Zardoor 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

时间轴

语言

en30
it4
ru2
fr2
de2

国家/地区

us32
ru4
ir2
it2

演员

Zardoor5
Gamaredon2
Bashlite1
Chafer1
Rhadamanthys1

活动

利益

时间轴

类型

Not Defined20
Content Management System6
JavaScript Library2
Forum Software2
Firewall Software2

供应商

Not Defined14
Open Design Alliance2
PHPOutsourcing2
amauric2
LogicBoard2

产品

Open Design Alliance Drawings SDK2
PHPOutsourcing IdeaBox2
amauric tarteaucitron.js2
LogicBoard CMS2
TikiWiki2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k计算HighWorkaround0.020160.02CVE-2007-1192
2Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.900800.05CVE-2023-20198
3amauric tarteaucitron.js 跨网站脚本4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2023-3620
4MikroTik RouterOS RSC File export 权限升级6.76.6$0-$5k$0-$5kNot DefinedWorkaround0.001520.02CVE-2021-27221
5Roundcube SVG Document rcube_washtml.php 跨网站脚本5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006800.06CVE-2023-5631
6PHPizabi index.php 目录遍历6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.06CVE-2008-3723
7SAP Business One SMB Shared Folder 权限升级8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2023-31403
8Check Point Harmony Endpoint/ZoneAlarm Extreme Security 权限升级6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2023-28134
9OTRS OpenSSL SSL_get_verify_result 弱身份验证7.27.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.02CVE-2023-5422
10FireEye Malware Analysis System PCAP File send_pcap_file SQL注入7.37.0$0-$5k$0-$5kHighOfficial Fix0.000000.00
11SolarWinds Orion SQL注入6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.012930.00CVE-2021-35234
12TikiWiki tiki-register.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
13Marvell 88W8688 Parrot Faurecia Automotive FC6050W 内存损坏8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.003650.04CVE-2019-13582
14PHPOutsourcing IdeaBox include.php 权限升级7.36.4$0-$5k$0-$5kUnprovenUnavailable0.174100.04CVE-2008-5199
15Media-products Eros Webkatalog start.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.001190.00CVE-2010-0964
16Open Design Alliance Drawings SDK DGN File 内存损坏5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000800.00CVE-2021-32952
17Apple iOS Racoon Configuration File Format String9.88.8$100k 以及更多$5k-$25kProof-of-ConceptOfficial Fix0.011300.00CVE-2012-0646
18Microsoft Exchange Server Privilege Escalation9.58.2$25k-$100k$0-$5kUnprovenOfficial Fix0.002540.00CVE-2021-26427
19Server LDAP Server 权限升级5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.006840.00CVE-2019-3824
20hostapd/wpa_supplicant EAP-pwd eap_server_pwd.c 拒绝服务4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.016080.00CVE-2019-11555

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
170.34.194.18570.34.194.185.vultrusercontent.comZardoor2024-02-09verified
270.34.195.22170.34.195.221.vultrusercontent.comZardoor2024-02-09verified
370.34.208.19770.34.208.197.vultrusercontent.comZardoor2024-02-09verified
4XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024-02-09verified
5XXX.XXX.XX.XXXxxxxxx2024-02-09verified
6XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024-02-09verified
7XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024-02-09verified
8XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024-02-09verified
9XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024-02-09verified
10XXX.XX.XXX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxx2024-02-09verified
11XXX.XX.X.XXXxxx.xx.x.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024-02-09verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/exportpredictive
2File/forum/away.phppredictive
3File/inc/HTTPClient.phppredictive
4Fileadd_comment.phppredictive
5Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
6Filexxx_xxxxxx/xxx_xxxxxx_xxx.xpredictive
7Filexxxxxxxx/xxxxxxxxxpredictive
8Filexxx/xxxxxx.xxxpredictive
9Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
10Filexxxxxxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
13Filexxxxxxxx_xxxx.xxxpredictive
14Filexxxx_xxxx_xxxxpredictive
15Filexxxxx.xxxpredictive
16Filexxxx-xxxxxxxx.xxxpredictive
17Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictive
18Argumentxxxxxxxxpredictive
19Argumentxx_xxpredictive
20Argumentxxxxpredictive
21Argumentxxxxxxxxpredictive
22Argumentxxpredictive
23Argumentxxxxxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!