IP地址 84.32.188.96 (Log4j)

活动

时间轴

语言

en	9
ru	3
es	1

国家/地区

us	7
ru	6

Actors

Mirai_ptea	13

利益

时间轴

类型

供应商

产品

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	CTI	EPSS	CVE
1	Dropbear TCP Listener 内存损坏	7.2	6.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.04695	CVE-2017-9078
2	Microsoft Windows RPC DCOM PerformScmStage 内存损坏	5.6	5.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.05	0.36964	CVE-2003-0605
3	Microsoft Windows RPCSS 内存损坏	5.6	5.1	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.46718	CVE-2003-0715
4	MikroTik RouterOS SMB 内存损坏	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.12131	CVE-2018-7445
5	XiongMai uc-httpd 内存损坏	8.5	8.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.08382	CVE-2018-10088
6	MinIO Admin API 弱身份验证	8.8	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.01018	CVE-2020-11012
7	phpMyAdmin Privileges.php SQL注入	7.1	6.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.01034	CVE-2020-10804
8	Esri ArcGIS Server 权限升级	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00885	CVE-2020-35712
9	formidable Plugin 权限升级	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.01018	CVE-2019-15780
10	PHP Pro Publish search.php SQL注入	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00000
11	Rostelecom CS-C2SHW HTTP Response 内存损坏	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00885	CVE-2020-27539
12	Metasploit Web UI 跨网站脚本	8.0	7.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.00000

活动 (4)

These are the campaigns that can be associated with the actor:

Asylum Ambuscade
Cobalt Strike
Xxxxxx
Xxxxx

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	参与者	活动	类型	可信度
1	84.32.188.25	Unknown	Log4j	verified	高
2	84.32.188.29	UAC-0098	Cobalt Strike	verified	高
3	84.32.188.34	Mirai_ptea		verified	高
4	XX.XX.XXX.XX	Xxxxx_xxxx		verified	高
5	XX.XX.XXX.XX	Xxxxxxx	Xxxxx	verified	高
6	XX.XX.XXX.XX	Xxxxxxx	Xxxxx	verified	高
7	XX.XX.XXX.XX	Xxxxxxx	Xxxxxx Xxxxxxxxx	verified	高
8	XX.XX.XXX.XXX	Xxxxxxx	Xxxxx	verified	高
9	XX.XX.XXX.XXX	Xxxxxxx	Xxxxx	verified	高
10	XX.XX.XXX.XXX	Xxxxxxx	Xxxxx	verified	高
11	XX.XX.XXX.XXX	Xxxxx	Xxxxxx	verified	高
12	XX.XX.XXX.XXX	Xxxxx		verified	高
13	XX.XX.XXX.XXX	Xxxxxx Xxxxxx		verified	高

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1059.007	CWE-80	Cross Site Scripting	predictive	高
2	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	libraries/classes/Server/Privileges.php	predictive	高
2	File	search.php	predictive	中
3	Argument	xxxx_xxx	predictive	中
4	Argument	xxxxxxx[xxxx]	predictive	高
5	Pattern	\|xx xx xx xx xx xx xx xx\|	predictive	高
6	Pattern	\|xx xx xx\|	predictive	中

参考 (7)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!