5Joomla CMS com_easyblog SQL注入6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.63
6MGB OpenSource Guestbook email.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.013021.12CVE-2007-0354
7TikiWiki tiki-register.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
8DUware DUdownload detail.asp SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.002540.03CVE-2006-6367
9Grandstream GAC2500/GXP2200/GVC3202/GXV3275/GXV3240 内存损坏8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.918940.04CVE-2019-10655
10Canon Imagerunner 5000i 拒绝服务7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.011100.00CVE-2004-2166
11jforum 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001170.10CVE-2012-5337
12Pivotal RabbitMQ password 权限升级7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003430.00CVE-2016-9877
13Adminer 权限升级8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006790.03CVE-2018-7667
14logwatch logwatch.pl 权限升级9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.051510.03CVE-2011-1018
15Microsoft Windows 权限升级7.87.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002260.00CVE-2017-0165
16DZOIC Handshakes index.php SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.001070.07CVE-2008-2781
17Qt-cute QuickTalk guestbook qtg_msg_view.php SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.002690.00CVE-2007-3538
18KENT-WEB ACCESS REPORT Web Access 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001460.00CVE-2012-5176
19WP-ViperGB Plugin remove_query_arg 跨网站脚本5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.05CVE-2015-9356
20Phpsugar PHP Melody page_manager.php 跨网站脚本5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2017-15648

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
1159.148.186.214whattimeisnow.netNot Petya2017-12-24verified
2XXX.XX.XXX.XXXxxxxxxxxx.xx-xxx-xx-xxx.xxXxx Xxxxx2017-12-24verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-137CWE-88, CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (88)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File.htaccesspredictive
2File/forum/away.phppredictive
3File/manager?action=getlogcatpredictive
4File/spip.phppredictive
5File/tmppredictive
6Fileadmin/admin.phppredictive
7Fileadmin/conf_users_edit.phppredictive
8Fileadmin/developer/predictive
9Fileadmin/index.phppredictive
10Fileadmin/ueditor/uploadFilepredictive
11Filexxxxxxxxxxx/xxxxxxxxxx.xxpredictive
12Filexxx.xxxpredictive
13Filexxxxxxx.xxpredictive
14Filexxxxx.xxxpredictive
15Filexxx.xxxpredictive
16Filexxx.xxxpredictive
17Filexxxx/xxxxxxxx.xxpredictive
18Filexxxxxx.xxpredictive
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
20Filexxxxxxx.xxxpredictive
21Filexxxxxx.xxxpredictive
22Filexxxxxxxxxxxxxxxxxx.xxxpredictive
23Filexxxxx.xxxpredictive
24Filexxxxxxxx.xxxpredictive
25Filexxxxx_xxxxxxxx.xxxpredictive
26Filexxxx/xxxxxxx.xpredictive
27Filexxx/xxxxxx.xxxpredictive
28Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
29Filexxxxxxxx/xxxxxxx.xxxpredictive
30Filexxxxx.xxxpredictive
31Filexxxxxxxxxxx/xxxxxxx.xpredictive
32Filexxxxx.xxxpredictive
33Filexxxxxxxx.xxpredictive
34Filexxx.xxxpredictive
35Filexxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictive
36Filexxxxxxx/xxxxxxx_xxxxxxx_xxxxxxx/xxxxxxx.xxxxxx.xxxxxxx_xxxxxxx_xxxxxxx.xxxpredictive
37Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictive
38Filexxxx_xxxxxxx.xxxpredictive
39Filexxxxxxx.xxxpredictive
40Filexxxxxxxx.xpredictive
41Filexxx_xxx_xxxx.xxxpredictive
42Filexxxx_xxxx.xxxpredictive
43Filexxxxxxxx.xxxpredictive
44Filexxx.xxxpredictive
45Filexxxxxxxx.xxxpredictive
46Filexxxxxx.xxxpredictive
47Filexxx_xxxxx.xxxpredictive
48Filexxxxxxxx/xxxxxxxxxxx.xxpredictive
49Filexxxx-xxxxx.xxxpredictive
50Filexxxx-xxxxxxxx.xxxpredictive
51Filexxxxxxxx/xxxxxxxxpredictive
52Filexxxxxxxpredictive
53Argumentxxxxxxxpredictive
54Argumentxxxxxxx_xxxxxxx_xxxxxpredictive
55Argumentxxxxxxxxpredictive
56Argumentxxxxxxpredictive
57Argumentxxxxxxxpredictive
58Argumentxxxpredictive
59Argumentxxx_xxxxpredictive
60Argumentxxxx/xxxx/xxxxxxxxxpredictive
61Argumentxxxxpredictive
62Argumentxxxxxpredictive
63Argumentxxxxxxxxxpredictive
64Argumentxxxxpredictive
65Argumentxxpredictive
66Argumentxx[]predictive
67Argumentxxxxpredictive
68Argumentxxxxxxpredictive
69Argumentxxxxxpredictive
70Argumentxxxxxxxpredictive
71Argumentxxxxxxxxxxxxpredictive
72Argumentxxxxxxx/xxxxxx_xxpredictive
73Argumentx_xxxxxx_xxxxx_xxxxpredictive
74Argumentxxxx_xxxxxpredictive
75Argumentxxxxxxxxpredictive
76Argumentxxxxxxxxpredictive
77Argumentxxxxxxxxpredictive
78Argumentxxxxpredictive
79Argumentxxxxxxpredictive
80Argumentxxxxxx[xxxx]predictive
81Argumentxxxxxpredictive
82Argumentxxxxpredictive
83Argumentxxxxxxxxpredictive
84Argumentx-xxxxxxxxx-xxxpredictive
85Input Value../predictive
86Input Value<xxx xxx=x xxxxxxx=xxxxx('xxx') />predictive
87Input Valuexxxx.xxx::$xxxxpredictive
88Network Portxxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!