India Police تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (192)

التسلسل الزمني

اللغة

en164
es14
zh10
de2
fr2

البلد

us94
cn40
ag8
gb6
id6

الفاعلين

India Police9
Cobalt Strike3
Mirai2
PrivateLoader2
Charming Kitten1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined74
Content Management System16
Operating System12
Application Server Software6
Firewall Software6

المجهز

Not Defined54
Microsoft14
Oracle6
D-Link4
Fonality4

منتج

Microsoft Windows12
WordPress8
Oracle GlassFish Server4
Bitrix244
Fonality Trixbox4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Microsoft IIS IP/Domain Restriction تجاوز الصلاحيات6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.070.00817CVE-2014-4078
2Adiscon LogAnalyzer Login Button Referer Field login.php سكربتات مشتركة5.24.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00241CVE-2018-19877
3Apple iOS IOMobileFramebuffer تلف الذاكرة8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00167CVE-2016-4654
4Sunny WebBox طلب تزوير مشترك7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.010.00150CVE-2019-13529
5Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00668CVE-2022-27228
6WordPress Password Reset wp-login.php mail تجاوز الصلاحيات6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.02827CVE-2017-8295
7Jalios JCMS ajaxPortal.jsp سكربتات مشتركة5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00128CVE-2020-15497
8XiongMai uc-httpd تلف الذاكرة8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.02201CVE-2018-10088
9Websense Forcepoint User ID Service Port 5001 تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.14481CVE-2019-6139
10F5 BIG-IP Configuration Utility اجتياز الدليل4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.03343CVE-2015-4040
11WordPress WP_Query class-wp-query.php حقن إس كيو إل8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611
12Microsoft Windows Remote Desktop Service تجاوز الصلاحيات10.09.0$100k أو أكثر$0-$5kHighOfficial Fix0.070.78895CVE-2012-0002
13Kentico CMS تجاوز الصلاحيات6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.030.00495CVE-2018-7046
14Drei 3Kundenzone X.509 Certificate تشفير ضعيف6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00049CVE-2014-5828
15vsftpd deny_file ثغرات غير معروفة3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00312CVE-2015-1419
16D-Link DCS-936L info.cgi الكشف عن المعلومات6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00621CVE-2018-18441
17SMA Solar Sunny WebBox توثيق ضعيف7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00568CVE-2015-3964
18Microsoft Windows HTML Remote Code Execution5.85.7$25k-$100k$25k-$100kFunctionalOfficial Fix0.020.52458CVE-2023-36884
19Maxprint Maxlink 1200G Diagnostic Tool تجاوز الصلاحيات7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00088CVE-2023-36143
20Google Android BitmapExport.java Privilege Escalation5.55.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.00043CVE-2023-21036

حملات (1)

These are the campaigns that can be associated with the actor:

