Orchard 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (857)

时间轴

语言

en782
fr18
zh16
es12
de10

国家/地区

us614
cn26
ir4
ru2
sv2

演员

Orchard4
Cobalt Strike3
BumbleBee3
Bashlite3
Mirai3

活动

利益

时间轴

类型

Not Defined268
WordPress Plugin52
Smartphone Operating System26
Web Browser24
Content Management System22

供应商

Not Defined232
Google36
Microsoft26
Cisco14
IBM12

产品

Google Chrome18
Google Android16
Microsoft Windows10
Adobe Acrobat Reader8
Qualcomm Snapdragon Auto8

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.51CVE-2010-0966
3jforum User 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
4jforum 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001180.04CVE-2012-5337
5JForum Login 权限升级6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.06CVE-2012-5338
6MGB OpenSource Guestbook email.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.013020.77CVE-2007-0354
7School Club Application System 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000720.05CVE-2022-1288
8Serendipity exit.php 权限升级6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.19
9LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.96
10Cute Http File Server Search 跨网站脚本4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.10CVE-2023-4118
11Joomla CMS SQL注入7.37.0$5k-$25k$0-$5kHighOfficial Fix0.975530.00CVE-2015-7297
12Xintian Smart Table Integrated Management System AddUpdateRole.aspx SQL注入6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.02CVE-2023-4712
13Microsoft Windows Server Service 权限升级8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.714690.03CVE-2022-30216
14Kamailio SIP Message build_res_buf_from_sip_req 权限升级8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.832130.00CVE-2018-14767
15HTC One/Sense Mail Client 弱身份验证4.84.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001330.02CVE-2013-10001
16Samsung Smartphone RPMB ldfw 内存损坏5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2022-23431
17Apache HTTP Server mod_lua Multipart Parser r:parsebody 内存损坏8.58.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.088080.02CVE-2021-44790
18OpenBSD OpenSSH X11 Forwarding 权限升级9.89.1$25k-$100k$0-$5kUnprovenOfficial Fix0.003650.02CVE-2016-1908
19Linux Foundation Xen EFLAGS Register SYSENTER 权限升级6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
20phpPgAds adclick.php 未知漏洞5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.56CVE-2005-3791

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
145.61.185.36Orchard2022-08-05verified
245.61.185.231Orchard2022-08-05verified
3XX.XX.XXX.XXXxxxxxx2022-08-05verified
4XX.XX.XXX.XXxxxxxx2022-08-06verified
5XX.XX.XXX.XXXXxxxxxx2022-08-05verified
6XXX.XXX.XXX.XXXXxxxxxx2022-08-05verified

