Outlaw Cryptominer 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (259)

时间轴

语言

en240
ru16
zh2
de2

国家/地区

us38
cn20
es6
ru6
mn2

演员

Outlaw Cryptominer7
Cobalt Strike2
CredStealer1
TeamTNT1
BlackByte1

活动

利益

时间轴

类型

Not Defined106
WordPress Plugin20
Artificial Intelligence Software14
Content Management System14
Operating System10

供应商

Not Defined76
Google26
Apache6
Dahua6
Microsoft6

产品

Google TensorFlow14
Google Chrome6
MantisBT4
Perl4
Dahua DHI-HCVR7216A-S34

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1SolarWinds Network Configuration Manager 目录遍历8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002230.04CVE-2023-40054
2Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash 权限升级6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.04CVE-2017-6342
3Cyr to Lat Plugin SQL注入6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.03CVE-2022-4290
4HPE Onboard Administrator Reflected 跨网站脚本4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.02CVE-2020-7132
5vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.07CVE-2018-6200
6xwikisas macro-pdfviewer PDF Viewer Macro 信息公开6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-30263
7Moises Heberle WooCommerce Bookings Calendar Plugin 跨网站脚本5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
8Foxit PDF Reader AcroForm 内存损坏6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-30354
9Tenda AC10 SetStaticRouteCfg fromSetRouteStatic 内存损坏8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-2581
10MediaTek MT8798 Lk 内存损坏6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-20022
11Kofax Power PDF PNG File Parser 信息公开4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2024-27336
12Linux Kernel ASPM pci_set_power_state_locked 拒绝服务4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-26605
13RustDesk 弱身份验证6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000660.10CVE-2024-25140
14Elementor Plugin 权限升级5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.10CVE-2024-24934
15IBM Security Access Manager Container DSC Server 拒绝服务6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2023-31006
16WP Recipe Maker Plugin 跨网站脚本5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.02CVE-2024-0382
17Dahua IPC/SD/NVR/XVR Packet 未知漏洞4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-30564
18PrestaShop blockwishlist SQL注入7.77.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007410.00CVE-2022-31101
19ThemePunch OHG Slider Revolution Plugin 权限升级7.27.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.05CVE-2023-47784
20OpenZeppelin openzeppelin-contracts Subcall 权限升级5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.06CVE-2023-49798

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
145.9.148.59Outlaw Cryptominer2023-12-27verified
245.9.148.99Outlaw Cryptominer2023-12-27verified
345.9.148.117Outlaw Cryptominer2023-12-27verified
445.9.148.125Outlaw Cryptominer2023-12-27verified
5XX.X.XXX.XXXXxxxxx Xxxxxxxxxxx2023-12-27verified
6XX.X.XXX.XXXXxxxxx Xxxxxxxxxxx2023-12-27verified
7XX.X.XXX.XXXXxxxxx Xxxxxxxxxxx2023-12-27verified
8XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxxx2018-11-20verified
9XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxxx2023-12-27verified
10XXX.XX.XXX.XXXxxxxx Xxxxxxxxxxx2023-12-27verified
11XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxxx2023-12-27verified
12XXX.XXX.XX.XXXXxxxxx Xxxxxxxxxxx2023-12-27verified
13XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxxx2023-12-27verified
14XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxxx2023-12-27verified
15XXX.XX.XXX.XXXxxxxx Xxxxxxxxxxx2023-12-27verified
16XXX.XXX.XX.XXXxxxxx Xxxxxxxxxxx2018-11-20verified

