Scarlet Mimic 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (101)

时间轴

语言

en96
zh4
de2

国家/地区

us78
cn18
gb4
in2

演员

Scarlet Mimic7
Lotus Blossom2
Cobalt Strike1
DCRat1

活动

利益

时间轴

类型

Not Defined32
Web Browser6
Content Management System4
Wireless LAN Software4
Router Operating System2

供应商

Not Defined26
Google8
Netgear6
Tongda2
Tilde2

产品

Google Chrome6
Tongda OA 20172
libnbd2
ThinkPHP2
Image Sharing Script2

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1mcart.xls Module mcart_xls_import.php SQL注入7.17.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00465CVE-2015-8356
2EasyCom PHP API 内存损坏8.57.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.37042CVE-2017-5358
3DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.540.00943CVE-2010-0966
4PbootCMS SingleController.php SQL注入8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00221CVE-2018-18450
5PoDoFo PDF File PdfXRefStreamParserObject.cpp ParseStream 内存损坏5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00075CVE-2018-5295
6Landing Pages Plugin 权限升级8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02034CVE-2015-5227
7Piwik Controller.php saveLayout 权限升级6.35.9$0-$5k$0-$5kFunctionalOfficial Fix0.020.00000
8Moxa AWK-3131A Web Application 拒绝服务7.27.2$0-$5k计算Not DefinedNot Defined0.000.00176CVE-2016-8723
9Image Sharing Script postComment.php Stored 跨网站脚本3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
10Linux Kernel tmpfs System posix_acl.c simple_set_acl 权限升级4.94.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2017-5551
11Netgear R8000 Password Recovery passwordrecovered.cgi 信息公开6.76.7$5k-$25k$0-$5kHighNot Defined0.020.97402CVE-2017-5521
12libtorrent GZIP Response puff.cpp construct 权限升级5.95.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00397CVE-2016-7164
13Tongda OA 2017 delete.php SQL注入6.96.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.120.00063CVE-2024-1252
14Ecommerce Online Store Kit shop.php SQL注入9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300
15D-Link DIR-823G HNAP1 权限升级5.55.3$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00321CVE-2021-43474
16Juniper ScreenOS SSH/Telnet 弱身份验证9.88.8$25k-$100k$0-$5kHighOfficial Fix0.050.97054CVE-2015-7755
17WarHound WarHound General Shopping Cart item.asp SQL注入7.36.9$0-$5k计算Proof-of-ConceptNot Defined0.000.00463CVE-2006-6206
18Adobe Magento Customers Module 权限升级5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00090CVE-2021-28567
19Google Android SimpleDecodingSource.cpp doRead 权限升级9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00120CVE-2021-39623
20Royal TS Tunnel Authentication 信息公开5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00735CVE-2020-13872

活动 (1)

These are the campaigns that can be associated with the actor:

  • Uyghurs

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
15.54.19.17ppp005054019017.access.hol.grScarlet Mimic2020-12-23verified
245.32.112.18245.32.112.182.vultrusercontent.comScarlet MimicUyghurs2022-09-23verified
3XX.XXX.XXX.XXXXxxxxxx Xxxxx2020-12-20verified
4XX.XX.XX.XXXXxxxxxx Xxxxx2020-12-20verified
5XX.XXX.XXX.XXXXxxxxxx Xxxxx2020-12-23verified
6XX.XXX.XXX.XXXxxxxxx.xxxxxxxxx.xxxXxxxxxx Xxxxx2020-12-23verified
7XXX.XXX.XXX.XXXxxxxxx Xxxxx2020-12-22verified
8XXX.XXX.XXX.XXXXxxxxxx Xxxxx2020-12-23verified
9XXX.XX.XXX.XXXXxxxxxx XxxxxXxxxxxx2022-09-23verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXXCWE-XXXxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File.htaccesspredictive
2File/ajax-files/postComment.phppredictive
3File/cgi-bin/passpredictive
4File/cgi-bin/wapopenpredictive
5File/general/attendance/manage/ask_duty/delete.phppredictive
6File/passwordrecovered.cgipredictive
7File/plugins/Dashboard/Controller.phppredictive
8Filexxxxx/xxxxx_xxx_xxxxxx.xxxpredictive
9Filexxxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx.xxpredictive
10Filexxxx\xxxxx\xxxxxxxxxx\xxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictive
11Filexxxxxxxx.xxxpredictive
12Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
13Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictive
14Filexxxxxxx\xxxxxxxxxx\xxxxx\xxxxxx.xxxpredictive
15Filexxxxxx/xxxx.xpredictive
16Filexxx.xxxxxxx.xxxpredictive
17Filexxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictive
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
19Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictive
20Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxx/xxxxxxxx.xxxpredictive
21Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictive
22Filexx/xxxxx_xxx.xpredictive
23Filexxx/xxx.xxxpredictive
24Filexxx/xxxxxx.xxxpredictive
25Filexxxxxxx.xxxpredictive
26Filexxxx.xxxpredictive
27Filexxxxxxx.xxxpredictive
28Filexxxxx.xxxpredictive
29Filexxxxxxxxx.xxxpredictive
30Filexxxx_xxxxxxxxxx.xxxpredictive
31Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
32Filexxxx.xxxpredictive
33Filexxxx.xxxpredictive
34Filexxxxxxxxxxxxxxxxxxxx.xxxpredictive
35Filexxxxxx/xxxxxx_xxxxxxxxxxx.xxxpredictive
36Filexxxxxxxxxxxx.xxxpredictive
37Filexx-xxxxx/xxxx.xxxpredictive
38Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxpredictive
39Argumentxxx_xxxx_xxpredictive
40Argumentxxxxxxxxpredictive
41Argumentxxxxxxx xxxxpredictive
42Argumentxxxxxxxxx->xxxxxxxxxpredictive
43Argumentxxxxxxxxxxpredictive
44Argumentxxpredictive
45Argumentxx/xxx/xxxxxpredictive
46Argumentxxxxxxxxxxxpredictive
47Argumentxxxxxpredictive
48Argumentxxxxxxpredictive
49Argumentxxxxxxxxpredictive
50Argumentxxxx_xxxxxpredictive
51Argumentxxxxxxxxxxpredictive
52Argumentxxxxpredictive
53Argumentxxxxxxxxx/xxxxxxxpredictive
54Argumentxxxpredictive
55Argumentxxxxxxxxpredictive
56Argumentxxx_xxxxxx_xxxxxxx_xx_xxxpredictive
57Input Value'xx x=xpredictive
58Input Value../..predictive
59Input Valuexxxxpredictive
60Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictive
61Input Valuexxxxxxxx.+xxxpredictive
62Input Valuexxxxxxxxx/xxxxxxxxxpredictive
63Input Value{{ }}predictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!