00536d تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

اللغة

en	16
zh	6

البلد

us	10
cn	6
ca	6

الفاعلين

00536d	3

الاهتمام

النوع

Not Defined	4
Web Server	4
Programming Language Software	4
Wireless LAN Software	2
Auction Software	2

المجهز

Not Defined	6
Netgear	2
Active	2
IBM	2
Dynacolor	2

منتج

eG Manager	2
Netgear D6300B	2
Active Auction House	2
IBM HTTP Server	2
Dynacolor FCM-MB40	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	Checkmk UI الحرمان من الخدمة	2.7	2.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00044	CVE-2023-23549
2	Softing smartLink SW-HT تشفير ضعيف	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00087	CVE-2022-48193
3	PHP Date Extension parse_date.c php_parse_date الكشف عن المعلومات	6.4	6.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00777	CVE-2017-16642
4	ImageMagick png.c ReadOnePNGImage تلف الذاكرة	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00060	CVE-2017-11539
5	PhotoPost PHP Pro showproduct.php حقن إس كيو إل	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00276	CVE-2004-0250
6	Comments comments.php حقن إس كيو إل	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00000
7	Black Tie Project Category ID categorie.php3 Path الكشف عن المعلومات	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00342	CVE-2002-0446
8	Dynacolor FCM-MB40 طلب تزوير مشترك	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00112	CVE-2019-13401
9	eG Manager توثيق ضعيف	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00659	CVE-2020-8591
10	NexusPHP modtask.php حقن إس كيو إل	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00184	CVE-2017-12909
11	Active Auction House ItemInfo.asp حقن إس كيو إل	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00685	CVE-2005-1029
12	WP Fastest Cache Plugin wpFastestCache.php rm_folder_recursively تجاوز الصلاحيات	5.6	5.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.02224	CVE-2019-6726
13	AXIS 2110 Network Camera editcgi.cgi اجتياز الدليل	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.01492	CVE-2004-2426
14	Oracle Fusion Middleware WebLogic Server تجاوز الصلاحيات	9.0	9.0	$5k-$25k	جاري الحساب	High	Not Defined	0.00	0.97573	CVE-2019-2725
15	Netgear D6300B Credential Storage nvram تشفير ضعيف	5.4	4.6	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00	0.00000
16	Biscom Secure File Transfer AngularJS تجاوز الصلاحيات	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00057	CVE-2017-5246
17	IBM HTTP Server تلف الذاكرة	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00359	CVE-2015-4947
18	jQuery UI dialog سكربتات مشتركة	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00469	CVE-2016-7103
19	Citrix XenApp XML Service Interface تلف الذاكرة	9.9	8.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.03	0.04580	CVE-2012-5161
20	Microsoft IIS تجاوز الصلاحيات	9.9	9.9	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.02	0.08875	CVE-2010-1256

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	Identified	النوع	الثقة
1	8.208.9.98		00536d	12/04/2022	verified	عالي
2	54.39.74.124		00536d	12/04/2022	verified	عالي
3	XX.XXX.XX.XXX		Xxxxxx	12/04/2022	verified	عالي
4	XX.XXX.XXX.XX		Xxxxxx	12/04/2022	verified	عالي
5	XXX.XXX.X.XXX	xxx.xxxx-xxxxxx.xxx	Xxxxxx	12/04/2022	verified	عالي
6	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxxxxx	12/04/2022	verified	عالي

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1006	CWE-22	Path Traversal	predictive	عالي
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	عالي
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	عالي
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
5	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
7	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	عالي

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/data/nvram	predictive	متوسط
2	File	categorie.php3	predictive	عالي
3	File	cgi-bin/	predictive	متوسط
4	File	xxxxxx/xxx.x	predictive	متوسط
5	File	xxx.xxxxxxx.xxxxxxxxxxxxxx?xxxxx=xxxxx&xxxxx=&xxxxxxxxx=xxxxxxxxx	predictive	عالي
6	File	xxxxxxxx.xxx	predictive	متوسط
7	File	xxxxxxx.xxx	predictive	متوسط
8	File	xxx/xxxx/xxx/xxxxx_xxxx.x	predictive	عالي
9	File	xxxxxxxx.xxx	predictive	متوسط
10	File	xxxxxxx.xxx	predictive	متوسط
11	File	xxxxxxxxxxx.xxx	predictive	عالي
12	File	xxxxxxxxxxxxxx.xxx	predictive	عالي
13	Argument	xxx	predictive	واطئ
14	Argument	xxx	predictive	واطئ
15	Argument	xxxxxxxxx	predictive	متوسط
16	Argument	xxxxxxx xxxx	predictive	متوسط
17	Argument	xxxxxx	predictive	واطئ
18	Argument	xxx	predictive	واطئ
19	Argument	xxxxxx	predictive	واطئ
20	Input Value	../	predictive	واطئ
21	Input Value	{{ }}	predictive	واطئ
22	Network Port	xxxxxxxxxxxxxx xxxxxx	predictive	عالي

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Do you know our Splunk app?

Download it now for free!