Vjw0rm 分析
IOB - Indicator of Behavior (318)
活动
利益
漏洞
IOC - Indicator of Compromise (108)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (20)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (183)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | 分类 | Indicator | 类型 | 可信度 |
---|---|---|---|---|
1 | File | /addWhiteListDomain.imss | predictive | 高 |
2 | File | /admin/category/cate-edit-run.php | predictive | 高 |
3 | File | /admin/index2.html | predictive | 高 |
4 | File | /admin_giant/add_team_member.php | predictive | 高 |
5 | File | /api/baskets/{name} | predictive | 高 |
6 | File | /api/v4/users/ids | predictive | 高 |
7 | File | /apply.cgi | predictive | 中 |
8 | File | /cgi-bin/wlogin.cgi | predictive | 高 |
9 | File | /common/info.cgi | predictive | 高 |
10 | File | /debug/pprof | predictive | 中 |
11 | File | /etc/shadow | predictive | 中 |
12 | File | /forum/away.php | predictive | 高 |
13 | File | /get_getnetworkconf.cgi | predictive | 高 |
14 | File | /goform/setmac | predictive | 高 |
15 | File | /index.php?p=admin/actions/users/send-password-reset-email | predictive | 高 |
16 | File | /integrations.json | predictive | 高 |
17 | File | /lists/admin/ | predictive | 高 |
18 | File | /phppath/php | predictive | 中 |
19 | File | /project/tasks/list | predictive | 高 |
20 | File | /services/details.asp | predictive | 高 |
21 | File | /spip.php | predictive | 中 |
22 | File | /system/dataPerm/list | predictive | 高 |
23 | File | xxxxxxx.xxx | predictive | 中 |
24 | File | xxxxxxxxxx.xxx | predictive | 高 |
25 | File | xxxxx.xxx | predictive | 中 |
26 | File | xxxxx.xxx?xxx=xxxx&xxx=xxx | predictive | 高 |
27 | File | xxxxx/xxxxx.xxx | predictive | 高 |
28 | File | xxxxxxxx.xxx | predictive | 中 |
29 | File | xxx/xxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxx | predictive | 高 |
30 | File | xxx\xxxxxxxx\xxxxxxx_xxxxxxxxx.xxx | predictive | 高 |
31 | File | xxxxxx.xxx | predictive | 中 |
32 | File | xxxxxxxxxxx/xxxx/$xxxx_xx | predictive | 高 |
33 | File | xxx/xxxxxxxx_xxx_xxx_xxxx_xxxxx_xxxxxxx.xx | predictive | 高 |
34 | File | xxxxxxxxxxxxxx/xxxx/xxxx/xx.xxxxxxxxxx.xx_xxxx/xxx.xxx.xxx.xxxxxxxxx.xxxxxxx/xxx_xx_xxxx_xxxx_xxx/xxx_xx_xxxx_xxxx_xxx.xxx/xxxx | predictive | 高 |
35 | File | xxxx/xxxxxxxxxxxx.xxx | predictive | 高 |
36 | File | xxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx | predictive | 高 |
37 | File | xxxxx.xxx | predictive | 中 |
38 | File | xxx_xxxxx.xxx | predictive | 高 |
39 | File | xxxxxxxxx.xxxx | predictive | 高 |
40 | File | xxxxxxxx.xxx | predictive | 中 |
41 | File | xxxxx.xxx | predictive | 中 |
42 | File | xxxxxxxx.xxx | predictive | 中 |
43 | File | xxxxxx.xxx | predictive | 中 |
44 | File | xxxxxx.xxx | predictive | 中 |
45 | File | xxxxxx.xxx | predictive | 中 |
46 | File | xxxx | predictive | 低 |
47 | File | xxxxxxxx.xxx | predictive | 中 |
48 | File | xxxxxxx/xxxx-xxxxx-xxxxxx.xxx | predictive | 高 |
49 | File | xxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=x | predictive | 高 |
50 | File | xxx/xxxx/xxx_xxx.x | predictive | 高 |
51 | File | xxxxxxxxxxx/xxxxx.xxx | predictive | 高 |
52 | File | xxxxxxx/xxxx_xxxx.x | predictive | 高 |
53 | File | xxxxxxxxxx.xxxxxxx.xx | predictive | 高 |
54 | File | xxxx.xxx | predictive | 中 |
55 | File | xxxxx.xxx | predictive | 中 |
56 | File | xxxx_xxxxx.xx | predictive | 高 |
57 | File | xxxxxxxxxx.xxx | predictive | 高 |
58 | File | xxxxxxxxxxxxxxxxxxx.xxx | predictive | 高 |
59 | File | xx-xxxxxxx/xxxxxxx | predictive | 高 |
