部门 Education

Timeframe: -28 days

Default Categories (58): Access Management Software, Accounting Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Backup Software, Blog Software, Calendar Software, Chat Software, Cloud Software, Communications System, Database Administration Software, Database Software, Digital Media Player, Directory Service Software, Document Management Software, Document Processing Software, Document Reader Software, Endpoint Management Software, Firewall Software, Groupware Software, Hardware Driver Software, Image Processing Software, Information Management Software, IP Phone Software, Knowledge Base Software, Learning Management Software, Library Management System Software, Log Management Software, Mail Client Software, Mail Server Software, Messaging Software, Middleware, Multimedia Player Software, Multimedia Processing Software, Network Attached Storage Software, Network Encryption Software, Network Management Software, Network Routing Software, Office Suite Software, Operating System, Presentation Software, Printing Software, Programming Language Software, Project Management Software, Remote Access Software, Reporting Software, Router Operating System, Server Management Software, Spreadsheet Software, SSH Server Software, Survey Software, Unified Communication Software, Virtualization Software, Web Browser, Web Server, Wireless LAN Software, Word Processing Software

时间轴

供应商

Linux396
Microsoft132
Oracle74
Not Defined56
Juniper40

产品

Linux Kernel396
Microsoft Windows90
Juniper Junos OS34
Oracle MySQL Server34
Google Chrome28

修正

Official Fix778
Temporary Fix0
Workaround2
Unavailable0
Not Defined130

易受攻击性

High8
Functional2
Proof-of-Concept20
Unproven116
Not Defined764

访问向量

Not Defined0
Physical4
Local98
Adjacent430
Network378

身份验证

Not Defined0
High98
Low556
None256

用户交互

Not Defined0
Required150
None760

C3BM Index

CVSSv3 Base

≤10
≤20
≤326
≤470
≤5212
≤6280
≤7124
≤8138
≤956
≤104

CVSSv3 Temp

≤10
≤20
≤328
≤478
≤5214
≤6332
≤7126
≤8110
≤918
≤104

VulDB

≤10
≤20
≤330
≤490
≤5210
≤6260
≤7130
≤8142
≤944
≤104

NVD

≤1910
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

CNA

≤1684
≤20
≤34
≤412
≤546
≤650
≤722
≤852
≤932
≤108

供应商

≤1784
≤20
≤30
≤40
≤50
≤616
≤730
≤844
≤936
≤100

零日攻击

<1k22
<2k136
<5k34
<10k458
<25k138
<50k108
<100k14
≥100k0

本日攻击

<1k306
<2k228
<5k192
<10k90
<25k86
<50k8
<100k0
≥100k0

攻击市场容量

IOB - Indicator of Behavior (1000)

时间轴

语言

en676
ja94
ru62
de38
es36

国家/地区

us190
jp122
ru74
cn48
de44

演员

Cobalt Strike6
RedLine Stealer3
Mirai3
FAKEUPDATES2
BumbleBee2

活动

利益

时间轴

类型

Operating System116
Web Browser22
Router Operating System20
Database Software16
Document Reader Software16

供应商

Linux88
Microsoft42
Not Defined16
Oracle16
Google14

产品

Linux Kernel88
Microsoft Windows28
Google Chrome14
Microsoft SQL Server8
Adobe Acrobat Reader8

