Farseer تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (152)

التسلسل الزمني

اللغة

en128
ja6
de6
es4
zh4

البلد

us62
cn60
jp8
ca6
cf2

الفاعلين

Farseer12
Cobalt Strike4
NjRAT2
Vicious Panda1
Purple Fox1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined50
Operating System10
Content Management System8
Programming Language Software8
Database Administration Software8

المجهز

Not Defined50
Microsoft10
Cisco8
FileZilla4
Fortinet2

منتج

Microsoft Windows8
phpMyAdmin8
PHP4
Fortinet FortiOS2
Veritas Backup Exec2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2OpenSSL c_rehash تجاوز الصلاحيات5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.09738CVE-2022-1292
3Tiki Wiki CMS Groupware tiki-jsplugin.php تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.130.04033CVE-2010-4239
4Microsoft Windows Print Spooler Privilege Escalation8.17.4$100k أو أكثر$5k-$25kUnprovenOfficial Fix0.020.00101CVE-2022-21999
5Microsoft Azure HDInsights Apache Hadoop ثغرات غير معروفة3.93.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00051CVE-2023-38188
6Geddy index.js اجتياز الدليل5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01347CVE-2015-5688
7Asus AsusWRT start_apply.htm تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01350CVE-2018-20334
8EvoStream Media Server HTTP Request تلف الذاكرة7.46.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.01265CVE-2017-6427
9DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.750.00943CVE-2010-0966
10Zulip Server Storage Backend سكربتات مشتركة4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00054CVE-2018-9999
11WUZHI CMS طلب تزوير مشترك6.56.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00192CVE-2018-10312
12WebCalendar settings.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.03093CVE-2005-2717
13Microsoft Windows iSCSI Target Service الكشف عن المعلومات4.84.4$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00095CVE-2023-24945
14Microsoft Windows Netlogon Remote Code Execution8.17.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.050.00106CVE-2023-28268
15Microsoft Windows Kernel Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.00048CVE-2023-35359
16Microsoft Windows Error Reporting Service Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.00147CVE-2023-36874
17Flask الكشف عن المعلومات6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00142CVE-2023-30861
18WPS Hide Login Plugin Secret Login Page options.php تجاوز الصلاحيات6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.050.02933CVE-2021-24917
19Fortinet FortiOS/FortiProxy Command Line Interpreter Format String7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00042CVE-2022-43953
20Fortinet FortiOS CLI Command اجتياز الدليل6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.000.06752CVE-2022-41328

