Specter Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en81
fr1

Country

us46
tr9
ru6
al5
cn4

Actors

Liberty Front Press66
Banjori16

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Microsoft Windows cmd.exe privileges management7.36.6$25k-$100k$0-$5kProof-of-ConceptNot Defined0.04
2Joomla CMS LDAP Authentication improper authentication5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.04CVE-2014-6632
3OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.44CVE-2016-6210
4Gwolle Guestbook Plugin ajaxresponse.php code injection7.26.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.07CVE-2015-8351
5Drupal User Module user_save access control8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2016-3169
6Drupal Session Data data processing8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2016-3171
7Redis redis-cli memory corruption7.16.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2018-12326
8OpenNetAdmin code injection6.35.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.06
9Fortinet FortiMail Webmail Login Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2017-7732
10WordPress get_the_generator cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-10102
11WordPress Admin Shell privileges management7.36.6$25k-$100k$0-$5kFunctionalWorkaround0.06
12Apache HTTP Server ap_get_basic_auth_pw improper authentication8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-3167
13GNU wget HTTP Redirect File 7pk security6.86.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2016-4971
14Python SimpleHTTPServer Module SimpleHTTPServer.py list_directory cross site scripting6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2011-4940
15WordPress Login Page redirect6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2018-10100
16H2O memory corruption8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-0608
17UnixWare/OpenUnix execve privileges management5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2003-0937
18Linux Kernel execve race condition8.47.3$25k-$100k$0-$5kUnprovenOfficial Fix0.00CVE-2015-3339
19FreeBSD sendmsg(2) access control7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2016-1887
20WordPress URL Validator redirect6.66.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2018-10101

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
145.141.70.5High
285.159.233.158ns101.cloudns.netHigh
3108.59.1.30ns102.cloudns.netHigh
4XXX.XXX.XXX.XXXxxxxx.xxxxxxx.xxxHigh
5XXX.XXX.XXX.XXXxxxxx.xxxxxxx.xxxHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264Execution with Unnecessary PrivilegesHigh
3T1211CWE-2547PK Security FeaturesHigh
4TXXXXCWE-XXXXxxxxxxxxx XxxxxxHigh

IOA - Indicator of Attack (43)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/tmp/.pk11ipc1High
2File/var/log/nginxHigh
3File/webservices/api/v2.phpHigh
4Fileadm-index.phpHigh
5Filebase/ErrorHandler.phpHigh
6Filexxx.xxxLow
7Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
8Filexxxxxx.xxxMedium
9Filexxxxxxx/xxx/xx/xxxxxxxxxx.xHigh
10Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxHigh
11Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxxHigh
12Filexxxxxxxxxxxxxx.xxxHigh
13Filexxx/xxxxxx.xxxHigh
14Filexxxxxxxxx/xxxxxxxx.xxxHigh
15Filexxxxxxxx.xxMedium
16Filexxxxxxx.xxxMedium
17Filexxxxxxxxxxxxxx.xxxHigh
18Filexxxxxxxxxx.xxxHigh
19Filexxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx.xxxHigh
20Filexxxxxxx.xxxMedium
21Filexxxxxxxxxxxxxxxx.xxHigh
22Filexxx/xxxxxx.xMedium
23Filexxxxx_xxxxx.xxxHigh
24Filexxxx/xxxxxxxx/xxxxxxxx.xxxxHigh
25Filexx-xxxxx/xxxx.xxxHigh
26Libraryxxxxxx[xxxxxx_xxxxHigh
27LibraryxxxxxxxxxMedium
28Libraryxxxxx.xxxMedium
29Argument-xLow
30ArgumentxxxxxxxLow
31ArgumentxxxxxxxxMedium
32Argumentxxxxxx[xxxxxx_xxxx]High
33ArgumentxxxxLow
34ArgumentxxxLow
35ArgumentxxLow
36ArgumentxxxxxxxxxMedium
37ArgumentxxxxxxxxxMedium
38ArgumentxxxxxLow
39ArgumentxxxxxxxxMedium
40Argumentxx_xxxxLow
41ArgumentxxxxxxLow
42ArgumentxxxxxLow
43ArgumentxxxxLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!