Ursu Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en12
ja6
jp2
zh1

Country

jp9
cn8
us4

Actors

Ursu21

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Google Android Qualcomm Bootloader access control8.38.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2016-10276
2Google Android Pendingintent access control7.36.1$100k and more$5k-$25kUnprovenOfficial Fix0.09CVE-2014-8609
3Movable Type sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-5742
4Google Android Qualcomm Sound Driver access control7.97.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2016-10287
5Splunk Enterprise splunk-launch.conf access control7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2017-18348
6Microsoft IIS WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption8.58.2$25k-$100k$0-$5kHighOfficial Fix0.00CVE-2017-7269
7BigTree CMS File Upload unrestricted upload8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2017-7695
8Django Password Hash credentials management3.83.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2018-16984
9Google Android Layout.java getOffsetForHorizontal input validation4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2018-9452
10IBM WebSphere Application Server deserialization8.58.5$25k-$100k$25k-$100kNot DefinedNot Defined0.07CVE-2019-4279
11portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.05CVE-2012-5958
12Securimage example_form.php code injection5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2017-14077
13Buffalo TS5600D1206 command injection5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2018-13320
14Microsoft Windows DWM Core Library Privilege Escalation8.68.0$100k and more$0-$5kFunctionalOfficial Fix0.08CVE-2021-33739
15Google Android Qualcomm Video Driver access control7.97.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2016-10284
16Google Android Qualcomm LED Driver information disclosure4.03.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2016-10295
17Google Android bindBackupAgent race condition7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2014-7953

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (1)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1068CWE-264Execution with Unnecessary PrivilegesHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File$SPLUNK_HOME/etc/splunk-launch.confHigh
2Fileexample_form.ajax.php/example_form.phpHigh
3FileLayout.javaMedium
4Argument$_xxxxxx['xxxx_xxxx_xxxxx']High
5Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxHigh
6Input Valuexxx.xxx[xxxxx]High
7Pattern|xx|xx|xx|Medium

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!