Sednit Analysis

IOB - Indicator of Behavior (83)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en64
de8
es6
sv2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us48
ru6
it4
gb4
ir2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Grizzly Steppe6
APT283
Zeus2
Mirai2
BazarLoader1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
Operating System10
Programming Language Software6
Photo Gallery Software6
Web Server6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined40
Microsoft10
Apache6
Apple2
Zoho ManageEngine2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP6
Piwigo6
Microsoft Windows6
Apache HTTP Server4
Apple macOS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Apple macOS Sudo out-of-bounds write6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.58695CVE-2021-3156
2Microsoft IIS FastCGI memory corruption7.37.0$25k-$100kCalculatingNot DefinedOfficial Fix0.070.28182CVE-2010-2730
3Microsoft IIS cross site scripting5.24.7$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.150.25090CVE-2017-0055
4Apache HTTP Server mod_cgid resource management5.34.6$5k-$25kCalculatingUnprovenOfficial Fix0.020.07344CVE-2014-0231
5Drupal sql injection7.37.0$0-$5kCalculatingHighOfficial Fix0.000.01213CVE-2008-2999
6eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.760.00000
7iRZ RUH2 Firmware Patch data authenticity6.76.4$0-$5kCalculatingNot DefinedOfficial Fix0.030.01055CVE-2016-2309
8Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2022-23797
9SnakeYAML YAML File stack-based overflow3.13.0$0-$5k$0-$5kNot DefinedNot Defined0.090.00954CVE-2022-41854
10Arista EOS eAPI authentication bypass5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.010.01055CVE-2021-28503
11Cybozu Garoon Space access control6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.060.01055CVE-2022-29484
12Telesquare SDT-CW3B1 os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.45466CVE-2021-46422
13Netgear XR450/XR500/WNR2000v5 command injection7.47.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01005CVE-2021-29069
14Mozilla Firefox/Thunderbird Skia Library code injection10.08.7$25k-$100k$0-$5kUnprovenOfficial Fix0.030.09915CVE-2014-1557
15CRI-O Kube API ExecSync resource consumption3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.02509CVE-2022-1708
16Glewlwyd static_compressed_inmemory_website_callback.c pathname traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2022-29967
17Microsoft Exchange Server Privilege Escalation7.26.3$25k-$100k$0-$5kUnprovenOfficial Fix0.000.09891CVE-2021-31196
18Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.310.61804CVE-2021-34473
19Apple macOS BOM access control6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00954CVE-2022-22616
20Apple Mac OS X IOHIDFamily memory corruption10.09.5$25k-$100kCalculatingHighOfficial Fix0.040.53878CVE-2014-4404

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Sednit

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.135.183.154ns3290077.ip-5-135-183.euAPT28SednitverifiedHigh
231.7.62.103SednitverifiedHigh
3XX.XXX.XX.XXXxxxxXxxxxxverifiedHigh
4XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxxXxxxxxverifiedHigh
5XX.XX.XX.Xxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxXxxxxxverifiedHigh
6XX.XXX.XX.XXXXxxxxXxxxxxverifiedHigh
7XX.XXX.XX.XXXxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxxxverifiedHigh
8XXX.XX.XXX.XXXXxxxxXxxxxxverifiedHigh
9XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/etc/config/image_signpredictiveHigh
3File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
4File/htdocs/web/getcfg.phppredictiveHigh
5File/uncpath/predictiveMedium
6Filexxxxx/xxxxx.xxxxxpredictiveHigh
7Filexxxxx/xxxxxxxx.xxxpredictiveHigh
8Filexxxxx/xxxxxxxxx.xxxpredictiveHigh
9Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
10Filexxx/xxxx/xxxx.xpredictiveHigh
11Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
12Filexxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
15Filexxxxxx.xpredictiveMedium
16Filexxx/xxxx/xxxx.xpredictiveHigh
17Filexxxxx:xxxxxxxxxxx.xxpredictiveHigh
18Filexxxxxxxx.xxxpredictiveMedium
19Filexx-xxxxxxx.xxxpredictiveHigh
20Filexxx.xxxpredictiveLow
21Filexxxxxxxxxxx.xpredictiveHigh
22Filexxxxxx_xxxxxxxxxx_xxxxxxxx_xxxxxxx_xxxxxxxx.xpredictiveHigh
23Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
24Filexxx.xxxpredictiveLow
25Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27ArgumentxxxxxxxxpredictiveMedium
28Argumentxxxxxx/xxxxxpredictiveMedium
29ArgumentxxxpredictiveLow
30ArgumentxxxpredictiveLow
31ArgumentxxxxxxxpredictiveLow
32ArgumentxxxxxpredictiveLow
33Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveHigh
34Argumentx=/predictiveLow
35Input Valuexxxxxx/**/xxxx.predictiveHigh
36Input Value…/.predictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!