TA406 分析

IOB - Indicator of Behavior (59)

时间轴

语言

en50
es4
ru2
ja2
pt2

国家/地区

演员

活动

利益

时间轴

类型

供应商

产品

Microsoft Windows8
Gallarific PHP Photo Gallery script2
Redis2
NVIDIA DCGM2
YzmCMS2

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.00626CVE-2022-37958
2Secomea GateManager 权限升级5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00054CVE-2022-25782
3Microsoft Windows Mark of the Web 未知漏洞5.44.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00313CVE-2022-41091
4Synacor Zimbra Collaboration Suite sudo Configuration zmslapd 权限升级8.38.3$0-$5k$0-$5kHighOfficial Fix0.020.00114CVE-2022-37393
5vsftpd Service Port 6200 权限升级8.58.4$25k-$100k$25k-$100kNot DefinedWorkaround0.030.84215CVE-2011-2523
6Genivia gSOAP WS-Addressing Plugin 内存损坏8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.02707CVE-2020-13576
7Citrix ADC/Gateway 跨网站脚本4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.03543CVE-2023-24488
8sitepress-multilingual-cms Plugin class-wp-installer.php 跨网站请求伪造6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00427CVE-2020-10568
9Kingsoft WPS Office Registry wpsupdater.exe 权限升级5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00924CVE-2022-24934
10Microsoft Windows Scripting Language 竞争条件7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00468CVE-2022-41118
11php-fusion downloads.php 跨网站脚本5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00159CVE-2020-12708
12Gallarific PHP Photo Gallery script gallery.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00112CVE-2011-0519
13Gallery My Photo Gallery image.php SQL注入6.35.7$0-$5k计算Proof-of-ConceptNot Defined0.020.00000
14Host Web Server phpinfo.php phpinfo 信息公开5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.080.00000
15ESMI PayPal Storefront products1h.php 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.05468CVE-2005-0936
16Ecommerce Online Store Kit shop.php SQL注入9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300
17Simple Real Estate Portal System SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00172CVE-2022-28410
18Microsoft Office Remote Code Execution5.85.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00220CVE-2022-29107
19automad Dashboard 跨网站脚本3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00054CVE-2022-1536
20Encode httpx 权限升级5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00109CVE-2021-41945

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/admin_manage/deletepredictive
2File/my_photo_gallery/image.phppredictive
3File/reps/classes/Users.php?f=delete_agentpredictive
4File/s/predictive
5Filexxxxxxxxx.xxxpredictive
6Filexx.xxxpredictive
7Filexxxxxxxxx/xxxxxxxxx.xxxpredictive
8Filexxxxxxx/xxx/xxxxxxxx/xx.xpredictive
9Filexxxxxxx.xxxpredictive
10Filexxx/xxxxxx.xxxpredictive
11Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
12Filexxxxxxx.xxxpredictive
13Filexxxxxxxxxx.xxxpredictive
14Filexxxx.xxxpredictive
15Filexxxx.xxxpredictive
16Filexxxxxxxxxx.xxxpredictive
17Filexxxxxxxpredictive
18Argumentxxxxxxxxpredictive
19Argumentxxx_xxpredictive
20Argumentxxxxx.xxx/xxxxx.xxxxxxpredictive
21Argumentxxpredictive
22Argumentxxxxxpredictive
23Argumentxxxxxxpredictive
24Argumentxxxpredictive
25Argumentxxxxxpredictive
26Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictive
27Input Valuexxxx</xxxxx><xxxxxx>xxxxx("xxxx")</xxxxxx><xxxxx>predictive
28Network Portxxx/xxxxpredictive
29Network Portxxx/xxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!