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1SourceCodester Pisay Online E-Learning System controller.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000454.72CVE-2024-4349
2Tinyproxy HTTP Connection Header 内存损坏9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.000911.04CVE-2023-49606
3Netgear DG834Gv5 Web Management Interface 弱加密2.72.5$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000450.26CVE-2024-4235
4Google Chrome Dawn 内存损坏6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000450.37CVE-2024-4368
5Google Chrome Picture In Picture 内存损坏6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000450.33CVE-2024-4331
6Contemporary Controls BASrouter BACnet BASRT-B Device-Communication-Control Service 拒绝服务6.55.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.19CVE-2024-4292
7Apache ActiveMQ Jolokia/REST API 弱身份验证7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.37CVE-2024-32114
8PHP password_verify 未知漏洞3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000430.34CVE-2024-3096
9Linksys E5600 info 权限升级5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.48-CVE-2024-33788
10The R Project RDS 权限升级7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.34CVE-2024-27322
11Adobe Acrobat Reader 内存损坏7.06.9$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000530.34CVE-2024-30305
12Google Chrome ANGLE 权限升级6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000450.30CVE-2024-4058
13Ruby Regex Search 内存损坏3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.26CVE-2024-27282
14Foliovision FV Flowplayer Video Player Plugin 权限升级5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.41CVE-2024-32955
15Microsoft Windows Proxy Driver 权限升级6.75.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.30CVE-2024-26234
16Vesystem Cloud Desktop fileupload.php 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.22CVE-2024-3803
17cym1102 nginxWebUI upload 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.11CVE-2024-3739
18Microsoft Windows SmartScreen Prompt 权限升级8.88.2$25k-$100k$25k-$100kHighOfficial Fix0.004550.18CVE-2024-29988
19cym1102 nginxWebUI addOver findCountByQuery 目录遍历6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.19CVE-2024-3737
20Xiamen Four-Faith RMP Router Management Platform SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.22CVE-2024-3688

IOC - Indicator of Compromise (40)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP range参与者类型可信度
12.50.51.0/24QakBotpredictive
22.57.122.0/24Miraipredictive
32.58.95.0/24Bashlitepredictive
45.255.127.0/24Raccoonpredictive
5XX.XXX.XXX.X/XXXxxxxxxxxxxpredictive
6XX.XXX.XXX.X/XXXxxxxxxxpredictive
7XX.XXX.XXX.X/XXXxxxxxxxpredictive
8XX.XX.XXX.X/XXXxxxxxxxxpredictive
9XX.XXX.XX.X/XXXxxxxxxxpredictive
10XX.XXX.XXX.X/XXXxxxxx Xxxxxxpredictive
11XX.XX.XXX.X/XXXxxxxxx Xxxxxpredictive
12XX.XX.XXX.X/XXXxxxxxx Xxxxxpredictive
13XX.XX.XXX.X/XXXxxxxxxpredictive
14XX.XXX.XXX.X/XXXxxxxxpredictive
15XX.XX.XXX.X/XXXxxxxxxxpredictive
16XX.XXX.XXX.X/XXXxxxxxpredictive
17XX.XXX.XXX.X/XXXxxxxxxx Xxxxpredictive
18XX.XXX.XXX.X/XXXxxxxxpredictive
19XX.XXX.XXX.X/XXXxxxxxpredictive
20XX.XX.XXX.X/XXXxxxxxxxpredictive
21XX.XXX.XX.X/XXXxxxxxxxxxxpredictive
22XXX.XXX.XXX.X/XXXxxxxxxxxxxxxxxpredictive
23XXX.XXX.X.X/XXXxxxxxxxxpredictive
24XXX.XXX.X.X/XXXxxxxxxxxpredictive
25XXX.XXX.XX.X/XXXxxxxpredictive
26XXX.XXX.XX.X/XXXxxxxpredictive
27XXX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictive
28XXX.XXX.XXX.X/XXXxxxxxxxxxxxxpredictive
29XXX.XX.XX.X/XXXxxxxxx Xxxxxxpredictive
30XXX.XX.XXX.X/XXXxxxxpredictive
31XXX.XX.XXX.X/XXXxxxxpredictive
32XXX.XXX.XXX.X/XXXxxxxx Xxxpredictive
33XXX.XXX.XXX.X/XXXxxxxxxx (xxxxx Xxxxx)predictive
34XXX.XXX.XX.X/XXXxxxxxxxxxpredictive
35XXX.XX.XXX.X/XXXxxxpredictive
36XXX.XX.XXX.X/XXXxxxxxpredictive
37XXX.XX.XX.X/XXXxxxxpredictive
38XXX.XXX.XXX.X/XXXxxxxxxx Xxxpredictive
39XXX.XXX.XX.X/XXXxxxxpredictive
40XXX.XXX.XX.X/XXXxxxxxpredictive