TTP - Tactics, Techniques, Procedures (26)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22, CWE-23, CWE-24Path Traversalpredictive
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94, CWE-1321Argument Injectionpredictive
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
6T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
9TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
10TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
12TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
14TXXXXCWE-XXXxx Xxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
19TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
21TXXXX.XXXCWE-XXXXxxxxxxxpredictive
22TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
23TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
24TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
25TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
26TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (232)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin.php/news/admin/lists/zhuanpredictive
2File/admin/bookings/view_details.phppredictive
3File/admin/edit.phppredictive
4File/admin/maintenance/view_designation.phppredictive
5File/admin/profile/save_profilepredictive
6File/admin/reports.phppredictive
7File/api/v1/chat.getThreadsListpredictive
8File/App_Resource/UEditor/server/upload.aspxpredictive
9File/bin/shpredictive
10File/cgi-bin/luci/api/diagnosepredictive
11File/cgi-bin/R19.9/easy1350.plpredictive
12File/classes/conf/db.properties&config=filemanager.config.jspredictive
13File/coders/palm.cpredictive
14File/collection/allpredictive
15File/dcim/rack/predictive
16File/EditEventTypes.phppredictive
17File/endpoint/add-user.phppredictive
18File/etc/groupspredictive
19File/file/upload/1predictive
20File/formSetPortTrpredictive
21File/forum/away.phppredictive
22File/general/system/interface/theme_set/save_image.phppredictive
23File/goform/wlanPrimaryNetworkpredictive
24File/index.php?module=help_pages/pages&entities_id=24predictive
25File/index.php?zone=settingspredictive
26File/it-IT/splunkd/__raw/services/get_snapshotpredictive
27File/nova/bin/userpredictive
28File/xxxxx-xxxxx/xxx/xxxx/xxxx/xxx/xxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictive
29File/xxxxx/xxx/.xxxx-xxxxx/xxxxxx-xxxxxxxxxxxxxpredictive
30File/xxxxx-xxxx-xxxxxxx/predictive
31File/xxxxxx/xxxxx/xxxxxxx/xxxxxx.xxxxpredictive
32File/xxxxxxxx/xxxpredictive
33File/xxxx/xxx/x/xxxxxxpredictive
34File/xxxx/xxxxx/predictive
35File/xxx/xxx/xxx/xxx_xxxxxx.xpredictive
36File/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictive
37File/xxxxxx/xxxxxxx.xxpredictive
38File/xxxpredictive
39File/xxxxxxx/predictive
40File/xxxxxxpredictive
41File/xxxxxxxpredictive
42File/xxx/xxxx/xxxxxpredictive
43File/xxxxxxxx_xxxxx/xxxxxxx/xxxxxx.xxx?x=xxxxxx_xxxxxxxxpredictive
44Filexxx/xxxx_xxxx.xxxpredictive
45Filexxxxxxxxxxxxxxx.xxxxpredictive
46Filexxxxxxx.xxxpredictive
47Filexxx_xxxxxxx.xxxpredictive
48Filexxxxx.xxx?xxxx=xxxx-xxxxxpredictive
49Filexxxxx/xxxxxxxxxxxxx/xxxxxx.xxxpredictive
50Filexxxxx/xxxxx.xxxpredictive
51Filexxxxx_xxxxxxx.xxxpredictive
52Filexxxx/xxxxxxxxx.xxxpredictive
53Filexxxxxxxxxxxxxxx.xxxpredictive
54Filexxxxxxxxxxx.xxxpredictive
55Filexxx/xxxxxx/xxxx.xxpredictive
56Filexxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictive
57Filex/xx/xxxxx/xxxxxxxx.xpredictive
58Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxxxxxxx\xxxxxx.xxxpredictive
59Filexxxxxxxxxxxxxx.xxxpredictive
60Filexxxxxxxxx.xxxpredictive
61Filexxxxxx.xxxpredictive
62Filexxxxxxx/xxxxx-xxx-xxxxxxxx.xxxpredictive
63Filexxx.xxxxxxx.xxxxxx.xxx.xxxxxxxxxxxxx.xxxxpredictive
64Filexxxxxxx_xxx.xxxpredictive
65Filexxxxxxxxxxx.xpredictive
66Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
67Filexxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
68Filexxxxxxxxxxxxxxx.xxxxpredictive
69Filexxxx_xxx.xxxpredictive
70Filexxxx/xxxxx.xxpredictive
71Filexxxxxxxxxxx.xxxpredictive
72Filexxxxxxx/xxx/xxxx/xxxx.xpredictive
73Filexxxxx.xxxpredictive
74Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
75Filexxxx.xxxpredictive
76Filexxxxxxxx/xxxx.xxpredictive
77Filexxxx_xxxxxxx.xpredictive
78Filexxx.xxxpredictive
79Filexxxx.xxxpredictive
80Filexxxxxxxxxx.xxxpredictive
81Filexxxxxxxxx.xxxpredictive
82Filexxxxxxxxxxxxxxxxx.xxxpredictive
83Filexxx/xxxxxx.xxxpredictive
84Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
85Filexxx/xxxxxxx/xxxxxxxxxxxxx/xxxxx.xxxpredictive
86Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
87Filexxxxx.xxxpredictive
88Filexxxxxx/xxxxxx/xxx_x.xxxpredictive
89Filexx_xxxxx.xxxpredictive
90Filexxx/xxx_xxxxxxx_xx.xpredictive
91Filexxx/xxxxxxx/xxxx/xxxxxxx_xxxx.xxpredictive
92Filexxx/xxxxxxxxxx/xxxxxxx/xxxxxxx_xxxxxxxxx.xxpredictive
93Filexxxxxxxxxxxx.xxpredictive
94Filexxxxxxxxxxxxxx.xxxpredictive
95Filexxxxxx_xxxxxxx.xxxpredictive
96Filexxxxxxxxxxxxxxxx.xpredictive
97Filexxxxxxx.xxxxxxx.xxxpredictive
98Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxx_xxxxxxx.xxxpredictive
99Filexxxxxxxx.xxxpredictive
100Filexxx_xxxx.xxxpredictive
101Filexxxxxxx.xxxxpredictive
102Filexxxxx/xxxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxxx.xxxpredictive
103Filexxxxxxx/x/x?xxxx=x&xxxxx=x&predictive
104Filexxxxxxxxx.xxxpredictive
105Filexxxxx.xxxpredictive
106Filexxxxx.xxxpredictive
107Filexxxxxxxxxx.xxxpredictive
108Filexxxxxxxx.xxxpredictive
109Filexxxxxxxx.xxx?xxxx=xxxxxxxxxxxpredictive
110Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
111Filexxxxxx.xpredictive
112Filexxxx_xxxxxx.xxxpredictive
113Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
114Filexxx.xxxxx/xxxxxxx/xxxxxx_xxxxx.xxxpredictive
115Filexxxxxxxxxx/xxxx_xxxxxxxxxx.xpredictive
116Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxxxxxxxx_xxxxxxx.xxxpredictive
117Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxx_xxxxxxxx.xxxpredictive
118Filexxxxxxxxxxxxxxxxx.xxxxpredictive
119Filexxxx.xxxpredictive
120Filexxxxxxxxxxxxx.xxpredictive
121Filexxxxxxxxxxxxxxxxxx.xxxxpredictive
122Filexxxx-xxxxx.xxxpredictive
123Filexxxx/xxxxxxxxxxxxxxxx.xxpredictive
124Filexxxxxx_xxxxxxxxxxxxx_xxxx.xxxpredictive
125Filexxxxxx.xpredictive
126Filexxx-xxxxx.xxxpredictive
127Filexxxxxx/xxxxxxxxxxx/xxxx_xxxxxx.xxxpredictive
128Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
129Filexx-xxxxxxxxxxx.xxxpredictive
130Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictive
131Filexx-xxxxxxxx.xxxpredictive
132File\xxxxx\xxxxxxxxx_xxxx.xxxpredictive
133File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictive
134File~/xxxxxxxx/xxxxxxxx/xxxxxx/xxxx/xxxx/xxxxxxxx.xxxpredictive
135File~/xxx-xxx-xxxx.xxxpredictive
136File~/xxxxpredictive
137Library/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxxx.xxxpredictive