60 | File | xxxxxx/xxxxx_xxxx_xxxxxxx | predictive | 高 |
61 | File | xxxx.xxx | predictive | 中 |
62 | File | xxxxxxxxx.xxx | predictive | 高 |
63 | File | xxxxxxxxxxxxx.xxx | predictive | 高 |
64 | File | xxxxxx/xxxxx_xxxxxxx.xxx | predictive | 高 |
65 | File | xxxxxxxxxxxxx.xxx | predictive | 高 |
66 | File | xxxx\xxxxx\xxxxxxx\xxxxxxxxxxxxxx\xxxxxxxxxxxxxx.xxxxx.xxx | predictive | 高 |
67 | File | xxxxxxx.xxx | predictive | 中 |
68 | File | xxxxx.xxx | predictive | 中 |
69 | File | xxxxx.xxx?xxxxx=xxxxxxxxx/xxxxxx/xx_xxxxxxxxx_xxxxxx_xxxxx/xxxxxxxxxx | predictive | 高 |
70 | File | xxxx_xxxx.xxx | predictive | 高 |
71 | File | xxx_xxxxxx_xxxxxx.xx | predictive | 高 |
72 | File | xxxxxxx.xxx | predictive | 中 |
73 | File | xxxxxx/xxxxxx_xxxxx.xxx?xxxxxx=xxxx | predictive | 高 |
74 | File | xxxxxxx.xxx | predictive | 中 |
75 | File | xxxxxxx/xxxxxxxxxx/xxxx/xxxxxx.xxx | predictive | 高 |
76 | File | xxx_xxxx_xxx_xxxxxxxxxx.x | predictive | 高 |
77 | File | xxxxxxxxx/xxxxx.xxx | predictive | 高 |
78 | File | xxxxx.xxx | predictive | 中 |
79 | File | xx_xx.x | predictive | 低 |
80 | File | xxxxxxxx.xxx | predictive | 中 |
81 | File | xxxx.xxx | predictive | 中 |
82 | File | xxxxxxx_xxxx.xxx | predictive | 高 |
83 | File | xxxxxxxx.x | predictive | 中 |
84 | File | xxxxxxxxxxxx.xxxx | predictive | 高 |
85 | File | xxxxxxx.xxx | predictive | 中 |
86 | File | xxx/xxx.xxx | predictive | 中 |
87 | File | xxxx/xxx/xxx_xxxx.x | predictive | 高 |
88 | File | xxxxxx.x | predictive | 中 |
89 | File | xxxxxxxx.xxx | predictive | 中 |
90 | File | xxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xx | predictive | 高 |
91 | File | xxxxxxx.x | predictive | 中 |
92 | File | xxxxx.xxx | predictive | 中 |
93 | File | xxxx.xxx | predictive | 中 |
94 | File | xxxxxxx.xxx | predictive | 中 |
95 | File | xxxx_xxxxxxx_xxxxxxxx.xxx | predictive | 高 |
96 | File | xxxxxxxxxxx.xxx | predictive | 高 |
97 | File | xxxxx.xxx | predictive | 中 |
98 | File | xxx/xxxxxxx/xxxxxxx/xxxxx.xx | predictive | 高 |
99 | File | xxxxxxx.xxx | predictive | 中 |
100 | File | xxx_xxxxx_xxxxxxx_xxxx.xxx | predictive | 高 |
101 | File | x/xxxxx.xxx | predictive | 中 |
102 | File | xxx-xxxxxxx-xxx.xx | predictive | 高 |
103 | File | xxxxxxx.xxx | predictive | 中 |
104 | File | xxxx/xxxxxxxx.xxx | predictive | 高 |
105 | File | xxxx/xxx/xxxx-xxxxx.xxx | predictive | 高 |
106 | File | xxx/xxx/xxx-xxx/xxxx.xxx | predictive | 高 |
107 | File | xxxxxxxx.xxx | predictive | 中 |
108 | File | xxxx_xxx_xxx.xxx | predictive | 高 |
109 | File | xxxxxx.xxx | predictive | 中 |
110 | File | xx-xxxxx/xxxx.xxx?xxxx_xxxx=xxxxx&xxxx=xxxxxx-xxxxxxx-xxxxxxx | predictive | 高 |
111 | File | xx-xxxxxxxx/xxxxx.xxx | predictive | 高 |
112 | Library | xxx/xxxxxxxxxx/xxxxx/xxxxxx.xxx | predictive | 高 |
113 | Library | xxxxxxxxx | predictive | 中 |
114 | Argument | $_xxxxxx['xxxxx_xxxxxx'] | predictive | 高 |
115 | Argument | xx/xx | predictive | 低 |
116 | Argument | xxxxx | predictive | 低 |
117 | Argument | xxxxxxxxxxxxxxxxxxxxx | predictive | 高 |
118 | Argument | xxx | predictive | 低 |
119 | Argument | xxxxxxxx | predictive | 中 |
120 | Argument | xxx | predictive | 低 |
121 | Argument | xxxxxx | predictive | 低 |
122 | Argument | xxx | predictive | 低 |
123 | Argument | xxxxxxxxxx | predictive | 中 |
124 | Argument | xxx_xx | predictive | 低 |
125 | Argument | xxx | predictive | 低 |
126 | Argument | xxxx_xx | predictive | 低 |
127 | Argument | xxxx_xxxxx_xxxxxxxxxx_xxxxx_xxxx | predictive | 高 |
128 | Argument | xxxx | predictive | 低 |
129 | Argument | xxxx | predictive | 低 |
