AV Tech Support Scam تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

التسلسل الزمني

اللغة

en18
ru4

البلد

cn12
ru8
pl2

الفاعلين

AV Tech Support Scam2
IcedID1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined8
Router Operating System4
Programming Tool Software2
Firewall Software2
Operating System2

المجهز

Not Defined4
Microsoft4
LG2
MikroTik2
Sangfor2

منتج

ITFlow2
Microsoft Intune Management Extension2
PCRE2
LG Signage TV2
MikroTik RouterOS2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1mintplex-labs anything-llm POST تجاوز الصلاحيات7.97.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-0440
2QNAP QTS/QuTS hero/QuTScloud تجاوز الصلاحيات5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003050.04CVE-2023-47218
3Tenda AC9 fromSetIpMacBind تلف الذاكرة8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-25748
4DedeCMS article_allowurl_edit.php تجاوز الصلاحيات6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001180.05CVE-2023-2928
5Sangfor Next-Gen Application Firewall loadfile.php الكشف عن المعلومات4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000790.00CVE-2023-30804
6Tongda OA delete.php حقن إس كيو إل7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000630.05CVE-2023-5019
7ITFlow settings.php سكربتات مشتركة3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.02CVE-2024-25344
8Huawei HarmonyOS/EMUI Wi-Fi Module توثيق ضعيف4.34.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.04CVE-2022-48621
9FasterXML jackson-databind تجاوز الصلاحيات6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.004310.03CVE-2021-20190
10LG Signage TV webOS تجاوز الصلاحيات6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.04CVE-2024-1885
11SAP IDES Systems تجاوز الصلاحيات6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-22132
12Microsoft Windows Media Center MCL File ehshell.exe XML External Entity6.55.9$100k أو أكثر$0-$5kProof-of-ConceptUnavailable0.000000.00
13Rarlab UnRAR Unpack اجتياز الدليل6.36.0$0-$5k$0-$5kHighOfficial Fix0.929280.00CVE-2022-30333
14Microsoft Intune Management Extension Remote Code Execution8.17.1$25k-$100k$0-$5kUnprovenOfficial Fix0.010630.00CVE-2021-31980
15DevExpress.XtraReports.UI تجاوز الصلاحيات5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.015020.04CVE-2021-36483
16MikroTik RouterOS bfd الحرمان من الخدمة4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002090.00CVE-2020-20220
17Linux Kernel Array Access xfrm_user.c __xfrm_policy_unlink الكشف عن المعلومات5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.03CVE-2019-15666
18Linksys WRT1900ACS Cookie Base64 تشفير ضعيف6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000460.03CVE-2019-7311
19Google Chrome Blink تجاوز الصلاحيات5.85.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.001190.00CVE-2017-5027
20PCRE pcregrep الكشف عن المعلومات5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004690.00CVE-2015-8393

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
168.183.175.204AV Tech Support Scam10/01/2019verifiedعالي
2XXX.XX.XXX.XXXx Xxxx Xxxxxxx Xxxx10/01/2019verifiedعالي
3XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxx.xxxxxxxx.xxxXx Xxxx Xxxxxxx Xxxx10/01/2019verifiedعالي
4XXX.XXX.XXX.XXXXx Xxxx Xxxxxxx Xxxx10/01/2019verifiedعالي
5XXX.XXX.XXX.XXXXx Xxxx Xxxxxxx Xxxx10/01/2019verifiedعالي

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21Path Traversalpredictiveعالي
2T1059CAPEC-242CWE-94Argument Injectionpredictiveعالي
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
6TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictiveعالي
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/nova/bin/bfdpredictiveعالي
2Fileehshell.exepredictiveمتوسط
3Filexxxxxxx/xx/xxxxxx/xxxxx_xxxxxxxxxxxxx/xxxxxx.xxxpredictiveعالي
4Filexxx/xxxx/xxxx_xxxx.xpredictiveعالي
5Filexxxxxxxx.xxxpredictiveمتوسط
6Filexxxx_xxxx/xxxxxxxx.xxxpredictiveعالي
7Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictiveعالي
8Argument-xpredictiveواطئ
9Argumentxxxxxxxpredictiveواطئ
10Argumentxxxxxxxxxxxxx_xxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!