138Libraryxx_xxxxxx.xxxpredictive
139Libraryxxxxxx.xxxpredictive
140Libraryxxxxxxxxxxxxxx.xxxpredictive
141Libraryxxxxxx.xxpredictive
142Libraryxxxxxxxxxxxxxxx.xxxpredictive
143Libraryxxxxxxx.xxxpredictive
144Argument$_xxxxxx["xxx_xxxx"]predictive
145Argumentxxxxxxpredictive
146Argumentxxx xxxxxxxxpredictive
147Argumentxxxxxxxxxxxxxxxx.xxxxxxxxxxxpredictive
148Argumentxxxxxxxxpredictive
149Argumentxxxxxxxxpredictive
150Argumentxxxxx_xxxxxxxxxxxpredictive
151Argumentxxxxxxx_xxxxxx_xxxxx[x]predictive
152Argumentxxxxxxx-xxxxxpredictive
153Argumentxxxxxpredictive
154Argumentxxxxxxxxpredictive
155Argumentxxxxxxxpredictive
156Argumentxxxxxxxxxxx_xxx_xxxxpredictive
157Argumentxxxxxxx/xxxxxxx/xxxxxxx_xxxxxxxxxx/xxxxxxx_xxxxxx/xxxxxxxx/xxxx_xxxxxpredictive
158Argumentxxxxxxxpredictive
159Argumentxxxxxxx_xxxx_xxxxpredictive
160Argumentxxpredictive
161Argumentxxxxxxxxpredictive
162Argumentxxxxxxxpredictive
163Argumentx-xxxxpredictive
164Argumentxx_xxxxpredictive
165Argumentxxxxxxpredictive
166Argumentxxx_xxxx_xxxxpredictive
167Argumentxxxxpredictive
168Argumentxxxx/xxxxxpredictive
169Argumentxxxxxx_xxxpredictive
170Argumentxxxxx_xxxxpredictive
171Argumentxxxxx xxxxxxxpredictive
172Argumentxxxxxxxxxpredictive
173Argumentxxpredictive
174Argumentxxxx_xxxxxpredictive
175Argumentxxxxxxxxpredictive
176Argumentxxpredictive
177Argumentxx/xxxxpredictive
178Argumentxxxxx_xxxxpredictive
179Argumentxxxpredictive
180Argumentxxxxxxxxpredictive
181Argumentxxpredictive
182Argumentxxxxxxxxxxxxxx.xxxxxxxxxxxxxpredictive
183Argumentxxxxxxpredictive
184Argumentxxxxxxx_xxpredictive
185Argumentxxxxxxxxxxxxxxpredictive
186Argumentxxxxxxpredictive
187Argumentxxxxxxxxxxpredictive
188Argumentxxxxxx xxx xxxxxx(x)predictive
189Argumentxxxxpredictive
190Argumentxxxxpredictive
191Argumentxxxxxxxxpredictive
192Argumentxxpredictive
193Argumentxxxxxxxpredictive
194Argumentxxxxxxxpredictive
195Argumentxxxxpredictive
196Argumentxxxxxxxxpredictive
197Argumentxxxxxxx_xxxxpredictive
198Argumentxxxxxxxxpredictive
199Argumentxxxx-xxxxxxxpredictive
200Argumentxxxxxpredictive
201Argumentxx-xxxxxxpredictive
202Argumentxxxxxxxxxxxx_xxxxxxxxxpredictive
203Argumentxxxxxxxxpredictive
204Argumentxxxxxxxxxxpredictive
205Argumentxxxxxxxpredictive
206Argumentxxxxxx/xxxxxx_xxxxxxpredictive
207Argumentxxxxxxxxpredictive
208Argumentxxxxxxxxxxxxxxxxxxxxpredictive
209Argumentxxxxxxpredictive
210Argumentxxxx_xxxxpredictive
211Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxxxpredictive
212Argumentxxxpredictive
213Argumentxxxpredictive
214Argumentxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxpredictive
215Argumentxxxxpredictive
216Argumentxxxxxpredictive
217Argumentxxpredictive
218Argumentxxxxpredictive
219Argumentxxxxxpredictive
220Argumentxxxxxxxxxxxpredictive
221Argumentxxxpredictive
222Argumentxxxpredictive
223Argumentxxxx_xxxxxpredictive
224Argumentxx_xxxxpredictive
225Argument[xxxx]=xxxxx.xxxpredictive
226Argument主题predictive
227Input Value%xx%xx%xxxxx%xxxxx=x%xxxxxxxxx=xxxxx(x)%xxpredictive
228Input Value<xxxxxxxx>\xpredictive
229Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictive
230Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictive
231Input Valuexxx://xxxxxx/xxxx=xxxxxxx.xxxxxx-xxxxxx/xxxxxxxx=xxxxx_xxxxxpredictive
232Network Portxxx/xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!