Regin Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en81
de2
es1

Country

gb41
us35
ru3
bd1
bg1

Actors

Regin2

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Host Discard Service privileges management7.37.1$0-$5k$0-$5kHighWorkaround0.08CVE-1999-0636
2PHP Filename DirectoryIterator null termination5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2019-11045
3HP Enterprise LaserJet buffer overflow7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.10CVE-2021-39238
4TYPO3 User Session cleartext storage5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21339
5CKeditor Dialogs Plugin incorrect regex6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-26271
6Adminer adminer.php server-side request forgery7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.10CVE-2021-21311
7Microsoft Windows Media Foundation memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2020-1492
8IBM WebSphere ILOG Rule Team Server cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial Fix0.00CVE-2011-4171
9IBM AIX LVM symlink8.48.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2004-0545
10Todd Miller sudo sudoedit sudoers access control7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2015-5602
11Jekyll _config.yml link following7.46.8$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2018-17567
12WordPress Plugin Installation uploads unrestricted upload6.76.7$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2018-14028
13Apache Tomcat Incomplete Fix CVE-2020-9484 deserialization7.26.9$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25329
14IBM AIX FTP Server access control5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2012-4845
15Apache HTTP Server mod_session Expired session fixiation7.47.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.07CVE-2018-17199
16Huawei RP200/TE30/TE40/TE50/TE60 SS7 Packet out-of-bounds read7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2017-15320
17PHP php_http.c __call null pointer dereference9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.05CVE-2015-8835
18Discourse 2FA improper authentication6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-3138
19Deadwood DwCompress.c out-of-bounds read5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2014-2031
20IBM WebSphere Application Server Form Login access control4.84.8$5k-$25k$25k-$100kNot DefinedNot Defined0.08CVE-2018-1695

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
117.3.40.93High
218.159.0.1ec2-18-159-0-1.eu-central-1.compute.amazonaws.comMedium
351.9.1.33.1.9.51.dyn.plus.netHigh
4XX.XX.XXX.XXHigh
5XXX.XXX.XXX.XXXxxxxxxx.xxxxxx.xxHigh
6XXX.XX.XXX.XXXxxxx.xxxxxxxx.xxxxxxxxxxxxx.xxxHigh
7XXX.XXX.XX.XXxxxx.xxxxxxxxxx.xxxHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-266, CWE-284Execution with Unnecessary PrivilegesHigh
3T1110.001CWE-798Improper Restriction of Excessive Authentication AttemptsHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxHigh
5TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxHigh
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxHigh

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/etc/sudoersMedium
2File/exponent_constants.phpHigh
3Fileactions.phpMedium
4Fileadclick.phpMedium
5Fileadd_comment.phpHigh
6Filexxxxxxx.xxxMedium
7Filexxxxxxx.xxx/xxxxxxxxxxxx.xxxHigh
8Filexxxxxxx.xxxMedium
9Filexxxxxx.xxxMedium
10Filexxxxxx/xxx/x_xxx_xxx_xxxx_xxxx.xHigh
11Filexxxxxxxxxx.xMedium
12Filexxx/xxxx/xxx_xxxx.xHigh
13Filexxx/xxxx/xxxx.xHigh
14Filexxxxx.xxxMedium
15Filexxxxxxxxx.xxxxxxxx.xxxxx.xxx.xxxHigh
16Filexx_xxx_xx.xMedium
17Filexxxxx.xxxMedium
18Filexxxxxxx.xxxMedium
19Filexxx_xxx_xxxxxx.xHigh
20Filexxx/xxxx/xxxxxx.xHigh
21Filexxx_xxx.xMedium
22Filexxxx/xxx/xxx_xxxx.xHigh
23Filexxxxx/xxxx/xxxxxxxx.xxxHigh
24Filexx-xxxxxxx/xxxxxxxHigh
25File_xxxxxx.xxxMedium
26Argument$_xxxxxx['xxxxx_xxxxxx']High
27Argumentxxx_xxxxMedium
28Argumentxxxx_xxxMedium
29Argumentxxxx_xxxMedium
30ArgumentxxxxLow
31ArgumentxxxxxLow
32ArgumentxxxxLow
33ArgumentxxLow
34ArgumentxxxxxxxLow
35ArgumentxxxxxxxxxxxxxHigh
36ArgumentxxxxxxxLow
37Argumentx_xx_x_xMedium
38Argumentxx_xxxx_xxxxxx_xxxxxxxxxxHigh
39Input Value-xLow
40Input Value/../Low
41Input Valuexxxxxxxx/xxxxxxxx/xxxxxxxxxHigh
42Network Portxxx/xx (xxx xxxxxxxx)High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!