部门 Hostingprovider

Timeframe: -28 days

Default Categories (69): Access Management Software, Accounting Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Atlassian Confluence Plugin, Atlassian Jira App Software, Backup Software, Billing Software, Bug Tracking Software, Calendar Software, Chat Software, Cloud Software, Communications System, Connectivity Software, Content Management System, Continuous Integration Software, Customer Relationship Management System, Database Administration Software, Database Software, Directory Service Software, Document Reader Software, Domain Name Software, E-Commerce Management Software, File Compression Software, File Transfer Software, Firewall Software, Firmware Software, Groupware Software, Hardware Driver Software, Information Management Software, JavaScript Library, Joomla Component, Log Management Software, Mail Client Software, Mail Server Software, Mailing List Software, Network Attached Storage Software, Network Authentication Software, Network Encryption Software, Network Management Software, Network Routing Software, Network Utility Software, Office Suite Software, Operating System, Operating System Utility Software, Packet Analyzer Software, Printing Software, Product Lifecycle Management Software, Programming Language Software, Programming Tool Software, Project Management Software, Remote Access Software, Router Operating System, Server Management Software, Service Management Software, Software Library, Software Management Software, Spreadsheet Software, SSH Server Software, Testing Software, Ticket Tracking Software, Versioning Software, Virtualization Software, Web Browser, Web Server, Windowing System Software, Word Processing Software, WordPress Plugin

时间轴

供应商

Linux306
Not Defined292
Adobe152
Microsoft54
Apple48

产品

Linux Kernel306
Adobe Experience Manager146
Google Chrome44
Microsoft Windows40
Apple macOS40

修正

Official Fix876
Temporary Fix0
Workaround2
Unavailable0
Not Defined468

易受攻击性

High4
Functional0
Proof-of-Concept24
Unproven36
Not Defined1282

访问向量

Not Defined0
Physical2
Local92
Adjacent346
Network906

身份验证

Not Defined0
High84
Low888
None374

用户交互

Not Defined0
Required554
None792

C3BM Index

CVSSv3 Base

≤10
≤20
≤354
≤4128
≤5444
≤6338
≤7154
≤8168
≤954
≤106

CVSSv3 Temp

≤10
≤20
≤360
≤4124
≤5446
≤6392
≤7134
≤8144
≤940
≤106

VulDB

≤10
≤20
≤382
≤4400
≤5258
≤6262
≤7146
≤8162
≤930
≤106

NVD

≤11160
≤20
≤30
≤40
≤524
≤668
≤728
≤826
≤934
≤106

CNA

≤1646
≤20
≤32
≤418
≤576
≤6252
≤7176
≤882
≤960
≤1034

供应商

≤11298
≤20
≤30
≤40
≤52
≤66
≤78
≤826
≤96
≤100

零日攻击

<1k84
<2k544
<5k194
<10k284
<25k152
<50k74
<100k14
≥100k0

本日攻击

<1k682
<2k366
<5k138
<10k74
<25k82
<50k4
<100k0
≥100k0

攻击市场容量

IOB - Indicator of Behavior (1000)

时间轴

语言

en746
ja132
de40
fr32
zh30

国家/地区

US: USA192
JP: Japan176
CN: China92
DE: Germany28
FR: France28

演员

Cobalt Strike10
Mirai8
RedLine Stealer7
Sandworm6
BumbleBee5

活动

利益

时间轴

类型

WordPress Plugin46
Operating System38
Cloud Software14
Web Browser12
Content Management System12

