GoGoogle Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en16

Country

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1WordPress Post press-this.php access control5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.22CVE-2011-1762
2Elementor Website Builder Plugin AJAX Action module.php unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2022-1329
3Crocoblock JetEngine Form Data Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-41844
4Crocoblock JetEngine Custom Forms cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-38607
5WPBakery XSS Protection Mechanism kses_remove_filters protection mechanism5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-28650
6Yoast SEO Plugin Term Description input validation7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-13478
7Rocket.Chat Server NoSQL sql injection8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2017-1000493
8vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.04CVE-2016-6195
9PRTG Network Monitor addusers access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-19411
10PRTG Network Monitor login.htm access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2018-19410
11Samba smbd _netr_ServerPasswordSet code6.55.7$0-$5k$0-$5kHighOfficial Fix0.03CVE-2015-0240
12OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.33CVE-2016-6210
13QNAP Music Station command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2017-13069
14QNAP NAS cgi.cgi heap-based overflow5.95.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.00
15Download Manager redirect6.25.9$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2017-2217
16GLPI information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2011-2720

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
193.174.95.73GoGoogleverifiedHigh

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/adduserspredictiveHigh
2File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
3File/xxxxxx/xxxxx.xxxpredictiveHigh
4Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
5Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
6File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
7ArgumentxxxxxxxxpredictiveMedium
8ArgumentxxxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!