Sodinokibi 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (92)

时间轴

语言

en82
fr4
es2
de2
pt2

国家/地区

us18
gb8
fr4
ru4
pw4

演员

Sodinokibi9
Crimeware1
Nanocore1
Upatre1
Angler Exploit Kit1

活动

利益

时间轴

类型

Not Defined30
Operating System10
Web Browser6
Firewall Software6
Programming Language Software4

供应商

Not Defined20
Microsoft6
Google6
Oracle4
Apache4

产品

Oracle Java SE4
Microsoft Windows4
Google Chrome4
PHPUnit2
njs2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1FLDS redir.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.002030.09CVE-2008-5928
2Debian fuse Package cuse 权限升级7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2016-1233
3OpenEMR sl_eob_search.php 权限升级7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2018-15154
4Pandao editor.md Markdown 跨网站脚本4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000550.06CVE-2023-29641
5LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.99
6OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.76CVE-2014-2230
7Apple Mac OS X Server Wiki Server SQL注入5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003392.68CVE-2015-5911
8SAP 3D Visual Enterprise Viewer GIF File 拒绝服务3.83.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000610.00CVE-2021-27593
9Apple macOS IOMobileFrameBuffer 内存损坏7.87.2$5k-$25k$0-$5kFunctionalOfficial Fix0.002630.00CVE-2022-22587
10Apple iOS/iPadOS IOMobileFrameBuffer 内存损坏7.87.2$25k-$100k$5k-$25kFunctionalOfficial Fix0.002630.00CVE-2022-22587
11Apple Safari WebKit 拒绝服务7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.008560.00CVE-2014-4452
12HPE Ezmeral Data Fabric TEZ MapR Ecosystem 权限升级6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001970.00CVE-2021-29215
13nginx ngx_http_mp4_module 信息公开5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001980.05CVE-2018-16845
14SonarQube values 弱加密5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.368800.01CVE-2020-27986
15Bitnami Docker Container .env 弱加密3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001170.02CVE-2021-21979
16Google Android System 权限升级7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003060.07CVE-2017-13209
17PHP addcslashe Remote Code Execution8.58.1$5k-$25k$0-$5kUnprovenOfficial Fix0.005390.00CVE-2016-4344
18Sophos XG Firewall HTTPS Bookmark 内存损坏8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.007730.00CVE-2020-15069
19Marvin Minsky Universal Turing Machine 权限升级4.64.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000480.00CVE-2021-32471
20Sophos Cyberoam Firewall SSL VPN Console 权限升级8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006420.03CVE-2019-17059

IOC - Indicator of Compromise (28)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
145.55.211.79Sodinokibi2019-05-02verified
246.30.215.77webcluster1.webpod6-cph3.one.comSodinokibi2022-04-14verified
346.45.134.70server-46.45.134.70.as42926.netSodinokibi2022-04-14verified
450.116.71.86box6146.bluehost.comSodinokibi2022-04-14verified
552.9.200.151www.drvoip.comSodinokibi2022-04-14verified
652.28.116.69ec2-52-28-116-69.eu-central-1.compute.amazonaws.comSodinokibi2022-04-14verified
7XX.XXX.XX.XXxxxxxxxxxx.xxxXxxxxxxxxx2022-04-14verified
8XX.XXX.X.XXxxx-xx-xxx-x-xx.xxxxxxx.xxxx-xxxxxxx-xxxxx.xxxXxxxxxxxxx2022-04-14verified
9XX.XXX.XX.XXXXxxxxxxxxx2022-04-14verified
10XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxx.xxxXxxxxxxxxx2022-04-14verified
11XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxx2022-04-14verified
12XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx.xxxxxxxxxx.xxxXxxxxxxxxx2022-04-14verified
13XXX.XXX.XXX.XXxxxxxx.xxxx.xxXxxxxxxxxx2022-04-14verified
14XXX.XX.XX.XXXXxxxxxxxxx2019-05-02verified
15XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxxxxx.xxXxxxxxxxxx2022-04-14verified
16XXX.XXX.XX.XXxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-04-14verified
17XXX.XX.X.XXXxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx2022-04-14verified
18XXX.XXX.XX.XXXxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxx2022-04-14verified
19XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xxxxxxxxxx.xxxXxxxxxxxxx2022-04-14verified
20XXX.XXX.XX.XXXxxxxxxxxxx.xxxxxxx.xxx.xxxXxxxxxxxxx2022-04-14verified
21XXX.XXX.XX.XXXXxxxxxxxxx2019-05-02verified
22XXX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx2022-04-14verified
23XXX.XX.XXX.XXxxxx.xxxxxxxxxxx.xxxXxxxxxxxxx2022-04-14verified
24XXX.XXX.XXX.XXxxxxx-xx.xxxxxxxx.xxxXxxxxxxxxx2022-04-14verified
25XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxx2022-04-14verified
26XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-04-14verified
27XXX.XXX.XX.Xxxxxxxxxxx.xxx.xxxXxxxxxxxxx2022-04-14verified
28XXX.XXX.XX.XXxxxxxxxxxx.xxx.xxxXxxxxxxxxx2022-04-14verified

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCWE-XXXxx Xxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/dev/cusepredictive
2File/dev/snd/seqpredictive
3File/forum/away.phppredictive
4File/tmp/app/.envpredictive
5File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictive
6Filexxxxxxx.xxxpredictive
7Filexxxxx/xxxxxxxx.xxxpredictive
8Filexxx/xxxxxxxx/xxxxxxpredictive
9Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
10Filexxxxxxx.xxxpredictive
11Filexxxxxxx.xxxxpredictive
12Filexx/xxxxx.xpredictive
13Filexxxxxxx.xpredictive
14Filexxxxx.xxpredictive
15Filexxxxxxxxx/xxxxxxx/xx_xxx_xxxxxx.xxxpredictive
16Filexxxxxxx_xxxxxxxxxxxx.xpredictive
17Filexxxx.xpredictive
18Filexxx_xxxxx.xpredictive
19Filexxx_xxxx.xpredictive
20Filexxx_xxxxx.xpredictive
21Filexxxxxx/xxxxxxxxxxxxxxxxx.xxpredictive
22Filexxxxx.xxxpredictive
23Filexxxx-xxxxxx.xpredictive
24Filexxxxxxxxx_xxxpredictive
25Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
26Argumentxxx_xxxpredictive
27Argumentxxxxpredictive
28Argumentxxpredictive
29Argumentxxxxxxxxxxxxxxpredictive
30Argumentxxxxx_xxxxxxxpredictive
31Argumentxxxxxxpredictive
32Argumentxxxxxxxxxpredictive
33Input Value.%xx.../.%xx.../predictive
34Input Valuexxxxx/xxxxxxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!