Sednit Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (94)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en74
de8
es6
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us50
ru12
gb6
be4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Grizzly Steppe6
Mirai3
Cobalt Strike3
APT282
Wizard Spider2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined26
Operating System10
Content Management System8
Groupware Software6
Web Server6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined28
Microsoft8
AXIS4
Apple4
VMware4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS4
AXIS 2110 Network Camera2
Synacor Zimbra Collaboration2
Glewlwyd2
Apple Mac OS X2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Apple macOS Sudo out-of-bounds write6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.97051CVE-2021-3156
2Microsoft IIS FastCGI memory corruption7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.28264CVE-2010-2730
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
4Apache HTTP Server mod_cgid resource management5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.020.31292CVE-2014-0231
5Drupal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000.00135CVE-2008-2999
6Contest Gallery Photos and Files Plugin cross-site request forgery4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.040.00043CVE-2024-24887
7MariaDB init_expr_cache_tracker memory corruption5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00095CVE-2022-32083
8TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix10.000.01009CVE-2006-6168
9Django Admin Interface debug.py cross site scripting6.15.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00370CVE-2016-6186
10Mendelson OFTP2 Upload Directory pathname traversal4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00090CVE-2022-27906
11Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00172CVE-2023-20079
12Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 command injection9.89.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.00327CVE-2023-20078
13Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.130.00000
14Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.000.00113CVE-2008-2052
15OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00250CVE-2005-1612
16PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.060.00348CVE-2015-4134
17eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.080.00000
18iRZ RUH2 Firmware Patch data authenticity6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00226CVE-2016-2309
19Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00142CVE-2022-23797
20SnakeYAML YAML File stack-based overflow3.13.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00128CVE-2022-41854

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Sednit

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.135.183.154ns3290077.ip-5-135-183.euAPT28Sednit12/15/2020verifiedHigh
231.7.62.103Sednit03/05/2022verifiedHigh
3XX.XXX.XX.XXXxxxxXxxxxx12/15/2020verifiedHigh
4XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxxXxxxxx12/15/2020verifiedHigh
5XX.XX.XX.Xxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxXxxxxx12/15/2020verifiedHigh
6XX.XXX.XX.XXXXxxxxXxxxxx12/15/2020verifiedHigh
7XX.XXX.XX.XXXxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxxx12/15/2020verifiedHigh
8XXX.XX.XXX.XXXXxxxxXxxxxx12/15/2020verifiedHigh
9XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxxx12/15/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CWE-94Argument InjectionpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (46)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/etc/config/image_signpredictiveHigh
3File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
4File/htdocs/web/getcfg.phppredictiveHigh
5File/uncpath/predictiveMedium
6Fileadmin/admin.shtmlpredictiveHigh
7Filexxxxx/xxxxxxxx.xxxpredictiveHigh
8Filexxxxx/xxxxxxxxx.xxxpredictiveHigh
9Filexxxx.xxxpredictiveMedium
10Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
11Filexxx/xxxx/xxxx.xpredictiveHigh
12Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
13Filexxxx.xxxpredictiveMedium
14Filexxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
17Filexxxxxx.xpredictiveMedium
18Filexxx/xxxx/xxxx.xpredictiveHigh
19Filexxxxx:xxxxxxxxxxx.xxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxxpredictiveMedium
23Filexx-xxxxxxx.xxxpredictiveHigh
24Filexxx.xxxpredictiveLow
25Filexxxxxxxxxxx.xpredictiveHigh
26Filexxxxxx_xxxxxxxxxx_xxxxxxxx_xxxxxxx_xxxxxxxx.xpredictiveHigh
27Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
28Filexxxx-xxxxxxxx.xxxpredictiveHigh
29Filexxx.xxxpredictiveLow
30Filexxxxx/xxxxx.xxpredictiveHigh
31Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
32Filexxxxxxx.xxxpredictiveMedium
33ArgumentxxxxpredictiveLow
34ArgumentxxxxxxxxxpredictiveMedium
35ArgumentxxxxxxxxpredictiveMedium
36Argumentxxxxxx/xxxxxpredictiveMedium
37ArgumentxxxpredictiveLow
38ArgumentxxxpredictiveLow
39ArgumentxxxxxxxpredictiveLow
40ArgumentxxxpredictiveLow
41ArgumentxxxxxpredictiveLow
42ArgumentxxxpredictiveLow
43Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveHigh
44Argumentx=/predictiveLow
45Input Valuexxxxxx/**/xxxx.predictiveHigh
46Input Value…/.predictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!