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94, CWE-1321Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5T1068CAPEC-122CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-37CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
17TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
18TXXXXCAPEC-464CWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx Xxxxxpredictive
19TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
20TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
21TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/adminPage/conf/reloadpredictive
2File/adminPage/conf/saveCmdpredictive
3File/adminPage/main/uploadpredictive
4File/adminPage/www/addOverpredictive
5File/API/infopredictive
6File/api/runs/search/run/predictive
7File/CMD0/xml_modes.xmlpredictive
8File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictive
9File/drivers/tty/serial/serial_core.cpredictive
10File/fftools/ffmpeg_enc.cpredictive
11File/htdocs/webinc/js/bsc_sms_inbox.phppredictive
12File/lesson/controller.phppredictive
13File/proc/scsi/${proc_name}predictive
14File/Public/webuploader/0.1.5/server/fileupload.phppredictive
15File/Public/webuploader/0.1.5/server/fileupload2.phppredictive
16File/sys/bus/i2c/devices/i2c-2/new_devicepredictive
17File/xxx/xxxxxx/xxxxxpredictive
18File/xxxxxxxxx/predictive
19Filexxxxx-xxxxxx-xxxx.xxxpredictive
20Filexx_xxxxxxxxxxxxxx.xpredictive
21Filexxx_xxx_xxxxx.xxxpredictive
22Filexxxx_xxxxxxx.xxpredictive
23Filexxxxxx/xxxxxx_xxxxxx.xpredictive
24Filexx_xxx.xpredictive
25Filexxxxxxx/xxxxxx/xxxxxxx/xxxxxx_xxxx.xpredictive
26Filexxxxxxx/xxx/xxxx/xxx.xpredictive
27Filexxxxxxx/xxxx/xxxx_xxxx.xpredictive
28Filexxxxxxx/xxxxx/xxx-xxxxxxxxx/xxxxxxx.xpredictive
29Filexxxxxxx/xxx/xxxxxxxx/xxx/xx.xpredictive
30Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxxxxxxx/xxx.xpredictive
31Filexxxxxxx/xxxx/xxx/xxxxxx.xpredictive
32Filexxxxxxx/xxx/xxxxxx/xxxx/xxxx_xxxx.xpredictive
33Filexxxxxxx/xxx/xxxx/xxxxx.xpredictive
34Filexxxxxxx/xxx/xxxx/xxx.xpredictive
35Filexx/xxxxxx.xpredictive
36Filexx/xxxx/xxxxxxx.xpredictive
37Filexx/xxxxx/xxxx.xpredictive
38Filexx/xxxxxx/xxx.xpredictive
39Filexxxxxxx.xxpredictive
40Filexxxxxx.xxxpredictive
41Filexxxxxpredictive
42Filexxxxx_xxxxxxpredictive
43Filexx/xxx/xxx_xx_xxx.xpredictive
44Filexxxxxxx/xxxxx/xxxxxxxxxxxx.xpredictive
45Filexxxxxxx/xxxxx/xxxx.xpredictive
46Filexxxxxxx/xxxxx/xxxxxx.xpredictive
47Filexxxx/xxxx.xpredictive
48Filexxxxxx/xxx/xxxxxx.xpredictive
49Filexxxxxx/xxxx_xxxxx.xpredictive
50Filexxxxxxxxxxxxx.xxxpredictive
