Fileless تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (349)

التسلسل الزمني

اللغة

en346
es2
zh2

البلد

is312
us4
es2

الفاعلين

Fileless3
BianLian1
Cobalt Strike1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined104
Operating System50
Banking Software24
WordPress Plugin16
Chip Software14

المجهز

Microsoft62
Not Defined62
Oracle30
D-Link16
Qualcomm14

منتج

Microsoft Windows46
D-Link DCS-113016
Qualcomm Snapdragon Auto14
Qualcomm Snapdragon Consumer IOT14
Qualcomm Snapdragon Industrial IOT14

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1UNCTAD ASYCUDA World Java RMI Server تشفير ضعيف8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00361CVE-2020-9761
2Microsoft Windows Hyper-V Network Switch تجاوز الصلاحيات5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-0714
3Microsoft Windows Hyper-V Network Switch تجاوز الصلاحيات5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-0715
4Microsoft Windows DHCP Server تلف الذاكرة9.89.4$100k أو أكثر$5k-$25kNot DefinedOfficial Fix0.000.06082CVE-2019-1213
5Microsoft Windows Bluetooth تشفير ضعيف8.07.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.00105CVE-2019-9506
6Microsoft Windows تلف الذاكرة5.85.6$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.00203CVE-2019-0716
7Microsoft Windows Hyper-V Network Switch تجاوز الصلاحيات5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-0717
8Microsoft Edge الكشف عن المعلومات5.04.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.02481CVE-2019-1030
9Microsoft Windows Hyper-V Network Switch تجاوز الصلاحيات5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-0723
10Microsoft Windows Hyper-V Network Switch تجاوز الصلاحيات5.95.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.00043CVE-2019-0718
11JetBrains YouTrack Plugin Template تجاوز الصلاحيات8.58.4$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00770CVE-2019-10100
12Joomla CMS LDAP Authentication Password تجاوز الصلاحيات7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01039CVE-2017-14596
13Microsoft Windows JET Database Engine تلف الذاكرة7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01384CVE-2019-1146
14Microsoft Windows JET Database Engine تلف الذاكرة7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01384CVE-2019-1147
15Microsoft Windows Graphics Component الكشف عن المعلومات4.84.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-1148
16Microsoft Windows Graphics Component الكشف عن المعلومات4.84.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-1153
17Microsoft Windows Graphics Component الكشف عن المعلومات4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00049CVE-2019-1154
18Microsoft Windows JET Database Engine تلف الذاكرة7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01384CVE-2019-1156
19Microsoft Windows JET Database Engine تلف الذاكرة7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01384CVE-2019-1155
20Microsoft Windows JET Database Engine تلف الذاكرة7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01384CVE-2019-1157

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
193.95.228.97timestechnologies.orgFileless30/07/2022verifiedعالي
2162.0.224.144people-role.quarantine-pnap-vlan51.web-hosting.comFileless30/07/2022verifiedعالي
3XXX.XX.XXX.Xxx-xxxxx.xxxxxx.xxxXxxxxxxx30/07/2022verifiedعالي
4XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx30/07/2022verifiedعالي
5XXX.XXX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxxx30/07/2022verifiedعالي
6XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx30/07/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4T1059.007CWE-79Cross Site Scriptingpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
11TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictiveعالي
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
13TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictiveعالي
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
17TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
18TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (64)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/acms/classes/Master.php?f=delete_cargopredictiveعالي
2File/domains/listpredictiveعالي
3File/sbinpredictiveواطئ
4File/sbin/orthruspredictiveعالي
5File/sbin/rtspdpredictiveمتوسط
6File/var/www/video/mp4tspredictiveعالي
7Fileadmin/listMailConfigurationpredictiveعالي
8Fileapply.cgipredictiveمتوسط
9Filexxxxxx/xxx.xpredictiveمتوسط
10Filexxxxxx/xx.xpredictiveمتوسط
11Filexxxxxx/xxxx.xpredictiveعالي
12Filexxxxxxxx_xxxxxx.xxxpredictiveعالي
13Filexxxxxx/xxxx_xxxxxxxx.xxxpredictiveعالي
14Filexxxxx_xxxxx.xxx_xxxpredictiveعالي
15Filexxxx_xxxxxxx.xxxpredictiveعالي
16Filexxxxx.xpredictiveواطئ
17Filexxxxxxx.xxxxpredictiveمتوسط
18Filexxxx_xxx.xpredictiveمتوسط
19Filexxxx/xxxxxxxxxx.xxpredictiveعالي
20Filexxxxxxx/xxx.xxxpredictiveعالي
21Filexxxx.xxxpredictiveمتوسط
22Filexxxxx.xxxpredictiveمتوسط
23Filexx/xxxxxx.xxxxxxxxxxx.xxpredictiveعالي
24Filexxxxxxxxxxxx.xxpredictiveعالي
25Filexxxxx.xxxpredictiveمتوسط
26Filexx-xxxxx/xxxx-xxxx.xxxpredictiveعالي
27Filexxxxxxxxx.xxxpredictiveعالي
28Filexxxxxxxxxx.xxpredictiveعالي
29Filexxx_xxx.xxx?xxx=xxx.xxx.x.x&xxxx=xx&xxxx=xxxpredictiveعالي
30Filexxx/xxx/xxx/xxxxxxx/xxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
31Filexxxxxxxx.xxxpredictiveمتوسط
32Filexxxxx_xxxxx.xxxpredictiveعالي
33Filexxxxxx.xxxpredictiveمتوسط
34Filexxxxxxxxxxxxx.xxxpredictiveعالي
35Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxpredictiveعالي
36Filexxxxx-xx.xxxpredictiveمتوسط
37Libraryxxxxxx.xxxpredictiveمتوسط
38Libraryxxxxxxxxxxx.xxxpredictiveعالي
39Libraryxxxx.xxxpredictiveمتوسط
40Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
41Libraryxxxxxx.xxxpredictiveمتوسط
42Libraryxxxxx.xxxpredictiveمتوسط
43Libraryxxxxxxx.xxxpredictiveمتوسط
44Libraryxxxx.xxxpredictiveمتوسط
45Libraryxxxxxxxxxxxxxx.xxxpredictiveعالي
46Libraryxxxxxxxx.xxxpredictiveمتوسط
47Libraryxxxxxx.xxxpredictiveمتوسط
48Libraryxxxxxxx.xxxpredictiveمتوسط
49Argument-xpredictiveواطئ
50Argumentxxxxpredictiveواطئ
51Argumentxxxxxxxxpredictiveمتوسط
52Argumentxxxx-xxxx-xxxxxxxxpredictiveعالي
53Argumentxx_xxxxxxpredictiveمتوسط
54Argumentxxxxxxxxxxxxxxxxpredictiveعالي
55Argumentxxxxxxxpredictiveواطئ
56Argumentxxxpredictiveواطئ
57Argumentxxxxxxxxxxxxxxpredictiveعالي
58Argumentxxx_xxxxpredictiveمتوسط
59Argumentxxxxxxxxxxpredictiveمتوسط
60Argumentxxxpredictiveواطئ
61Argumentxxxxxxxxxxxxxxxpredictiveعالي
62Network Portxxx/xx (xxx)predictiveمتوسط
63Network Portxxx/xxxxxpredictiveمتوسط
64Network Portxxx/xxxxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!