供应商

Not Defined36
Linux24
Microsoft16
Google10
Apache8

产品

Linux Kernel24
Microsoft Windows10
Google Chrome8
WordPress6
Splunk Enterprise6

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1CodeIgniter Ecommerce-CodeIgniter-Bootstrap 跨网站脚本3.53.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000442.38CVE-2024-6526
2Apache HTTP Server AddType 信息公开5.35.1$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000432.51CVE-2024-39884
37-Zip NTFS NtfsHandler.cpp 内存损坏6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000452.29CVE-2023-52168
4y_project RuoYi Content-Type isJsonRequest 跨网站脚本3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.64CVE-2024-6511
5Apache Tomcat HTTP/2 Stream 权限升级5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000431.55CVE-2024-34750
6CodeAstrology UltraAddons Elementor Lite Plugin 跨网站脚本5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000430.18CVE-2024-37554
7Axelerant Testimonials Widget Plugin 跨网站脚本5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.23CVE-2024-37553
8MongoDB Compass Connection 权限升级6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000881.01CVE-2024-6376
9Theme-Ruby Foxiz Plugin 权限升级7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.37CVE-2024-37260
10StaxWP Elementor Addons, Widgets and Enhancements Plugin 跨网站脚本5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.14CVE-2024-37541
11EGroupware ORDER BY Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000001.15-CVE-2024-40614
12Livemesh Addons for Elementor Plugin 目录遍历5.45.3$0-$5k$0-$5kNot DefinedNot Defined0.000440.28CVE-2024-37547
13biplob018 Image Hover Effects Plugin 跨网站脚本5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.23CVE-2024-37546
14Delower WP To Do Plugin 跨网站脚本5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.23CVE-2024-37539
15Linux Kernel drm_file drm_file_update_pid 内存损坏7.16.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.27CVE-2024-39486
16OpenSSH Signal grace_alarm_handler regreSSHion 竞争条件8.17.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.048510.41CVE-2024-6387
17Apache CloudStack Service Port 9090 权限升级9.89.4$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000450.18CVE-2024-38346
18MediaWikiChat Extension API Module 跨网站请求伪造4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.55-CVE-2024-40601
19Linux Kernel starfive 内存损坏8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.14CVE-2024-39478
20Linux Kernel ipc4-topology 拒绝服务5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.23CVE-2024-39473

IOC - Indicator of Compromise (46)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP range参与者类型可信度
12.58.56.0/24RecordBreakerpredictive
25.182.86.0/24DCRatpredictive
35.255.124.0/24IcedIDpredictive
423.154.177.0/24B1txor20predictive
537.228.129.0/24BianLianpredictive
6XX.XX.XX.X/XXXxxxx Xxxpredictive
7XX.XXX.XXX.X/XXXxxxxpredictive
8XX.XXX.XXX.X/XXXxxxxxxxpredictive
9XX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictive
10XX.XXX.XX.X/XXXxxxpredictive
11XX.XX.XXX.X/XXXxxxxxpredictive
12XX.XX.XXX.X/XXXxxxxxxxpredictive
13XX.XXX.XXX.X/XXXxxxxxxpredictive
14XX.XX.XXX.X/XXXxxxxxxxpredictive
15XX.XX.XXX.X/XXXxxxxxxxpredictive
16XX.XXX.XXX.X/XXXxxxxxxxpredictive
17XX.XXX.X.X/XXXxxxxxxxxxxpredictive
18XXX.XX.X.X/XXXxxxxxxxxxpredictive
19XXX.XXX.XXX.X/XXXxxxxxxxxxxxxxxpredictive
20XXX.XXX.XXX.X/XXXxxxxxxxpredictive
21XXX.XXX.XX.X/XXXxxxxx Xxxxxxpredictive
22XXX.XXX.XX.X/XXXxxxxxpredictive
23XXX.XXX.X.X/XXXxxxxxxxxpredictive
24XXX.XXX.X.X/XXXxxxxx Xxxxxxpredictive
25XXX.XXX.X.X/XXXxxxxxxxpredictive
26XXX.XXX.X.X/XXXxxxxxxxxpredictive
27XXX.XXX.X.X/XXXxxxxxxpredictive
28XXX.XX.XXX.X/XXXxxxxx Xxxxxxpredictive
29XXX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictive
30XXX.XXX.XX.X/XXXxxxxxpredictive
31XXX.XXX.XXX.X/XXXxxxxx Xxxxxxpredictive
32XXX.XXX.XXX.X/XXXxxxxxxxpredictive
33XXX.XXX.XX.X/XXXxxxxxxxpredictive
34XXX.XXX.XXX.X/XXXxxxxpredictive
35XXX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictive
36XXX.XXX.XX.X/XXXxxxxpredictive
37XXX.XXX.X.X/XXXxxxxpredictive
38XXX.XXX.XXX.X/XXXxxxx Xxxxxxxpredictive
39XXX.XXX.XXX.X/XXXxxxxxxxpredictive
40XXX.XXX.XXX.X/XXXxxxxxxxx Xxxxxxpredictive
41XXX.XX.XX.X/XXXxxxxxpredictive
42XXX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictive
43XXX.XXX.XX.X/XXXxxxxxxxpredictive
44XXX.XX.XXX.X/XXXxxxxx Xxxpredictive
45XXX.XXX.XXX.X/XXXxxxxxpredictive
46XXX.XXX.XX.X/XXXxxxxxpredictive

TTP - Tactics, Techniques, Procedures (28)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-22, CWE-29, CWE-35Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
6T1068CAPEC-104CWE-250, CWE-266, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-150CWE-XXX, CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
9TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
10TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
12TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
13TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
14TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
16TXXXXCAPEC-55CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx Xxxxpredictive
18TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
19TXXXX.XXXCAPEC-CWE-XXXXxxxxxxxxxxx Xxxxxxxpredictive
20TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
21TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictive
22TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
23TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
24TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
25TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
26TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
27TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
28TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxpredictive
上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!