Tick 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (36)

时间轴

语言

en34
zh2

国家/地区

us28
cn6

演员

Tick4
Cobalt Strike2
PlugX1

活动

利益

时间轴

类型

Not Defined18
Firewall Software2
Forum Software2
Database Software2

供应商

Not Defined10
Kyocera2
MGB2
Bomgar2
Fortinet2

产品

Kyocera ECOSYS M5526cdw2
MGB OpenSource Guestbook2
PHPWind2
Bomgar Remote Support2
Fortinet FortiOS2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Canon MF210/MF220 System Manager Mode login.html 弱身份验证8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.013670.00CVE-2018-11711
3WP Contacts Manager Plugin SQL注入6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-1014
4NodeBB abort 跨网站请求伪造4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000830.06CVE-2022-3978
5Nodebb JSON File 目录遍历4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.03CVE-2021-43788
6TerraMaster TOS Parameter exportUser.php 权限升级9.38.9$0-$5k$0-$5kNot DefinedOfficial Fix0.966230.00CVE-2020-15568
7Plex Media Server Camera Upload 权限升级7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.011140.04CVE-2019-19141
8Kyocera ECOSYS M5526cdw Web Application 内存损坏7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000960.07CVE-2019-13206
9Synacor Zimbra Collaboration XML External Entity8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.02CVE-2016-9924
10Fortinet FortiOS SSL VPN Web Portal 内存损坏5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.008170.03CVE-2018-13383
11Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.06CVE-2017-0055
12Discuz! DiscuzX Attachment 权限升级7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001830.04CVE-2018-5259
13Discuz! admin.php 跨网站脚本3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.02CVE-2018-19464
14Microsoft SQL Server SQL Master Data Services 拒绝服务6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.004720.03CVE-2014-4061
15vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.18CVE-2018-6200
16LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.22
17FLDS redir.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.002030.03CVE-2008-5928
18PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.12CVE-2015-4134
19MGB OpenSource Guestbook email.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.013020.69CVE-2007-0354
20esoftpro Online Guestbook Pro ogp_show.php SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.001350.09CVE-2010-4996

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
152.84.186.239server-52-84-186-239.cdg50.r.cloudfront.netTick2018-10-22verified
258.230.118.78mail.booksr.co.krTick2023-03-14verified
361.106.60.47Tick2022-03-27verified
4103.127.124.76Tick2023-03-14verified
5XXX.XXX.XXX.XXXXxxx2023-03-14verified
6XXX.XXX.XXX.XXXXxxx2024-03-05verified
7XXX.XX.XX.XXXxxx2023-03-14verified
8XXX.XX.XXX.XXXXxxx2022-03-27verified
9XXX.XX.XXX.XXXxxx2018-10-22verified
10XXX.XXX.XX.XXXXxxx2023-03-14verified
11XXX.XXX.XXX.XXXxxx2022-10-14verified
12XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxx2023-03-14verified
13XXX.XXX.XXX.XXXXxxx2018-10-22verified
14XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxx2018-10-22verified
15XXX.XX.XXX.XXXXxxx2018-10-22verified
16XXX.XXX.XX.XXXXxxx2022-03-27verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/forum/away.phppredictive
2File/login.htmlpredictive
3File/register/abortpredictive
4File/uncpath/predictive
5Filexxxxx.xxxpredictive
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
7Filexxxxx.xxxpredictive
8Filexxxx.xxxpredictive
9Filexxxxxxxxxxxxxxxxx.xxxxpredictive
10Filexxxxxxx/xxxxxxxxxx.xxxpredictive
11Filexxxxxxx.xxxpredictive
12Filexxxxxxxxx/predictive
13Filexxx_xxxx.xxxpredictive
14Filexxxxx.xxxpredictive
15Filexxxxxxxxxx.xxxpredictive
16Filexxxxxx_xxxx.xxxpredictive
17Argumentxxxpredictive
18Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictive
19Argumentxxxxpredictive
20Argumentxxpredictive
21Argumentxxxxxxpredictive
22Argumentxxxxxxxxpredictive
23Argumentxxxpredictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!