BEAR تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (87)

التسلسل الزمني

اللغة

en78
ru4
zh2
de2
es2

البلد

us32
ee28
ua10
ru6
nl4

الفاعلين

BEAR2
RedLine Stealer2
GreyEnergy1
Dfni1
Dridex1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined28
Content Management System8
Web Server8
Operating System4
Router Operating System4

المجهز

Not Defined26
Microsoft6
Oracle4
IBM4
APC4

منتج

Microsoft IIS4
Oracle Primavera Contract Management2
Nextcloud Lookup-Server2
ThinkPHP2
BoZoN2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Huawei SmartCare Dashboard Stored سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00065CVE-2017-15312
3Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
4IBM Security AppScan Enterprise Enterprise Source Database تشفير ضعيف9.88.5$5k-$25kجاري الحسابUnprovenOfficial Fix0.000.00082CVE-2013-3989
5raspap-webgui activate_ovpncfg.php تجاوز الصلاحيات8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000.86945CVE-2022-39986
6PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00108CVE-2022-24663
7Forumer / IPB Board Show Topic index.php حقن إس كيو إل7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.040.00000
8WordPress Metadata تجاوز الصلاحيات8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01578CVE-2018-20148
9Add Link to Facebook Plugin profile.php سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00057CVE-2018-5214
10SeedProd Website Builder Plugin seedprod_lite_new_lpage تجاوز الصلاحيات7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00057CVE-2024-1072
11Patreon Plugin طلب تزوير مشترك5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00058CVE-2023-41129
12Database Administrator Plugin حقن إس كيو إل4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00530CVE-2023-3211
13Telegram Web سكربتات مشتركة4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.040.00075CVE-2022-43363
14User Post Gallery Plugin تجاوز الصلاحيات8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.000.03753CVE-2022-4060
15eSST Monitoring تجاوز الصلاحيات7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00116CVE-2023-41631
16Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00133CVE-2023-36434
17Boa Web Server HEAD Method تجاوز الصلاحيات6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00112CVE-2022-45956
18GitLab Privilege Escalation5.15.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00118CVE-2021-22263
19ThinkPHP تجاوز الصلاحيات7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.080.00058CVE-2022-44289
20Microsoft Lync Server/Skype for Business Server ثغرات غير معروفة6.55.9$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.020.00074CVE-2021-24073

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
15.149.248.67mx1-mail.comBEAR23/12/2020verifiedعالي
25.149.248.193BEAR23/12/2020verifiedعالي
3X.XXX.XXX.XXXXxxx23/12/2020verifiedعالي
4X.XXX.XXX.XXXxxxxx.xxxxxxxxxxxxxxxx.xxxxXxxx23/12/2020verifiedعالي
5XX.XXX.XX.XXxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxx23/12/2020verifiedعالي
6XXX.XXX.XX.XXXXxxx23/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
3T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictiveعالي
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
8TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/ajax/openvpn/activate_ovpncfg.phppredictiveعالي
2File/cgi-bin/wlogin.cgipredictiveعالي
3File/index.phppredictiveمتوسط
4File/uncpath/predictiveمتوسط
5Filexxx_xxxxxxx.xxxpredictiveعالي
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
7Filexxxxxxxx.xxxpredictiveمتوسط
8Filexxxxxx.xxxxpredictiveمتوسط
9Filexxxxxx.xxxpredictiveمتوسط
10Filexxxxx.xxxpredictiveمتوسط
11Filexxxxxxx.xxxpredictiveمتوسط
12Filexxxxx-xxxxxxx.xxxpredictiveعالي
13Filexxxxxxxx.xxpredictiveمتوسط
14Filexxxxx.xxxxxxx.xxpredictiveعالي
15Filexxxxxxxxx/xxxxx/xxxxxx.xxxxpredictiveعالي
16Filexx-xxxxx/xxxxxxx.xxxpredictiveعالي
17Libraryxxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxx.xxxpredictiveعالي
18Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictiveعالي
19Argument-xpredictiveواطئ
20Argumentxx/xxpredictiveواطئ
21Argumentxxxxx_xxxxxxxx/xxxxx_xxxxxxxxpredictiveعالي
22Argumentxxxxx_xxxxxxxx_xxpredictiveعالي
23Argumentxxxxxpredictiveواطئ
24Argumentxxx_xxpredictiveواطئ
25Argumentxxpredictiveواطئ
26Argumentxxxxxpredictiveواطئ
27Argumentxxxxxxxxxpredictiveمتوسط
28Argumentx[]predictiveواطئ
29Argumentxxx_xxpredictiveواطئ
30Argumentxxxxx_xxxpredictiveمتوسط
31Argumentxxxxpredictiveواطئ
32Argumentxxxxxxxx/xxxxpredictiveعالي
33Argument_xxxxpredictiveواطئ
34Input Valuexxxpredictiveواطئ

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Might our Artificial Intelligence support you?

Check our Alexa App!