CryptoPHP Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

de31
en15
pl2
fr2

Country

us26
pl13
ru6
fr2
id1

Actors

APT3740
CryptoPHP10

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Siemens EN100 Ethernet Module Web Server Memory information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2016-4785
2RDM Intuitive 650 TDB Controller Password access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2016-4505
3Siemens EN100 Ethernet Module Web Server information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2016-4784
4RDM Intuitive 650 TDB Controller cross-site request forgery6.15.8$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2016-4506
5Winn Winn GuestBook addPost cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.07CVE-2011-5026
6PHP Scripts Mall PHP Multivendor Ecommerce shopping-cart.php sql injection8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2017-17951
7MyBB member.php sql injection7.37.3$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2005-0282
8Cisco IOS/IOS XE Zone-Based Firewall input validation6.56.4$25k-$100k$5k-$25kNot DefinedWorkaround0.00CVE-2014-2146
9Google Chrome Extension access control7.16.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2016-5173
10NUUO NVRmini/NVRsolo hard-coded credentials9.89.0$0-$5k$0-$5kProof-of-ConceptWorkaround0.05CVE-2016-5678
11phpMyAdmin OpenID Error Message openid.php cross site scripting6.15.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2016-5731
12phpMyAdmin FormDisplay.php information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-5730
13phpMyAdmin Transformation Header.php CSRF information disclosure7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2016-5739
14phpMyAdmin preg_replace code injection9.89.4$5k-$25k$0-$5kHighOfficial Fix0.08CVE-2016-5734
15QEMU SCSI MegaRAID SAS HBA Emulation megasas_ctrl_get_info memory corruption7.87.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.00CVE-2015-8613
16ZTE ZXHN H108N R1A Telnet Service credentials management9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.09CVE-2015-7251
17MobileIron Virtual Smartphone Platform j_spring_security_check information disclosure7.86.8$0-$5k$0-$5kUnprovenOfficial Fix0.00CVE-2014-1409
18Microsoft .NET Framework Code Access Security cryptographic issues9.89.8$5k-$25k$0-$5kNot DefinedNot Defined0.21CVE-2008-5100
19Google Chrome endAnimationUpdate use after free8.58.5$25k-$100k$25k-$100kNot DefinedNot Defined0.06CVE-2013-6647
20OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.15CVE-2016-6210

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1110.001CWE-798Improper Restriction of Excessive Authentication AttemptsHigh
4TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxHigh

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/mics/j_spring_security_checkHigh
2Fileexamples/openid.phpHigh
3FileFormDisplay.phpHigh
4Filexxxxxxxx/xxxxxxx.xxxHigh
5Filexxxxxxxxx/xxxxxx.xxxHigh
6Filexxxxxx.xxxMedium
7Filexxxxxxxx-xxxx.xxxHigh
8Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxHigh
9ArgumentxxxxxLow
10Argumentx_xxxxxxxxMedium
11ArgumentxxxxLow
12ArgumentxxxxxxxxMedium
13ArgumentxxxxxxxxMedium
14ArgumentxxxLow
15Network Portxxx/xx (xxxxxx)High

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!