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1CAPEC-10CWE-17, CWE-19, CWE-20, CWE-59, CWE-73, CWE-119, CWE-120, CWE-121, CWE-125, CWE-189, CWE-190, CWE-191, CWE-200, CWE-252, CWE-253, CWE-284, CWE-287, CWE-290, CWE-345, CWE-346, CWE-347, CWE-352, CWE-362, CWE-399, CWE-400, CWE-404, CWE-416, CWE-436, CWE-476, CWE-502, CWE-610, CWE-611, CWE-617, CWE-668, CWE-670, CWE-763, CWE-787, CWE-824, CWE-833, CWE-843, CWE-862, CWE-863, CWE-908Unknown Vulnerabilitypredictive
2T1006CAPEC-126CWE-22, CWE-425Path Traversalpredictive
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument Injectionpredictive
5T1059.007CAPEC-10CWE-74, CWE-79, CWE-80, CWE-707Cross Site Scriptingpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-37CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
19TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictive
20TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
21TXXXX.XXXCAPEC-0CWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
22TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/ajax.php?action=read_msgpredictive
2File/debug/pprofpredictive
3File/desktop_app/file.ajax.php?action=uploadfilepredictive
4File/envpredictive
5File/goform/SetNetControlListpredictive
6File/goform/SetStaticRouteCfgpredictive
7File/sns/classes/Users.php?f=savepredictive
8File/src/chatbotapp/chatWindow.javapredictive
9File/uncpath/predictive
10Fileadmin/categories_industry.phppredictive
11Filexxxxx/xxxxx-xxx-xxxxx-xxxxx.xxxpredictive
12Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictive
13Filexxxxxxxxxxxx/xxxxx/xxxx/predictive
14Filexxxxx.xxxpredictive
15Filexxx_xx_xxx_xxx.xxxpredictive
16Filexxx.xpredictive
17Filexxxpredictive
18Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictive
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
20Filexxxxxxx/xxx/xxx-xx.xpredictive
21Filexxx_xxxx.xpredictive
22Filexxx/xxxxx.xxxxxpredictive
23Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictive
24Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
25Filexxxxxx.xxxpredictive
26Filexxxxxxx/xxxxx.xxx.xxxpredictive
27Filexx_xxxxx.xpredictive
28Filexxxxx_xxxxx.xpredictive
29Filexxxxxx/xxx/xxxxxxxx.xpredictive
30Filexxxx.xxxpredictive
31Filexxxxx.xxxpredictive
32Filexxxxxxxx.xxxpredictive
33Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictive
34Filexxxxxxx/xxxxx.xpredictive
35Filexxxxxxxxxxx-xxxx.xxpredictive
36Filexxxxxxxxx/xxxxx.xxxxxpredictive
37Filexxxxx/xxxxx.xxxxxpredictive
38Filexxxxxxxxxx.xxxpredictive
39Filexxxxxxx.xpredictive
40Filexxxxxxxxxxxxx.xxxpredictive
41Filexxxxxx-xxxxxx.xxxpredictive
42Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictive
43Filexxx.xpredictive
44Filexxxxxxxxxxxxxxxxpredictive
45Filexxx-xxxxxxx-xxx.xxpredictive
46Filexxxxxxx.xpredictive
47Filexxx.xxxpredictive
48Filexx-xxxxx-xxxxxx.xxxpredictive
49File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictive
50Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictive
51Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictive
52Libraryxxxxxxxx.xxxpredictive
53Libraryxxxxxxx.xxxpredictive
54Libraryxxxxx.xxxpredictive
55Libraryxxxxxxxxxxxxx.xxx)predictive
56Argumentxxxxxxpredictive
57Argumentxxxpredictive
58Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
59Argumentxxxxxxpredictive
60Argumentx:\xxxxxxx\xpredictive
61Argumentxxxxx_xxxxpredictive
62Argumentxxxxx_xxpredictive
63Argumentxxxxxxxxpredictive
64Argumentxxxxxxxxxxxxxxxxxpredictive
65Argumentxxx_xxxpredictive
66Argumentxxxxpredictive
67Argumentxxxxpredictive
68Argumentxxxx_xxxxxpredictive
69Argumentxxxxxxxxxpredictive
70Argumentxxxxxx_xxxpredictive
71Argumentxxxxpredictive
72Argumentxxxxpredictive
73Argumentxxpredictive
74Argumentxxxxxxxpredictive
75Argumentxxxxpredictive
76Argumentxxxxpredictive
77Argumentxxxx xxxxpredictive
78Argumentxxxxxxxpredictive
79Argumentxx_xxxxxpredictive
80Argumentx_xxxxpredictive
81Argumentxxxxxx/xxxxxx_xxxxxxpredictive
82Argumentxxxpredictive
83Argumentxxxxxpredictive
84Argumentxxxxxxxxxxxpredictive
85Argumentxxpredictive
86Argumentxxxpredictive
87Argumentxxxxxxpredictive
88Argumentx-xxxxxxxxx-xxxxpredictive
89Input Value//xxx//xxxxxxx.xxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!