APP84VN تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (80)

التسلسل الزمني

اللغة

zh44
en36

البلد

cn72
us8

الفاعلين

APP84VN2
APT101
Cobalt Strike1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined24
Router Operating System8
Application Server Software6
Firewall Software6
Programming Language Software4

المجهز

Not Defined24
Apache12
Microsoft8
Cisco4
Juniper2

منتج

Cisco IOS XE4
Microsoft Exchange Server4
Apache Tomcat4
PHP2
Redis2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Netgate pfSense XML File config.xml restore_rrddata تجاوز الصلاحيات5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.459280.01CVE-2023-27253
2Tildeslash Monit HTTP Basic Authentication cervlet.c _viewlog Persistent سكربتات مشتركة5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001790.00CVE-2019-11454
3Swagger UI URL الكشف عن المعلومات4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002650.04CVE-2018-25031
4Google gson writeReplace تجاوز الصلاحيات6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002470.02CVE-2022-25647
5Microsoft Windows Print Spooler Service spoolsv.exe RpcAddPrinterDriverEx PrintNightmare تجاوز الصلاحيات8.87.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.966850.03CVE-2021-34527
6Vobot Clock SSH Server توثيق ضعيف9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006590.00CVE-2018-6825
7Hgiga MailSherlock سكربتات مشتركة5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001170.05CVE-2023-24839
8GNUBOARD5 install_db.php حقن إس كيو إل6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001550.03CVE-2020-18662
9Gin-Vue-Admin File Upload اجتياز الدليل7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001240.02CVE-2022-39345
10pfSense File Name browser.php سكربتات مشتركة4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.02CVE-2022-42247
11Microsoft Exchange Server ثغرات غير معروفة5.44.9$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.001310.02CVE-2021-1730
12SalesForce Tableau Server SAML Remote Code Execution6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.02CVE-2020-6939
13graphql-java GraphQL Query الحرمان من الخدمة4.34.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001730.00CVE-2022-37734
14Apache Tomcat الكشف عن المعلومات5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003440.00CVE-2007-3385
15Apple Safari WebKit تلف الذاكرة7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.005260.02CVE-2022-32893
16Kubernetes kubelet pprof الكشف عن المعلومات7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.535130.00CVE-2019-11248
17Camunda Modeler IPC Message writeFile تجاوز الصلاحيات7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.008710.02CVE-2021-28154
18Cisco IOS XE Lua Interpreter تلف الذاكرة6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2020-3423
19beego Route Lookup تجاوز الصلاحيات5.55.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002330.00CVE-2021-30080
20Cisco IOS XE SD-WAN vDaemon تلف الذاكرة9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.015260.00CVE-2021-34727

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
127.102.66.105APP84VN20/04/2022verifiedعالي
2XX.XXX.XXX.XXXXxxxxxx20/04/2022verifiedعالي
3XXX.XXX.XX.XXXXxxxxxx20/04/2022verifiedعالي
4XXX.XXX.XXX.XXXxxxxxx20/04/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictiveعالي
2T1059CWE-88, CWE-94Argument Injectionpredictiveعالي
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
8TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
10TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin.php?p=/User/indexpredictiveعالي
2File/anony/mjpg.cgipredictiveعالي
3File/debug/pprofpredictiveمتوسط
4File/mgmt/tm/util/bashpredictiveعالي
5File/xxxxxxx_xxxx.xxxpredictiveعالي
6Filexxxxx/?x=xxxx&x=xxxxx&x=xxxxxxxxxxpredictiveعالي
7Filexxxxxxx.xxxpredictiveمتوسط
8Filexxxxxx.xxxpredictiveمتوسط
9Filexxxxx/predictiveواطئ
10Filexxxx/xxxxxxx.xpredictiveعالي
11Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
12Filexxxxxxx_xx.xxxpredictiveعالي
13Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveعالي
14Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveعالي
15Filexxxxx_xxxxx.xxxpredictiveعالي
16Filexxxxx.xpredictiveواطئ
17Filexxxxxxx.xxxpredictiveمتوسط
18Filexxxx/xxx.xxx?xx=xxxxxxpredictiveعالي
19Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
20Argument-xpredictiveواطئ
21Argumentxxxpredictiveواطئ
22Argumentxxxxxxxxxxxxxxxpredictiveعالي
23Argumentxxxpredictiveواطئ
24Argumentxxxxx_xxxxxxpredictiveمتوسط
25Argumentxxxxpredictiveواطئ
26Input Valuexxxxxxpredictiveواطئ
27Network Portxxx xxxxxx xxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!