EwDoor Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en179
jp1
pl1

Country

sc125
li13
us4
cn1
au1

Actors

Razy154
EwDoor27

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Jetty URI access control5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-34429
2CKFinder File Name unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-15862
3GitLab Community Edition/Enterprise Edition Permission permission assignment5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-18446
4Asus RT-AC2900 input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2018-8826
5phpMyAdmin PMA_safeUnserialize deserialization9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2016-9865
6phpMyAdmin Username sql injection7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2016-9864
7Submitty cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-12882
8Microsoft Windows GDI+ memory corruption7.87.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-1248
9QEMU Recursion ati.c ati_mm_write infinite loop4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.01CVE-2020-13800
10Cisco ASR 920 SNMP data processing5.35.0$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-3232
11Apple Safari WebKit Universal cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-9805
12MyLittleAdmin Management Tool input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-13166
13cPanel Account Backup authorization7.26.8$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-12785
14Microsoft Windows State Repository Service privileges management7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2020-1189
15Siemens LOGO!8 BM Service Port 135 missing authentication8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-7589
16Ayision Ays-WR01 Setting Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2019-19514
17node-mpv injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-7632
18Google Android StreamingSource.cpp onReadBuffer uninitialized resource5.95.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.01CVE-2020-0049
19CPython Dependency Load api-ms-win-core-path-l1-1-0.dll input validation5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-8315
20elementor Plugin elementor-system-info Page Reflected cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-8426

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
145.141.157.217ip-157-217.CN-GlobalHigh
2185.10.68.2020.68.10.185.ro.ovo.scHigh
3212.193.30.209High

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (56)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/admin/sysmon.phpHigh
2File/api/content/posts/commentsHigh
3File/Home/GetAttachmentHigh
4File/modules/projects/vw_files.phpHigh
5Fileadmin/limits.phpHigh
6Filecgi-bin/ddns_enc.cgiHigh
7Filexxx.xxxLow
8Filexxxxxx.xMedium
9Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
10Filexxxx/xxxxMedium
11Filexxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxHigh
12Filexxxxxx_xxx.xMedium
13Filexxxxxxxxxxxxxx.xxHigh
14Filexx/xxxxxxx/xxx.xHigh
15Filexxx/xx/xxxx/xxxx.xxxxx.xxxHigh
16Filexxxxx.xxxMedium
17Filexxxxxx.xMedium
18Filexxxxxxxx.xxxMedium
19Filexxxxxxxxxxxx/xxx.xHigh
20Filexxx_xxxxxxxxx.xHigh
21Filexxx_xxxxx_xxxx.xHigh
22Filexxxxxxx/xxxxMedium
23Filexxxxxxx.xxxMedium
24Filexxxxxxxxxxxxxxxxxxxxx.xxxxHigh
25Filexxxxxxxxxxxxxxxxxxxxx.xxxxHigh
26Filexxxxxxxxxxxxx.xxxHigh
27Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxHigh
28Filexxx_xxxxx_xxxxxxxxx.xHigh
29Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxHigh
30Filexxxxxxxxxxxxxxx.xxxHigh
31Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxHigh
32Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxHigh
33Filexxxx.xxxMedium
34Filexxx xxxx xxxxxxxHigh
35Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxHigh
36Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxHigh
37Argument-xLow
38ArgumentxxxxxxxxxxxxxxHigh
39Argumentxxxxxx/xxxxxxxHigh
40Argumentxxxxxxxx[xxxx_xxx]High
41Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxHigh
42Argumentxxxxxx xxxxxxHigh
43Argumentxxxx_xxxxxxxMedium
44ArgumentxxLow
45ArgumentxxxxxxxxMedium
46ArgumentxxxxxxxxxxMedium
47Argumentxxxx_xxx_xxxxxxxx_xxxHigh
48ArgumentxxxxxxxLow
49Argumentxxxxx/xxxxxxxxHigh
50ArgumentxxxxxLow
51ArgumentxxxxLow
52Argumentxx_xxx_xxxxxMedium
53Input Value../Low
54Network Portxxx/xxLow
55Network Portxxx/xxxLow
56Network Portxxx/xxxxMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!