Avos تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

اللغة

en	58
fr	6
pl	2

البلد

fr	6
us	6
ru	2

الفاعلين

AvosLocker	1
Tofsee	1
Amadey	1
RedLine Stealer	1
RedLine	1

الاهتمام

النوع

Not Defined	16
Operating System	4
Anti-Malware Software	2
Enterprise Resource Planning Software	2
Content Management System	2

المجهز

Not Defined	8
Microsoft	6
HP	2
ORY	2
Coinsoft Technologies	2

منتج

Microsoft Windows	4
HP SAN	2
HP iQ	2
ORY Hydra	2
Coinsoft Technologies phpCOIN	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	HP SAN/iQ hydra.exe تجاوز الصلاحيات	4.3	3.9	$25k-$100k	جاري الحساب	Proof-of-Concept	Official Fix	0.00	0.00277	CVE-2012-4362
2	Hydra HTTP Header read.c process_header_end الحرمان من الخدمة	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00117	CVE-2019-17502
3	IW Guestbook badwords_edit.asp حقن إس كيو إل	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00000
4	Hydra توثيق ضعيف	5.6	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00099	CVE-2020-5300
5	OmniSecure AddUrlShield index.php حقن إس كيو إل	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.00000
6	ORY Hydra error Reflected سكربتات مشتركة	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00097	CVE-2019-8400
7	PHPGurukul Hospital Management System dashboard.php تجاوز الصلاحيات	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00661	CVE-2020-35745
8	HP SAN/iQ Login hydra.exe تلف الذاكرة	10.0	9.5	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.46643	CVE-2011-4157
9	HP LeftHand Virtual SAN Appliance hydra تلف الذاكرة	10.0	9.5	$25k-$100k	جاري الحساب	High	Official Fix	0.00	0.77622	CVE-2013-2343
10	Coinsoft Technologies phpCOIN db.php تجاوز الصلاحيات	7.3	6.6	$0-$5k	جاري الحساب	Proof-of-Concept	Official Fix	0.02	0.07606	CVE-2005-4211
11	Coinsoft Technologies phpCOIN db.php اجتياز الدليل	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.03877	CVE-2005-4212
12	Ilohamail سكربتات مشتركة	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00000
13	Small CRM سكربتات مشتركة	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00052	CVE-2023-44075
14	Intern Record System controller.php سكربتات مشتركة	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00087	CVE-2022-40348
15	Sitekit CMS registration-form.html سكربتات مشتركة	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00000
16	Microsoft Windows Backup Service Privilege Escalation	7.7	7.1	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.00389	CVE-2023-21752
17	SunHater KCFinder upload.php سكربتات مشتركة	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00131	CVE-2019-14315
18	Canto Cumulus login تجاوز الصلاحيات	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00283	CVE-2022-40305
19	IW Guestbook messages_edit.asp حقن إس كيو إل	6.3	5.7	$0-$5k	جاري الحساب	Proof-of-Concept	Not Defined	0.00	0.00000
20	CKEditor Clipboard Package تجاوز الصلاحيات	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00163	CVE-2021-32809

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	حملات	Identified	النوع	الثقة
1	45.136.230.191		Avos		29/07/2022	verified	عالي
2	XXX.XXX.XXX.XXX		Xxxx		29/07/2022	verified	عالي

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1006	CWE-22	Path Traversal	predictive	عالي
2	T1040	CWE-294	Authentication Bypass by Capture-replay	predictive	عالي
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	عالي
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
5	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/cwc/login	predictive	متوسط
2	File	/intern/controller.php	predictive	عالي
3	File	/iwguestbook/admin/badwords_edit.asp	predictive	عالي
4	File	/iwguestbook/admin/messages_edit.asp	predictive	عالي
5	File	xxxxx/xxxxxxxxx.xxx	predictive	عالي
6	File	xxxxx.xxx	predictive	متوسط
7	File	xxxx_xxxxxxxx/xx.xxx	predictive	عالي
8	File	xxxxx.xxx	predictive	متوسط
9	File	xxxxx.xxx	predictive	متوسط
10	File	xxxxx.xxx/xxxxxxxxxxxxx/xxx	predictive	عالي
11	File	xxxxxx/xxxxxxxxx/xxxxx	predictive	عالي
12	File	xxxx.x	predictive	واطئ
13	File	xxxxxxxxxxxx-xxxx.xxxx	predictive	عالي
14	File	xxxxxx.xxx	predictive	متوسط
15	File	xx-xxxxx/xxxxx-xxxxxx.xxx	predictive	عالي
16	Argument	xxxxxxx	predictive	واطئ
17	Argument	xxxxxx	predictive	واطئ
18	Argument	xxxxxxxxxxxxxxx	predictive	عالي
19	Argument	xxxxxxxxx	predictive	متوسط
20	Argument	xxxxxxx-xxxxxx	predictive	عالي
21	Argument	xxxxx_xxxx	predictive	متوسط
22	Argument	xxxxxx$xxxxx	predictive	متوسط
23	Argument	xx	predictive	واطئ
24	Argument	xxxxx	predictive	واطئ
25	Argument	xxxx/xxxxx	predictive	متوسط
26	Argument	xxxx_xx	predictive	واطئ
27	Argument	xxxxxx	predictive	واطئ
28	Argument	_xxxx[_xxx_xxxx_xxxx	predictive	عالي
29	Input Value	x+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#	predictive	عالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!