FamousSparrow تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

التسلسل الزمني

اللغة

en90
zh56
ja6

البلد

cn108
us44

الفاعلين

Cobalt Strike2
GhostEmperor1
Andariel1
Lazarus1
FamousSparrow1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined58
Content Management System12
Firewall Software8
Bug Tracking Software6
Operating System6

المجهز

Not Defined50
Microsoft6
IBM4
Google4
Apache4

منتج

Microsoft Windows6
Google Android4
IBM MQ2
ipTIME NAS-I2
ipTIME NAS-II2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1ipTIME NAS-I Bulletin Manage تجاوز الصلاحيات7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00988CVE-2020-7847
2mm-wiki Markdown Editor سكربتات مشتركة4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00078CVE-2021-39393
3EspoCRM تجاوز الصلاحيات7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.040.00086CVE-2022-38843
4Palo Alto PAN-OS ثغرات غير معروفة4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.040.00069CVE-2023-0004
5Joomla! Blacklist حقن إس كيو إل6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00196CVE-2020-35613
6koha اجتياز الدليل5.35.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.06656CVE-2011-4715
7Synacor Zimbra Collaboration mboximport اجتياز الدليل4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.96501CVE-2022-27925
8WordPress WP_Query class-wp-query.php حقن إس كيو إل8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611
9Synacor Zimbra Webmail Subsystem upload تجاوز الصلاحيات6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00466CVE-2020-12846
10Vmware Workspace ONE Access/Identity Manager Template تجاوز الصلاحيات9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.97436CVE-2022-22954
11UniSharp laravel-filemanager Image File upload تجاوز الصلاحيات5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.030.00193CVE-2021-23814
12Citrix XenServer اجتياز الدليل8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.03280CVE-2018-14007
13PHPMailer validateAddress تجاوز الصلاحيات5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00344CVE-2021-3603
14Spamsniper Mail From تلف الذاكرة7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01404CVE-2020-7845
15ThinkPHP index.php حقن إس كيو إل8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00173CVE-2018-10225
16IBM MQ TLS Key Renegotiation تجاوز الصلاحيات6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00199CVE-2019-4055
17Hiroyuki Oyama DBD::mysqlPP MySQL حقن إس كيو إل7.37.1$0-$5k$0-$5kHighUnavailable0.000.00135CVE-2011-3989
18Atlassian JIRA Server/Data Center QueryComponent!Default.jspa الكشف عن المعلومات5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00628CVE-2020-14179
19Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi تجاوز الصلاحيات9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.08915CVE-2023-30806
20MicroWorld Technologies eScan Agent Service mwagent.exe تجاوز الصلاحيات9.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00361CVE-2007-0655

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
127.102.113.240power.playtimeins.netFamousSparrow24/09/2021verifiedعالي
2XX.XXX.XXX.XXXXxxxxxxxxxxxx24/09/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22Path Traversalpredictiveعالي
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveعالي
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
4T1059CWE-94Argument Injectionpredictiveعالي
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
11TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
12TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
13TXXXXCWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
16TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
17TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/api/v1/terminal/sessions/?limit=1predictiveعالي
2File/cgi-bin/login.cgipredictiveعالي
3File/login.htmlpredictiveمتوسط
4File/newpredictiveواطئ
5File/secure/QueryComponent!Default.jspapredictiveعالي
6File/service/uploadpredictiveعالي
7File/system?action=ServiceAdminpredictiveعالي
8File/xxx/xxx/xxxxxpredictiveعالي
9File/xx-xxxxpredictiveمتوسط
10Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveعالي
11Filexxxxx/xxxxx.xxx?x=xxxxxxxx&x=xxxpredictiveعالي
12Filexxxxx/xxxxxxx/xxxxxxxxxxpredictiveعالي
13Filexxx_xxxxxxx.xxxpredictiveعالي
14Filexxxxxx/xxxxx/xxxxx.xxxpredictiveعالي
15Filexxxxxxx.xxxxx.xxxpredictiveعالي
16Filexxxxxxx_xxxxxxx.xxpredictiveعالي
17Filexxxxxxxxxxxx.xxxpredictiveعالي
18Filexxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
19Filexxxxxx_xxx_xxxx_xxxxx_xx_xxxxx.xpredictiveعالي
20Filexxxxx.xxxpredictiveمتوسط
21Filexxxxxx/xxxxxx.xpredictiveعالي
22Filexxxxxxxxxxx/xxxxx.xpredictiveعالي
23Filexxxxxxxxx.xxxpredictiveعالي
24Filexxxxxxx/xxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveعالي
25Filexxxxxxx/xxxx_xxx_xxxxx.xxxpredictiveعالي
26Filexxxxxxx.xxxpredictiveمتوسط
27Filexxxxxxx.xxxpredictiveمتوسط
28Filexxxxxx_xxxxx.xxxpredictiveعالي
29Filexxx_xxxx_xxxxxxx.xxxpredictiveعالي
30Filexx_xxx.xxpredictiveمتوسط
31Filexxxxxxxx/xxxxx/xxxxxxx.xxxx?xxxxxxxxxx=xxxxxxxxxxxxxxxx/xxxxpredictiveعالي
32Filexxxxxx-xxxxxxx-xxxx.xxxpredictiveعالي
33Filexxxxxxx/xxxxxxxx_xxxx_xx_xxx.xpredictiveعالي
34Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
35Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
36File__xxxx_xxxxxxxx.xxxpredictiveعالي
37Libraryxxxxxxxx.xxxpredictiveمتوسط
38Libraryxxxxxxxx.xxxpredictiveمتوسط
39Libraryxxxxxxxx.xxxpredictiveمتوسط
40Argument--xxxxxx/--xxxxxxxxpredictiveعالي
41Argumentxxx_xxxxx_xxxxpredictiveعالي
42Argumentxxxxxxxxpredictiveمتوسط
43Argumentxxxx xxxxpredictiveمتوسط
44Argumentxxxxxxxx_xxxxx[]predictiveعالي
45Argumentxxxxpredictiveواطئ
46Argumentxxxxxpredictiveواطئ
47Argumentxxxxxxxxpredictiveمتوسط
48Argumentxxxx_xxpredictiveواطئ
49Argumentxxxxxxxxxxxxxpredictiveعالي
50Argumentxxxxxxxxx_predictiveمتوسط
51Argumentxxxxxxpredictiveواطئ
52Argumentxxxxxxxxpredictiveمتوسط
53Argumentxxxxxxxxpredictiveمتوسط
54Input Value%xx%xx%xxpredictiveمتوسط
55Input Value../predictiveواطئ
56Input Valuexxxx.xxx::$xxxxpredictiveعالي
57Network Portxxx/xxxxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!