Trusted Design

ManageEngine OpManager Remote Code Execution

概要

This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This Metasploit module has been tested successfully on OpManager v11.5 and v11.6 for Windows.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

ManageEngine OpManager 11.5 Hardcoded Credential / SQL Bypass (score: 0.64)
Zemra Botnet CnC Web Panel Remote Code Execution (score: 0.55)
ManageEngine EventLog Analyzer Remote Code Execution (score: 0.54)
w3tw0rk / Pitbul IRC Bot Remote Code Execution (score: 0.47)
MS15-100 Microsoft Windows Media Center MCL Code Execution (score: 0.45)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 5.34

Matched TTPs:

T1588.006 - Vulnerabilities
T1203 - Exploitation for Client Execution

MITREへのリンク →

Volt Typhoon

Score: 5.49

Matched TTPs:

T1588.006 - Vulnerabilities
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Storm-0501

Score: 3.84

Matched TTPs:

T1588.006 - Vulnerabilities

MITREへのリンク →

Mustang Panda

Score: 8.29

Matched TTPs:

T1218.004 - InstallUtil
T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

menuPass

Score: 5.78

Matched TTPs:

T1218.004 - InstallUtil
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT32

Score: 17.20

Matched TTPs:

T1552.002 - Credentials in Registry
T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories
T1569.002 - Service Execution
T1078.003 - Local Accounts

MITREへのリンク →

RedCurl

Score: 10.93

Matched TTPs:

T1552.002 - Credentials in Registry
T1056.002 - GUI Input Capture
T1564.001 - Hidden Files and Directories

MITREへのリンク →

TeamTNT

Score: 4.54

Matched TTPs:

T1610 - Deploy Container

MITREへのリンク →

FIN13

Score: 7.94

Matched TTPs:

T1078.001 - Default Accounts
T1021.001 - Remote Desktop Protocol
T1564.001 - Hidden Files and Directories

MITREへのリンク →

UNC3886

Score: 5.12

Matched TTPs:

T1078.001 - Default Accounts
T1203 - Exploitation for Client Execution

MITREへのリンク →

Magic Hound

Score: 8.89

Matched TTPs:

T1078.001 - Default Accounts
T1036.010 - Masquerade Account Name
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Ember Bear

Score: 9.25

Matched TTPs:

T1078.001 - Default Accounts
T1203 - Exploitation for Client Execution
T1588.005 - Exploits

MITREへのリンク →

APT29

Score: 8.00

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

BRONZE BUTLER

Score: 5.34

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT33

Score: 5.63

Matched TTPs:

T1552.006 - Group Policy Preferences
T1203 - Exploitation for Client Execution

MITREへのリンク →

Wizard Spider

Score: 14.73

Matched TTPs:

T1552.006 - Group Policy Preferences
T1555.004 - Windows Credential Manager
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution
T1055.001 - Dynamic-link Library Injection

MITREへのリンク →

FIN4

Score: 4.13

Matched TTPs:

T1056.002 - GUI Input Capture

MITREへのリンク →

Lazarus Group

Score: 17.41

Matched TTPs:

T1574.013 - KernelCallbackTable
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol
T1564.001 - Hidden Files and Directories
T1055.001 - Dynamic-link Library Injection
T1561.001 - Disk Content Wipe

MITREへのリンク →

APT28

Score: 12.83

Matched TTPs:

T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories
T1137.002 - Office Test
T1550.001 - Application Access Token

MITREへのリンク →

Dragonfly

Score: 6.76

Matched TTPs:

T1203 - Exploitation for Client Execution
T1036.010 - Masquerade Account Name
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Patchwork

Score: 3.14

Matched TTPs:

T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Axiom

Score: 3.14

Matched TTPs:

T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Cobalt Group

Score: 3.14

Matched TTPs:

T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Leviathan

Score: 6.07

Matched TTPs:

T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol
T1055.001 - Dynamic-link Library Injection

MITREへのリンク →

APT3

Score: 6.76

Matched TTPs:

T1203 - Exploitation for Client Execution
T1036.010 - Masquerade Account Name
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Sea Turtle

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

Transparent Tribe

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Tropic Trooper

Score: 9.75

Matched TTPs:

T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories
T1055.001 - Dynamic-link Library Injection
T1078.003 - Local Accounts

MITREへのリンク →

APT41

Score: 5.54

Matched TTPs:

T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

OilRig

Score: 6.76

Matched TTPs:

T1203 - Exploitation for Client Execution
T1555.004 - Windows Credential Manager
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Turla

Score: 9.22

Matched TTPs:

T1555.004 - Windows Credential Manager
T1055.001 - Dynamic-link Library Injection
T1078.003 - Local Accounts

MITREへのリンク →

Storm-1811

Score: 3.62

Matched TTPs:

T1036.010 - Masquerade Account Name

MITREへのリンク →

Kimsuky

Score: 8.45

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1588.005 - Exploits
T1078.003 - Local Accounts

MITREへのリンク →

INC Ransom

Score: 4.05

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

BlackByte

Score: 4.05

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

APT39

Score: 4.05

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

FIN7

Score: 9.38

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1564.001 - Hidden Files and Directories
T1569.002 - Service Execution
T1078.003 - Local Accounts

MITREへのリンク →

Silence

Score: 4.05

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

FIN6

Score: 4.05

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

FIN10

Score: 4.31

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1078.003 - Local Accounts

MITREへのリンク →

Blue Mockingbird

Score: 4.05

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

Chimera

Score: 4.05

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

Medusa Group

Score: 4.05

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

HAFNIUM

Score: 9.46

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1078.003 - Local Accounts

MITREへのリンク →

Velvet Ant

Score: 5.06

Matched TTPs:

T1569.002 - Service Execution
T1078.003 - Local Accounts

MITREへのリンク →

Gamaredon Group

Score: 4.13

Matched TTPs:

T1561.001 - Disk Content Wipe

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT32

Score: 0.75

Matched TTPs:

T1552.002 - Credentials in Registry
T1550.003 - Pass the Ticket
T1569.002 - Service Execution
T1078.003 - Local Accounts
T1564.001 - Hidden Files and Directories
T1203 - Exploitation for Client Execution

MITREへのリンク →

Lazarus Group

Score: 0.75

Matched TTPs:

T1055.001 - Dynamic-link Library Injection
T1021.001 - Remote Desktop Protocol
T1574.013 - KernelCallbackTable
T1564.001 - Hidden Files and Directories
T1203 - Exploitation for Client Execution
T1561.001 - Disk Content Wipe

MITREへのリンク →

Wizard Spider

Score: 0.65

Matched TTPs:

T1055.001 - Dynamic-link Library Injection
T1021.001 - Remote Desktop Protocol
T1552.006 - Group Policy Preferences
T1555.004 - Windows Credential Manager
T1569.002 - Service Execution

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る