Comnie تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

التسلسل الزمني

اللغة

zh42
en10
it2

البلد

cn50
it2

الفاعلين

Comnie2
APT411
Blackgear Cyberespionage1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined22
Content Management System8
Programming Language Software4
Groupware Software2
Automation Software2

المجهز

Not Defined24
Hyweb2
Vmware2
Synacor2
Apache2

منتج

Discourse4
WordPress4
zzcms2
Hyweb HyCMS-J12
Elementor2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1WordPress حقن إس كيو إل6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
2WP Statistics Plugin class-wp-statistics-hits.php حقن إس كيو إل8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.269550.04CVE-2022-25149
3VeronaLabs wp-statistics Plugin API Endpoint Blind حقن إس كيو إل8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
4phpMyAdmin Replace table prefix mult_submits.inc.php preg_replace تجاوز الصلاحيات6.36.0$5k-$25k$0-$5kHighOfficial Fix0.972770.04CVE-2013-3238
5Discourse aws تجاوز الصلاحيات9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.012530.02CVE-2021-41163
6Vmware Workspace ONE Access/Identity Manager Template تجاوز الصلاحيات9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.974360.04CVE-2022-22954
7PrestaShop Soft Logout System توثيق ضعيف8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001350.04CVE-2021-21308
8ProFTPD تجاوز الصلاحيات5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2017-7418
9AWStats awstats.pl اجتياز الدليل5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.004990.09CVE-2020-35176
10Elementor File Upload تجاوز الصلاحيات8.68.6$0-$5k$0-$5kNot DefinedNot Defined0.001360.02CVE-2020-7055
11Netdata health_alarm_execute تجاوز الصلاحيات7.87.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001730.04CVE-2023-22496
12Netdata توثيق ضعيف7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.05CVE-2023-22497
13ThinkPHP Language Pack pearcmd.php تجاوز الصلاحيات8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.041530.04CVE-2022-47945
14phpMyAdmin grab_globals.lib.php اجتياز الدليل4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023340.17CVE-2005-3299
15Apache Shiro Spring Boot توثيق ضعيف5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.336670.00CVE-2021-41303
16exceedone Exment/laravel-admin حقن إس كيو إل7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001290.04CVE-2022-37333
17CKFinder File Name تجاوز الصلاحيات7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.04CVE-2019-15862
18Boa Webserver Get Effective Rights Engine اجتياز الدليل5.35.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.024950.05CVE-2000-0920
19SourceCodester Library Management System index.php حقن إس كيو إل7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001140.00CVE-2022-2492
20Axios تجاوز الصلاحيات5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.015680.04CVE-2021-3749

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
1113.196.70.11113.196.70.11.ll.static.sparqnet.netComnie22/12/2020verifiedعالي
2XXX.XXX.XXX.XXXxxxxx22/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/index.phppredictiveمتوسط
2File/webhooks/awspredictiveعالي
3Filecgi-bin/awstats.plpredictiveعالي
4Fileclearhistory.jsppredictiveعالي
5Filexxxxxxxxx.xxxpredictiveعالي
6Filexx/xx_xxxxxxxx.xxxpredictiveعالي
7Filexxxx_xxxxxxx.xxx.xxxpredictiveعالي
8Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveعالي
9Filexxxxxxxxx/xxxx_xxxxxxx.xxx.xxxpredictiveعالي
10Filexxxxxxx.xxxpredictiveمتوسط
11Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
12File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveعالي
13Argumentxxxxxxpredictiveواطئ
14Argumentxxxxxxxxpredictiveمتوسط
15Argumentxxxxxx xxxxxxpredictiveعالي
16Argumentxxpredictiveواطئ
17Argumentxxxxpredictiveواطئ
18Argumentxxxxxxpredictiveواطئ
19Argumentxxxxxxxxpredictiveمتوسط
20Argumentxxxxxxxpredictiveواطئ
21Argumentxxxxxxpredictiveواطئ
22Argumentxxxxxxxxx_xxxpredictiveعالي
23Argumentxxxxxxxpredictiveواطئ
24Input Value%xxpredictiveواطئ
25Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!