130 | Argument | xxxxxx | predictive | 低 |
131 | Argument | xxxxxxxxxxxx | predictive | 中 |
132 | Argument | xxx | predictive | 低 |
133 | Argument | xxxxx | predictive | 低 |
134 | Argument | xxxxx | predictive | 低 |
135 | Argument | xxxx/xxxxxxx/xxx/xxxxxxxxx | predictive | 高 |
136 | Argument | xxxxxx | predictive | 低 |
137 | Argument | xxxx_xx | predictive | 低 |
138 | Argument | xx | predictive | 低 |
139 | Argument | xx/xxx | predictive | 低 |
140 | Argument | xxxxxx | predictive | 低 |
141 | Argument | xxxx_xx | predictive | 低 |
142 | Argument | xx-xxxxxx-xxxxxx-xxxx | predictive | 高 |
143 | Argument | xxx | predictive | 低 |
144 | Argument | xx_xxxxxxx | predictive | 中 |
145 | Argument | xxxxx | predictive | 低 |
146 | Argument | xxxxxxxxx | predictive | 中 |
147 | Argument | xxxxx xxxxxx | predictive | 中 |
148 | Argument | xxxxxx/xxxxx/xxxx | predictive | 高 |
149 | Argument | xxxxxxx | predictive | 低 |
150 | Argument | xxxxxxxx | predictive | 中 |
151 | Argument | xxxx | predictive | 低 |
152 | Argument | xxxxx | predictive | 低 |
153 | Argument | xxxxxxxxxx | predictive | 中 |
154 | Argument | xxxxx_xxxxxx | predictive | 中 |
155 | Argument | xxxxxx/xxxxxx_xxxxxx | predictive | 高 |
156 | Argument | xxxxxxx_xx | predictive | 中 |
157 | Argument | xxxxx | predictive | 低 |
158 | Argument | xxx_xxxx | predictive | 中 |
159 | Argument | xxxx | predictive | 低 |
160 | Argument | xxx | predictive | 低 |
161 | Argument | xxxxxxx | predictive | 低 |
162 | Argument | xxxxxxxxxxxx | predictive | 中 |
163 | Argument | xxx_xxxxx_xx | predictive | 中 |
164 | Argument | xxxxxx-xxxx-xx | predictive | 高 |
165 | Argument | xxxxx | predictive | 低 |
166 | Argument | xxx | predictive | 低 |
167 | Argument | xxx | predictive | 低 |
168 | Argument | xxx | predictive | 低 |
169 | Argument | xxxxxx | predictive | 低 |
170 | Argument | xxxxxx | predictive | 低 |
171 | Argument | xxxx_xx[] | predictive | 中 |
172 | Argument | xxx_xxxx | predictive | 中 |
173 | Argument | x-xxxxxxxxx-xxxx | predictive | 高 |
174 | Argument | x-xxxx | predictive | 低 |
175 | Argument | _xxxxxxx | predictive | 中 |
176 | Input Value | %xx%xx%xx%xx | predictive | 中 |
177 | Input Value | -x | predictive | 低 |
178 | Input Value | xxxx.xxx"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx);</xxxxxx>) | predictive | 高 |
179 | Input Value | x=x | predictive | 低 |
180 | Input Value | \x | predictive | 低 |
181 | Network Port | xx xxxxxxx xxx.xx.xx.xx | predictive | 高 |
182 | Network Port | xxx/xx (xxx xxxxxxxx) | predictive | 高 |
183 | Network Port | xxx/xxxx | predictive | 中 |
参考 (16)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-21%20Vjw0rm%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-08%20Vjw0rm%20IOCs
- xxxxx://xxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxxx-xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxxx%xxxxxx
- xxxxx://xxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxxx-xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxxx%xxxxxx
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxxxx
- xxxxx://xxxxxxxxx.xxxxx.xx
- xxxxx://xxxx.xx/xxxxxx-xxxxxxxxx
- xxxxx://xxxx.xx/xxxxxx-xxxxxxxxxx
- xxxxx://xxxx.xx/xxxxxx-xxxxxxxxxx
- xxxxx://xxxx.xx/xxxxxx-xxxxxxxxxx
- xxxxx://xxxx.xx/xxxxxx-xxxxxxxxxx
- xxxxx://xxxx.xx/xxxxxx-xxxxxxxxxx
- xxxxx://xxxx.xx/xxxxxx-xxxxxxxxxx
- xxxxx://xxxx.xx/xxxxxx-xxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxx.xxxxxxxxxxxx.xxx/xxxx/xxxxxxxxxxxxx-xxx-xxxxxxx-xxxxxxxxxx-xxxxxx-xxxxxxxxx