51Filexxxxxxxxxx/xxx_xxxx_xxxxxx_xxxxxxxx.xpredictive
52Filexxxxxxxxxx/xxxxxx_xxxxxx.xpredictive
53Filexxxxxxxxxxx/xx_xxxxxxxxxxx.xpredictive
54Filexxxxxxxxxxx/xxxx_xxxxxxx.xpredictive
55Filexxxxxxxxxxx/xxx_xxxxxxxxxxxx.xpredictive
56Filexxxxxxxxxxx/xxx_xxxxxxxxx.xpredictive
57Filexxxxxxxxxxx/xxxxxxxx.xpredictive
58Filexxxxxxxxxxx/xxxx_xxxxxxxx.xpredictive
59Filexxxxxxxxxxx/x_xxxxxxx.xpredictive
60Filexxxxxxxxxxx/xx_xxxxxxxxx.xpredictive
61Filexxxxxxxxxxx/xx_xxxxxxxxxxxx.xpredictive
62Filexxxxxxxxx/xxxxxxxx.xpredictive
63Filexxxxxxxxx/xxx.xpredictive
64Filexxxx.xxxpredictive
65Filexx/xxxx.xpredictive
66Filexx/xxxxxxxx.xpredictive
67Filexxxxxx/xxxxxxxxxxx.xxpredictive
68Filexxx/xxxxxx/xx_xxxxxxxxx_xxxxx.xpredictive
69Filexxx/xxxx/xxx.xpredictive
70Filexxx/xxxx/xxxx.xpredictive
71Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictive
72Filexxxx.xpredictive
73Filexxxx.xxxpredictive
74Filexxx/xxxxxx.xpredictive
75Filexxx.xpredictive
76Filexxxxx_xxxx.xpredictive
77Filexxxx-xxxxxxx.xxxpredictive
78Filexxxx_xxxxxx.xxpredictive
79Filexxxxxxxxxxxx/xxxxxxxxx.xpredictive
80Filexxxxxx-xxxxx.xxxpredictive
81Filexxxxxx_xxxxxxxx.xxxpredictive
82Filexxxx.xxxpredictive
83Libraryxxxxx-xx.xxpredictive
84Libraryxxxx.xxxpredictive
85Libraryxxxxxxx/xxx/xxxx_xxx.xpredictive
86Libraryxxx/xxxxxxxxxxxx.xpredictive
87Libraryxxx/xxxx_xxxxx.xpredictive
88Libraryxxx/xxxx_xxxxx.xpredictive
89Libraryxxx/xxxxxx.xpredictive
90Libraryxxx/xxxxxxxx.xpredictive
91Libraryxxx/xxx_xxxxxxx.xpredictive
92Libraryxxx/xxxxxxxxxxx.xpredictive
93Libraryxxx/xxxxxxxx.xpredictive
94Libraryxxxxxxxxxxxx.xxxpredictive
95Libraryxxxxxxxx.xxxpredictive
96Libraryxxxx-xxxxxx.xxxpredictive
97Argumentxxxxxxpredictive
98Argumentxxxxpredictive
99Argumentxxxxxxxxxxxxxxxxpredictive
100Argumentxxxpredictive
101Argumentxxxpredictive
102Argumentxxxxxxxpredictive
103Argumentxxxxxxx_xxxxpredictive
104Argumentxxxxpredictive
105Argumentxxx_xxxx/xx_xxx_xxxxpredictive
106Argumentxxxxxxxpredictive
107Argumentxx/xxx/xxxxxpredictive
108Argumentxxxxxpredictive
109Argumentxxxxxpredictive
110Argumentxxx_xxxxxxxpredictive
111Argumentxxxx/xxxxxpredictive
112Argumentxxxxxxxxpredictive
113Argumentxxxxxxxxxpredictive
114Argumentxxxxxxx_xxxxx_xxxxxxpredictive
115Argumentxxxxxxxpredictive
116Argumentxxxxxxxpredictive
117Argumentxxxxxpredictive
118Argumentxxxxpredictive
119Argumentxxxx_xxpredictive
120Argumentxxxxxxxxpredictive
121Argumentxx_xxxxxpredictive
122Argumentxxx_xx_xxx_xxxxpredictive
123Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictive
上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!