Wirte Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en117
de7
fr5
ru3
ja1

Country

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined2.12CVE-2020-12440
3jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2019-7550
4Kubernetes API Server access control9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.23CVE-2016-1906
5F5 BIG-IP iControl REST Authentication bash missing authentication9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix3.83CVE-2022-1388
6Lenovo XClarity Controller LDAP Authentication authorization4.34.3$0-$5k$0-$5kNot DefinedNot Defined1.58CVE-2021-3956
7ZCMS ThinkPHP sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-19705
8ISC BIND TCP Packet denial of service5.34.9$5k-$25k$0-$5kFunctionalOfficial Fix0.03CVE-2022-0396
9Squid Proxy HTTP Header Host Field Parser access control7.56.9$5k-$25k$0-$5kProof-of-ConceptWorkaround0.05CVE-2012-2213
10Siemens SIMATIC CFU DIQ PROFINET Stack denial of service5.75.5$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-25622
11cmseasy unrestricted upload5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.03CVE-2021-42643
12ISC BIND Zone Transfer rdataset.c assertion4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8618
13MongoDB nativeHelper input validation6.36.0$0-$5k$0-$5kHighOfficial Fix0.00CVE-2013-1892
14Dell EMC PowerScale OneFS insufficient privileges5.95.9$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2022-23160
15Microsoft FrontPage Extensions vti_inf.html information disclosure4.34.2$5k-$25k$0-$5kNot DefinedWorkaround0.05
16Micro Focus NetIQ Access Manager cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-22531
17jQuery dataType script.js Cross-Domain cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.23CVE-2015-9251
18Microsoft Windows LDAP Privilege Escalation8.88.1$100k and more$25k-$100kUnprovenOfficial Fix0.03CVE-2022-22013
19Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix1.19CVE-2022-26923
20Moodle Badge Criteria access control5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2022-0984

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Middle East

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/example/editorpredictiveHigh
2File/members/view_member.phppredictiveHigh
3File/mgmt/tm/util/bashpredictiveHigh
4File/var/log/demisto/predictiveHigh
5Filexxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxx/xxx/xxx-xxxx.xpredictiveHigh
8Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
9Filexx.xxxpredictiveLow
10Filexxxxxxxx.xpredictiveMedium
11Filexxxxxx.xpredictiveMedium
12Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
13Filexxx.xxxxxpredictiveMedium
14Filexxxxxx.xxpredictiveMedium
15Filexxxxx.xpredictiveLow
16Filexxxxx/xxx_xxxxxx.xpredictiveHigh
17Filexxx_xxx.xxxxpredictiveMedium
18Filexxx/xxx/xxxxxxxxxx/xxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
19Filexxxxx-xxxxxx.xxxpredictiveHigh
20Argumentxxxxxx_xxxpredictiveMedium
21ArgumentxxxxxxxxpredictiveMedium
22Argumentxxxx xxxxpredictiveMedium
23ArgumentxxxxxpredictiveLow
24ArgumentxxpredictiveLow
25Argumentxxxxxxxx_xxxxxx_xxxpredictiveHigh
26Input ValuexxxxxxxxpredictiveMedium
27Network Portxxxxx xxx-xxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!