Cryptbot تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

التسلسل الزمني

اللغة

en16

البلد

de12
jp2
us2

الفاعلين

Vidar1
RecordBreaker1
XMRIG1
Cryptbot1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined12
Web Server2
Network Management Software2

المجهز

Not Defined8
TOTOLINK2
Goahead Software2
Apache2
La-souris-verte2

منتج

TOTOLINK A800R2
TOTOLINK A810R2
TOTOLINK A830R2
TOTOLINK A950RG2
TOTOLINK A3000RU2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1perfSONAR file URL Privilege Escalation7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00075CVE-2022-45213
2La-souris-verte Com Svmap index.php اجتياز الدليل5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01334CVE-2010-1308
3OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.320.00440CVE-2014-2230
4Goahead Software Webserver HTTP Request aux الحرمان من الخدمة5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000.06949CVE-2001-0385
5Facebook WhatsApp Video Call تلف الذاكرة8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00393CVE-2022-36934
6SourceCodester Simple Parking Management System سكربتات مشتركة3.93.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00054CVE-2022-2363
7Snipe-IT Update Branding Settings تجاوز الصلاحيات5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00054CVE-2022-32060
8TOTOLINK EX300 MQTT Data Packet setLanguageCfg تجاوز الصلاحيات7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000.17797CVE-2022-32449
9IBM Security Access Manager Appliance تشفير ضعيف5.75.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00106CVE-2022-22464
10Apache Commons Configuration Variable Interpolation Privilege Escalation8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.34543CVE-2022-33980
11TOTOLINK A800R/A810R/A830R/A950RG/A3000RU/A3100R تجاوز الصلاحيات6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00706CVE-2022-28935
12Huawei ACXXXX/SXXXX SSH Packet تجاوز الصلاحيات7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00246CVE-2014-8572
13libvirt libxl Driver الحرمان من الخدمة3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00044CVE-2021-4147
14Zabbix SAML توثيق ضعيف8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.020.97148CVE-2022-23131
15VMware Spring Framework تجاوز الصلاحيات4.54.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00079CVE-2021-22096

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
18.248.153.254Cryptbot16/10/2021verifiedعالي
28.248.163.254Cryptbot16/10/2021verifiedعالي
38.248.167.254Cryptbot16/10/2021verifiedعالي
48.249.223.254Cryptbot16/10/2021verifiedعالي
5X.XXX.XXX.XXXXxxxxxxx16/10/2021verifiedعالي
6X.XXX.XX.XXXXxxxxxxx16/10/2021verifiedعالي
7X.XXX.XXX.XXXXxxxxxxx16/10/2021verifiedعالي
8X.XXX.XXX.XXXXxxxxxxx16/10/2021verifiedعالي
9XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx16/10/2021verifiedمتوسط
10XX.XXX.XX.XXXxx-xx.xxxXxxxxxxx16/10/2021verifiedعالي
11XX.XXX.X.Xxxxxx-xx-xxx-x-x.xxx.xxxx.xxxXxxxxxxx16/10/2021verifiedعالي
12XX.XXX.X.XXXxxxxx-xx-xxx-x-xxx.xxx.xxxx.xxxXxxxxxxx16/10/2021verifiedعالي
13XX.XXX.XXX.XXXxxxxxxx31/01/2023verifiedعالي
14XX.XX.XX.XXxxxxxx.xx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx16/10/2021verifiedعالي
15XXX.XXX.XXX.XXxxxxxxx16/10/2021verifiedعالي
16XXX.X.XXX.XXxx-xx-xxxx.xxx-xxxxxxx.xxxXxxxxxxx16/10/2021verifiedعالي
17XXX.XX.XXX.Xxx-xxx.xxxXxxxxxxx16/10/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059.007CWE-79Cross Site Scriptingpredictiveعالي
3TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
4TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
5TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/auxpredictiveواطئ
2File/ci_spms/admin/search/searching/predictiveعالي
3Filexxxxxxx.xxxpredictiveمتوسط
4Filexxxxx.xxxpredictiveمتوسط
5Argumentxxxxxxxxxxpredictiveمتوسط
6Argumentxxxxpredictiveواطئ
7Argumentxxxxxxxxpredictiveمتوسط
8Argumentxxxxxxpredictiveواطئ
9Input Value"><xxxxxx>xxxxx("xxx")</xxxxxx>predictiveعالي

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!