Vollgar 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (56)

时间轴

语言

en48
zh8

国家/地区

us40
cn14
gb2

演员

Vollgar6
Cobalt Strike2
PlugX1
Mirai1
LoJax1

活动

利益

时间轴

类型

Not Defined28
Cloud Software6
SCADA Software6
WordPress Plugin4
Web Server2

供应商

Not Defined10
Measuresoft6
Trend Micro6
Adobe4
Wowza2

产品

Measuresoft ScadaPro Server6
Trend Micro Apex One6
Adobe Creative Cloud Desktop Application4
Measuresoft ScadaPro Client4
Wowza Streaming Engine2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1All in One SEO Best WordPress SEO Plugin Import/Export 权限升级5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000920.04CVE-2021-24307
2Odoo Database Anonymization Privilege Escalation5.65.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002140.05CVE-2017-10803
3Libbitcoin Explorer Milk Sad 弱加密5.35.3$0-$5k$0-$5kHighNot Defined0.001160.04CVE-2023-39910
4tagDiv Composer Plugin Facebook Login 弱身份验证7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003730.01CVE-2022-3477
5Trend Micro Apex One 信息公开7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44649
6Sophos Mobile Managed On-Premises XML 权限升级8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.412830.00CVE-2022-3980
7iPXE TLS tls.c tls_new_ciphertext 信息公开3.23.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.09CVE-2022-4087
8Dolibarr SQL注入7.87.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001370.03CVE-2022-4093
9nginx 权限升级6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.60CVE-2020-12440
10Insyde Kernel UEFI Variable 内存损坏7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2022-35897
11Trend Micro Apex One Change Prevention Service 内存损坏7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44650
12Atlassian Bitbucket Server and Data Center Environment Variable 权限升级7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.610940.02CVE-2022-43781
13Trend Micro Apex One Security Agent 竞争条件7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44651
14LG SmartShare 权限升级7.07.0$5k-$25k$5k-$25kNot DefinedNot Defined0.000540.04CVE-2022-45422
15WP-Polls Plugin HTTP Header 权限升级6.36.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000600.04CVE-2022-1581
16Apple watchOS ImageIO 信息公开5.45.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007540.03CVE-2016-3619
17D-Link G integrated Access Device4 Web Interface login.asp 权限升级5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001240.02CVE-2022-36785
18Trend Micro Apex One 权限升级8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44652
19Trend Micro Apex One Security Agent 目录遍历8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.00CVE-2022-44653
20Apple tvOS ImageIO 信息公开5.45.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007540.00CVE-2016-3619

IOC - Indicator of Compromise (21)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
11.23.82.72Vollgar2020-04-02verified
22.2.82.64Vollgar2020-04-02verified
32.12.51.56arennes-655-1-148-56.w2-12.abo.wanadoo.frVollgar2020-04-02verified
43.95.29.25ec2-3-95-29-25.compute-1.amazonaws.comVollgar2020-04-02verified
54.96.46.65Vollgar2020-04-02verified
6XX.X.XX.XXxxxxxx2020-04-02verified
7XX.XX.XX.XXXxxxxxx2020-04-02verified
8XX.XXX.XXX.XXXXxxxxxx2022-02-13verified
9XX.XXX.XXX.XXXXxxxxxx2022-02-13verified
10XX.XX.XX.XXxxxxxx2020-04-02verified
11XXX.XX.XXX.XXXxxxxxx2022-02-13verified
12XXX.XXX.XX.Xxxxxxx.xxxxxxxx.xxxXxxxxxx2022-02-13verified
13XXX.XXX.XX.XXXxxxxxx2022-02-13verified
14XXX.XXX.XX.XXXXxxxxxx2022-02-13verified
15XXX.XXX.XX.XXXXxxxxxx2022-02-13verified
16XXX.XX.XXX.XXxxxxxx2022-02-13verified
17XXX.XXX.X.XXXXxxxxxx2022-02-13verified
18XXX.XXX.XX.XXXXxxxxxx2022-02-13verified
19XXX.XX.XX.XXXXxxxxxx2022-02-13verified
20XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx2022-02-13verified
21XXX.XXX.XXX.XXXXxxxxxx2020-04-02verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3T1059.007CWE-79Cross Site Scriptingpredictive
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCWE-XXXxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
12TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/rest/api/2/user/pickerpredictive
2File/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.phppredictive
3Fileafr.phppredictive
4Filedata/gbconfiguration.datpredictive
5Filexxxx.xxxpredictive
6Filexxx/xxxxxx.xxxpredictive
7Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictive
8Filexxx/xxx.xpredictive
9Filexxxxx.xxxpredictive
10Filexxx.xxxpredictive
11Filexxx/xxx/xxx.xpredictive
12Filexxxxxx.xxxpredictive
13Libraryxxx/xx.xxxpredictive
14Libraryxxxxxxx/xxxxxxx/xxxxxx/xxx/xxxxx.xxxxxxx.xxxpredictive
15Argumentxxxxxxxxpredictive
16Argumentxxxxxpredictive
17Argumentxxxxxpredictive
18Argumentxxpredictive
19Argumentxxx_xxxpredictive
20Argumentxxxxpredictive
21Argumentxxxxxx_xxxxpredictive
22Argumentxxxxpredictive
23Argumentxxxpredictive
24Argumentxxxpredictive
25Argumentxxxxxxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!