DEV-0322 Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en51
zh13
de2
fr2
es2

Country

us38
cn32

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2VMware Horizon Client/Horizon Message Framework Library out-of-bounds read6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-6970
3Hikvision Product Message command injection5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-36260
4HD-Network Real-time Monitoring System Parameter lang pathname traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-45043
5CodeIgniter HTTP Request input validation8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-24711
6jwt-go Access Restriction privileges management7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-26160
7Yoast SEO Plugin REST Endpoint posts information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.16CVE-2021-25118
8Vehicle Charging Port access control6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.05CVE-2022-27948
9Host RPC Portmapper Service privileges management7.37.1$0-$5k$0-$5kHighWorkaround0.03CVE-1999-0632
10ProFTPD resource management9.99.5$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2011-4130
11glusterfs Server debug io-stats Translator untrusted search path7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-10904
12Tenda AC15/AC1900 setUsbUnload injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-10987
13FileZilla options.cpp memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2007-0315
14Microsoft Windows VML Vector Markup Language integer coercion7.36.8$25k-$100k$0-$5kFunctionalOfficial Fix0.05CVE-2007-0024
15Microsoft Internet Explorer information disclosure4.33.8$25k-$100k$0-$5kUnprovenOfficial Fix0.03CVE-2014-6345
16Adobe Magento Commerce unrestricted upload4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-36034
17Adobe Magento Commerce Customer Detail input validation4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-36025
18Adobe Magento Commerce Data Collection Endpoint os command injection4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-36024
19Adobe Magento Commerce Multishipping Module information disclosure4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-36038
20Adobe Magento Commerce Checkout access control5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-36030

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/language/langpredictiveHigh
2Fileadmin/conf_users_edit.phppredictiveHigh
3Filedata/gbconfiguration.datpredictiveHigh
4Fileflow.phppredictiveMedium
5Filegoform/setUsbUnloadpredictiveHigh
6Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
7Filexxxxx_xxxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xpredictiveMedium
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
13Filexxxxxxxx_xxxx.xxxpredictiveHigh
14Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
15Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
16Filexx/xxxxxxxxx/xxpredictiveHigh
17Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
18Filexxx/xxx-xxxxxxxxxx/xxxx-xxxxxx/xxxxxx.xxxpredictiveHigh
19Filexx-xxxxx.xxxpredictiveMedium
20Filexx/xx/xxxxxpredictiveMedium
21Argument--xxxxxx/--xxxxxxxxpredictiveHigh
22ArgumentxxxxxxxxxxpredictiveMedium
23Argumentxxxxx_xxxxxxpredictiveMedium
24ArgumentxxpredictiveLow
25ArgumentxxpredictiveLow
26ArgumentxxxxxpredictiveLow
27Argumentxxxxxxx_xxxpredictiveMedium
28Argumentxxxxxx_xxxpredictiveMedium
29Argumentx_xxxxxxxxpredictiveMedium
30Argumentxxxxxxx.xx-xxxxx-xxxxpredictiveHigh
31Input Value/../predictiveLow
32Input Value[]xxxxxx{}/x["xxx"]predictiveHigh
33PatternxxxxxxxxxxxpredictiveMedium
34Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!