Worok Analysis

IOB - Indicator of Behavior (33)

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en22
zh3
it3
es2
de2

Country

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.840.04187CVE-2010-0966
2DrayTek Vigor3900/Vigor2960/Vigor300B execution code injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2020-14472
3Ivanti Pulse Connect Secure Header request smuggling5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2022-21826
4Jfinal CMS sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2022-30500
5Samba DCE/RPC injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00954CVE-2021-23192
6Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.01150CVE-2022-30151
7Microsoft Windows Kernel Privilege Escalation8.37.7$100k and more$5k-$25kFunctionalOfficial Fix0.040.01150CVE-2021-33771
8Microsoft Windows Update Medic Service Privilege Escalation8.37.7$100k and more$5k-$25kFunctionalOfficial Fix0.030.01150CVE-2021-36948
9Comersus Open Technologies Comersus BackOffice Plus comersus_backoffice_searchitemform.asp cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.030.01917CVE-2005-3285
10Py-EVM vm.execute_bytecode memory corruption7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.060.02509CVE-2018-18920
11PhotoPost PHP Pro showphoto.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01213CVE-2004-0239
12Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00986CVE-2011-0519
13MB connect line mymbCONNECT24/mbCONNECT24 redirect.php6.26.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00885CVE-2020-35560
14Microsoft Windows rdbss.sys memory corruption6.26.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01376CVE-2019-1325
15vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2018-6200
16Curtis Galloway libexif exif-entry.c exif_entry_get_value numeric error7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.080.08263CVE-2012-2841
17Microsoft Windows RPC Endpoint Mapper Service privileges management7.87.0$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.030.01150CVE-2021-27091
18Microsoft Windows LSA information disclosure6.45.9$25k-$100k$5k-$25kFunctionalOfficial Fix0.030.26327CVE-2021-36942
19TP-LINK TL-WR1043ND V2 Cookie Credentials credentials management5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2019-6972
20Squitosoft Squito Gallery photolist.inc.php memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.06523CVE-2005-2258

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74InjectionpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileadclick.phppredictiveMedium
2Filecomersus_backoffice_searchitemform.asppredictiveHigh
3Filedata/gbconfiguration.datpredictiveHigh
4Filexxxx-xxxxx.xpredictiveMedium
5Filexxxxxxx.xxxpredictiveMedium
6Filexxx/xxxxxx.xxxpredictiveHigh
7Filexxxxxxxxx/xxxxxxxxxpredictiveHigh
8Filexxxxxxxxx.xxx.xxxpredictiveHigh
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxxx.xxxpredictiveHigh
12Filexxxx-xxxxxxxx.xxxpredictiveHigh
13Libraryxxxxx.xxxpredictiveMedium
14Libraryxxxxxxxx.xxxpredictiveMedium
15ArgumentxxxxxxxxpredictiveMedium
16Argumentxxxxxx-xxxxpredictiveMedium
17Argumentxxxxxxx-xxxxxxpredictiveHigh
18ArgumentxxxxpredictiveLow
19ArgumentxxpredictiveLow
20ArgumentxxxxxpredictiveLow
21ArgumentxxxxxxxxxpredictiveMedium
22ArgumentxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!