Swisyn Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en80
fr10
de4

Country

us32
fr10
rs9
gb5
de4

Actors

Swisyn82

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2Barracuda Web Application Firewall information disclosure3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2012-5561
3Foxit Reader TIFF Image out-of-bounds read7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2016-8876
4OpenSSL DTLS statem_dtls.c resource management4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.01CVE-2016-6308
5Piwigo Include File plugin.php access control7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2016-10105
6My Link Trader login.php SQL improper authentication7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.06
7PhreeBooksERP js_include.php cross site scripting5.24.6$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2017-5990
8Apache Struts code injection6.56.2$5k-$25k$0-$5kHighOfficial Fix0.00CVE-2013-1966
9Schneider Electric ClearSCADA/EcoStruxure Geo SCADA Expert Geo SCADA Server unusual condition3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.78CVE-2022-24321
10ZyXEL Wireless N300 NetUSB Security Restriction improper authentication5.34.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.01CVE-2014-0353
11Vodafone EasyBox A600 WLAN Router cross site scriting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.07
12WebsitePanel Login Page Default.aspx input validation6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2012-4032
13Coremail XT intervalCheck.jsp cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2018-14503
14PHPWind admin.php sql injection7.37.3$0-$5k$0-$5kHighNot Defined0.06CVE-2006-7101
15Huawei Campus Sxxxx/ARxxxx/SRGxxxx eSap memory corruption7.57.2$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2014-4705
16Microsoft IIS code injection9.99.9$25k-$100k$5k-$25kNot DefinedNot Defined0.06CVE-2010-1256
17FreeSSHD Authentication freeSSHd.exe improper authentication9.19.1$0-$5k$0-$5kHighWorkaround0.09CVE-2012-6066
18FreePBX DISA Module sql injection4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2018-15892
19Bolt CMS Text Input Click Preview cross site scripting5.24.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.09CVE-2018-19933
20Palo Alto PAN-OS GlobalProtect External Interface User 7pk security7.57.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2017-7945

IOC - Indicator of Compromise (48)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
15.39.72.2ns3065363.ip-5-39-72.euHigh
220.42.65.92High
351.91.73.194ns3164589.ip-51-91-73.euHigh
451.254.45.43ip-51-254-45-43.ddhosts.netHigh
558.221.32.3High
658.221.33.111High
758.221.35.121High
859.42.71.178High
959.188.239.165High
10XX.XX.XX.XXXxxxxxx.xxxxxxxxxx.xxxHigh
11XX.XXX.XXX.XXXHigh
12XX.XX.XXX.XXxxx-xxxx-x.xxxxxxxxxx.xxHigh
13XX.XXX.XXX.XXXHigh
14XX.XXX.XXX.XXxxxxxxxx.xxxx.xxxxxxxxxxxxx.xxHigh
15XX.XXX.XXX.XXxxxxxxxx.xxxx.xxxxxxxxxxxxx.xxHigh
16XX.XXX.XX.XXXHigh
17XXX.XX.XXX.XXHigh
18XXX.XX.XXX.XXHigh
19XXX.XXX.XXX.XXXxxx-xxxxx.xxxxxx.xxxHigh
20XXX.XXX.XXX.XXXHigh
21XXX.XXX.XXX.XXXHigh
22XXX.XXX.XXX.XXXHigh
23XXX.XX.XXX.XXHigh
24XXX.XX.XXX.XXHigh
25XXX.XX.XXX.XXXHigh
26XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxHigh
27XXX.XX.XXX.XXHigh
28XXX.XXX.XXX.XXXxxxx.xxxxxxxx.xxHigh
29XXX.XX.XXX.XXXHigh
30XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxHigh
31XXX.XXX.XXX.XXXHigh
32XXX.XX.XX.XXHigh
33XXX.X.XX.XXXxxxxxx.xxx.xx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxHigh
34XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxHigh
35XXX.XX.XXX.XXHigh
36XXX.XX.XXX.XXXHigh
37XXX.XX.XXX.XXXHigh
38XXX.XX.XXX.XXxxxxxx.xxxxxxxxxxxx.xxxHigh
39XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxx.xxxHigh
40XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxx.xxxHigh
41XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxx.xxxHigh
42XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxx.xxxHigh
43XXX.XXX.XXX.XXXHigh
44XXX.XXX.XX.XXxxxxxx.xxxxHigh
45XXX.XXX.XXX.XXxx-xxx-xxx-xxx.xxxxxxx.xxxxxx.xxxHigh
46XXX.XXX.XXX.XXXxxxxxxx.xxxxxx.xxxHigh
47XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xxx.xxxxxx.xxHigh
48XXX.XXX.XX.XXXHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1211CWE-2547PK Security FeaturesHigh
4TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxHigh

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/admin/admapi.phpHigh
2File/admin/config.php?display=disa&view=formHigh
3File/admin/login.phpHigh
4File/admin/sysmon.phpHigh
5File/base/ecma-helpers-string.cHigh
6File/EPOAGENTMETA/DisplayMSAPropsDetail.doHigh
7File/xxx/xxxxxxxxx/xxxxxxHigh
8File/xxxxxxxx/xxxxxx/xxxxxxxxxxxx/xxxx xxxxxxx/xxxxxxxxx/xxxxxxx xxxxHigh
9File/xxxxxxx/Medium
10Filexxxxx.xxxMedium
11Filexxxxx/xxxxxx.xxxHigh
12Filexxx_xxxx.xxMedium
13Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
14Filexxx.xxxLow
15Filexxxxxxx.xxxxMedium
16Filexxxxxxxxxx.xxxHigh
17Filexxxxxxxx.xxxMedium
18Filexxx/xxxxxx.xxxHigh
19Filexxxxx.xxxMedium
20Filexxxxxxxxxxxxx.xxxHigh
21Filexxxxxx.xMedium
22Filexxxxx.xxxMedium
23Filexxxxxxx/xxxx/xxxx_xxxx.xxHigh
24Filexxxxxxxxxxxxx-xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxx/xxx/xxxxx_xxx/xx_xxxxxxx.xxxHigh
25Filexxxxxxxx.xxxMedium
26Filexxxxxx-xxxxxxx.xxxHigh
27Filexxxxx/xxxx/xxxxx.xHigh
28Filexxx/xxx_xxxx.xHigh
29Filexxxxxx/xxxxxx_xxxx.xHigh
30Filexxxxxxxx.xxxMedium
31Filexx-xxxxx/xxxxx.xxxHigh
32ArgumentxxxxxxxxMedium
33ArgumentxxxLow
34ArgumentxxxxxxxxxMedium
35ArgumentxxxxxxLow
36ArgumentxxxxLow
37Argumentxxx_xxxxx_xxxx_xxxxxxxHigh
38ArgumentxxxxxxLow
39ArgumentxxxxxxxxxxxxxHigh
40ArgumentxxxLow
41Argumentxxxx/xxxxxxxxxxxHigh
42ArgumentxxxxxxLow
43Argumentxxxxx_xx/xxxxxHigh
44ArgumentxxxxxxxxxxxxxxxHigh
45Argumentxx_xxxxLow
46ArgumentxxxxxxxxMedium
47ArgumentxxxLow
48ArgumentxxxxxLow
49ArgumentxxxLow
50ArgumentxxxxxxxxMedium
51Argumentxxxxxxxx/xxxxxxxxHigh
52Input Value%xxLow
53Input Value'xx''='Low
54Input Value../Low
55Input Value>"<xxxxxx xxx=xxxx://xxxx.xx>@xxxx.xxHigh
56Input Valuexxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)High
57Patternxxxxxxxxxxxxx|xx| xxxxxHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!