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
143.224.33.13043.224.33.130.vultr.comFarseer22/12/2020verifiedمتوسط
245.32.24.3945.32.24.39.vultr.comFarseer22/12/2020verifiedمتوسط
345.32.25.10745.32.25.107.vultr.comFarseer29/08/2021verifiedمتوسط
445.32.44.5245.32.44.52.vultr.comFarseer22/12/2020verifiedمتوسط
5XX.XX.XX.XXxx.xx.xx.xx.xxxxx.xxxXxxxxxx22/12/2020verifiedمتوسط
6XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxxxxxx22/12/2020verifiedمتوسط
7XX.XX.XXX.XXxx.xx.xxx.xx.xxxxx.xxxXxxxxxx29/08/2021verifiedمتوسط
8XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxx.xxxXxxxxxx22/12/2020verifiedمتوسط
9XX.XX.XXX.Xxx.xx.xxx.x.xxxxx.xxxXxxxxxx22/12/2020verifiedمتوسط
10XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxxxxxx22/12/2020verifiedمتوسط
11XX.XXX.XX.XXXxxxxxx.xxxx.xxxxxxxxxxx.xxxXxxxxxx22/12/2020verifiedعالي
12XX.XXX.XXX.XXXXxxxxxx22/12/2020verifiedعالي
13XX.XXX.XXX.XXXXxxxxxx22/12/2020verifiedعالي
14XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxx.xxxXxxxxxx29/08/2021verifiedمتوسط
15XXX.XX.XXX.XXXXxxxxxx22/12/2020verifiedعالي
16XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxxx22/12/2020verifiedمتوسط
17XXX.XXX.XXX.XXXxxxxxx29/08/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22, CWE-36Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictiveعالي
11TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
13TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (87)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/.vnc/sesman_${username}_passwdpredictiveعالي
2File/admin/users.php?source=edit_user&id=1predictiveعالي
3File/forum/away.phppredictiveعالي
4File/icingaweb2/navigation/addpredictiveعالي
5File/phppath/phppredictiveمتوسط
6File/rest/collectors/1.0/template/custompredictiveعالي
7File/start_apply.htmpredictiveعالي
8File/uncpath/predictiveمتوسط
9File/WEB-INF/web.xmlpredictiveعالي
10File/wp-admin/options.phppredictiveعالي
11Filexxxxx_xxxxxxxx.xxxpredictiveعالي
12Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveعالي
13Filexxxxx.xxxpredictiveمتوسط
14Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
15Filexxxxxxxx.xxxpredictiveمتوسط
16Filexxx_xxxxxxx.xxxpredictiveعالي
17Filexxx-xxx/xxxxxx.xxxpredictiveعالي
18Filexxxxxx/xx.xpredictiveمتوسط
19Filex_xxxxxxpredictiveمتوسط
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
21Filexxxxxxxxxx.xpredictiveمتوسط
22Filexxxxx_xxxxxxxxxxxx.xxxpredictiveعالي
23Filexxxx.xxxpredictiveمتوسط
24Filexxxx_xxxxxxx.xxx.xxxpredictiveعالي
25Filexxxx_xxxx.xpredictiveمتوسط
26Filexxxxxxxx.xxxpredictiveمتوسط
27Filexxx/xxxxxx.xxxpredictiveعالي
28Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveعالي
29Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveعالي
30Filexxxxx.xxx?x=xxxxxx&x=xx_xxxxxpredictiveعالي
31Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveعالي
32Filexxx/xxx/xxxxx.xxpredictiveعالي
33Filexxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
34Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveعالي
35Filexxxxx.xxxxpredictiveمتوسط
36Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveعالي
37Filexxxxxxxxxxx-xxxx.xxpredictiveعالي
38Filexxxxx/xxxxxxx.xpredictiveعالي
39Filexxxxx.xxxpredictiveمتوسط
40Filexxxxxx.xpredictiveمتوسط
41Filexxxxxxxx_xxxxxx.xxxpredictiveعالي
42Filexxxxxxxxxxx.xxpredictiveعالي
43Filexxxxx.xxxpredictiveمتوسط
44Filexxxxxx_xxxxxx.xxpredictiveعالي
45Filexxxx/xxx/xxx_xxxx.xpredictiveعالي
46Filexxxxxxxxx/xxxxxx.xpredictiveعالي
47Filexxxxxxxx.xxxpredictiveمتوسط
48Filexxxxx.xxxpredictiveمتوسط
49Filexxxx-xxxxxxxx.xxxpredictiveعالي
50Filexxxxxx/xxxxxxxxxxxxpredictiveعالي
51Filexxx.xxxpredictiveواطئ
52Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxxpredictiveعالي
53Filexx-xx-xxxxxx.xxxpredictiveعالي
54Libraryxxx/xxx/xxxxx.xxpredictiveعالي
55Libraryxxx/xxxx.xpredictiveمتوسط
56Argument$_xxxxxx['xxxxx_xxxxxx']predictiveعالي
57Argument${xxx}predictiveواطئ
58Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveعالي
59Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveعالي
60Argumentxxxxxxpredictiveواطئ
61Argumentxxxxxxxxpredictiveمتوسط
62Argumentxxxxxxpredictiveواطئ
63Argumentxxxpredictiveواطئ
64Argumentxxx_xxxxpredictiveمتوسط
65Argumentxxxx/xxxxpredictiveمتوسط
66Argumentxx_xxxxxpredictiveمتوسط
67Argumentxxxxpredictiveواطئ
68Argumentxxxxxpredictiveواطئ
69Argumentxxpredictiveواطئ
70Argumentxxxxxxxxpredictiveمتوسط
71Argumentxxxxxx_xxxxxpredictiveمتوسط
72Argumentxxxxpredictiveواطئ
73Argumentxxxxx_xxpredictiveمتوسط
74Argumentxxxxxxxxpredictiveمتوسط
75Argumentxxxx_xxxxpredictiveمتوسط
76Argumentxxxx_xxpredictiveواطئ
77Argumentxxxxxx_xxxxxxxx_xxpredictiveعالي
78Argumentxxxpredictiveواطئ
79Argumentxxxxxxxxpredictiveمتوسط
80Argumentxxxpredictiveواطئ
81Argumentxxxx-xxxxxpredictiveمتوسط
82Argumentxxxxxxxxpredictiveمتوسط
83Input Value-xpredictiveواطئ
84Input Value.%xx.../.%xx.../predictiveعالي
85Input Value..%xxpredictiveواطئ
86Network Portxxx/xx (xxxxxx)predictiveعالي
87Network Portxxx/xx (xxx xxxxxxxx)predictiveعالي

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!