  • Spyware

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
15.1.82.1065-1-82-106.static.creoline.netIndia PoliceSpyware28/06/2022verifiedعالي
28.5.1.33India PoliceSpyware28/06/2022verifiedعالي
38.5.1.49India PoliceSpyware28/06/2022verifiedعالي
434.246.254.156ec2-34-246-254-156.eu-west-1.compute.amazonaws.comIndia PoliceSpyware28/06/2022verifiedمتوسط
536.86.63.182India PoliceSpyware28/06/2022verifiedعالي
652.4.209.250ec2-52-4-209-250.compute-1.amazonaws.comIndia PoliceSpyware28/06/2022verifiedمتوسط
754.210.47.225ec2-54-210-47-225.compute-1.amazonaws.comIndia PoliceSpyware28/06/2022verifiedمتوسط
864.15.205.100India PoliceSpyware28/06/2022verifiedعالي
964.15.205.101India PoliceSpyware28/06/2022verifiedعالي
10XX.XXX.XXX.XXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
11XX.XXX.XXX.XXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
12XX.XX.XXX.XXXxxxx.xxxxxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
13XX.X.XXX.XXXxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
14XX.XXX.XX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
15XX.XXX.XXX.XXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
16XXX.XXX.XXX.XXXxxx-x.xxxxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
17XXX.XXX.XXX.XXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
18XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
19XXX.X.XXX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
20XXX.X.XXX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
21XXX.XXX.XX.XXXxxx-xxxxx.xxxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
22XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedمتوسط
23XXX.XX.XXX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
24XXX.XXX.XX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
25XXX.XX.XXX.XXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
26XXX.XX.XXX.XXXxxx.xxxxxxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
27XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxx-xxxxx.xxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
28XXX.XXX.XX.XXxxxxxxxxx.xxxxxxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
29XXX.XXX.XX.XXxxxxxxxxx.xxxxxxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
30XXX.XXX.XXX.XXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
31XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
32XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
33XXX.XXX.XXX.XXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
34XXX.XX.XXX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
35XXX.XX.XXX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
36XXX.XX.XXX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
37XXX.XX.XXX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
38XXX.XXX.XX.XXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
39XXX.XX.XX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
40XXX.XX.XX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
41XXX.XX.XXX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
42XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
43XXX.XXX.XXX.XXXXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي
44XXX.XX.XX.XXXxxx.xxxxx.xxxXxxxx XxxxxxXxxxxxx28/06/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-88, CWE-94Argument Injectionpredictiveعالي
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
11TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
12TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
13TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (101)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File%PROGRAMDATA%\Razer Chroma\SDK\Appspredictiveعالي
2File.htaccesspredictiveمتوسط
3File/cgi-bin/webviewer_login_pagepredictiveعالي
4File/common/info.cgipredictiveعالي
5File/mgmt/tm/util/bashpredictiveعالي
6File/recordings/index.phppredictiveعالي
7File/uncpath/predictiveمتوسط
8File/websshpredictiveواطئ
9Fileadd_vhost.phppredictiveعالي
10Fileadmin-ajax.phppredictiveعالي
11Fileand/orpredictiveواطئ
12Filexxxxx/xxxxxxx/xxxxxxxxxxxxxpredictiveعالي
13Filexxxxxxxxxxxx.xxxxpredictiveعالي
14Filexxxxxxxx.xxxpredictiveمتوسط
15Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveعالي
16Filexxxxx/xxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
17Filexxxxx.xxxxxxxxx.xxxpredictiveعالي
18Filexxxxxx/xxxxx.xpredictiveعالي
19Filexxxx/xxxxxxxxxxxxxx.xxxpredictiveعالي
20Filexxxxxxxxxxxxx.xxxxpredictiveعالي
21Filexxx/xxxx/xxxx.xpredictiveعالي
22Filexxxxxxxxxxxx.xxxpredictiveعالي
23Filexxxxxxxx_xxxpredictiveمتوسط
24Filexxxxxxxxx/xxxx-xxxxxxx-xxx.xxxpredictiveعالي
25Filexxxxx.xxxpredictiveمتوسط
26Filexxxx_xxxx.xpredictiveمتوسط
27Filexxxxx.xxxpredictiveمتوسط
28Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveعالي
29Filexxxx.xxxpredictiveمتوسط
30Filexxxx_xxxx.xxxpredictiveعالي
31Filexxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveعالي
32Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveعالي
33Filexxxxx.xxxpredictiveمتوسط
34Filexxxxxxx/predictiveمتوسط
35Filexxxxxxxx.xpredictiveمتوسط
36Filexxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxx.xxxx_xxxxxx.xxx/xxxx_xxxxxx.xxxpredictiveعالي
37Filexxxxxxx\xxxxxxxxx\xxxxxxx.xxxpredictiveعالي
38Filexxx/xxxxxxxxx/xxxxxxxxx_xxxxx.xpredictiveعالي
39Filexxxx.xxxpredictiveمتوسط
40Filexxxx_xxx_xxxxxxx.xpredictiveعالي
41Filexxxxxxxxxx.xxx.xxxpredictiveعالي
42Filexxxxxxx.xxxpredictiveمتوسط
43Filexxxxx_xxx.xxxpredictiveعالي
44Filexxx.xpredictiveواطئ
45Filexxxxxxxx.xxxpredictiveمتوسط
46Filexxxxxxxx.xxpredictiveمتوسط
47Filexxxxxx.xxxxpredictiveمتوسط
48Filexxxxxx_xxxxxxx.xxxpredictiveعالي
49Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveعالي
50Filexxx%xxxxx-xxxxxxxxxxxxx+xxxxxxx/xxxxxxx+xxxxx+xxxx/predictiveعالي
51Filexxxxx/xxxxxx.xpredictiveعالي
52Filexxxx.xpredictiveواطئ
53Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveعالي
54Filexxxxxxxx.xxxpredictiveمتوسط
55Filexxxxx/xxxxxxxxpredictiveعالي
56Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
57Filexx-xxxxx.xxxpredictiveمتوسط
58Filexx/xx/xxxxxpredictiveمتوسط
59Filexxxxxxxxxxxxx.xxpredictiveعالي
60Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictiveعالي
61Libraryxxx/xxxxxxxxx.xxxpredictiveعالي
62Libraryxxxxxxpredictiveواطئ
63Argument--xxxpredictiveواطئ
64Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveعالي
65Argumentxxxxxxpredictiveواطئ
66Argumentxxxxxxpredictiveواطئ
67Argumentxxxxxpredictiveواطئ
68Argumentxxxxxxxxxxpredictiveمتوسط
69Argumentxxx[xxxxxx][xxxxxxxxx]predictiveعالي
70Argumentxxxpredictiveواطئ
71Argumentxxxpredictiveواطئ
72Argumentxxxx_xxpredictiveواطئ
73Argumentxxxxxxpredictiveواطئ
74Argumentxxxxxpredictiveواطئ
75Argumentxxxxxxxxpredictiveمتوسط
76Argumentxxxxxxxxxpredictiveمتوسط
77Argumentxxxxpredictiveواطئ
78Argumentxxpredictiveواطئ
79Argumentxxxxxxpredictiveواطئ
80Argumentxxxxxxxpredictiveواطئ
81Argumentxxxx_xxxxxx_xxpredictiveعالي
82Argumentxxxxxpredictiveواطئ
83Argumentxxxxx_xxxxxxxxpredictiveعالي
84Argumentxxxpredictiveواطئ
85Argumentxxxxxxxxpredictiveمتوسط
86Argumentxxxxxxxxpredictiveمتوسط
87Argumentxxxxxxxxxpredictiveمتوسط
88Argumentxxxpredictiveواطئ
89Argumentxxxxxpredictiveواطئ
90Argumentxxxxpredictiveواطئ
91Argumentxxxxxxpredictiveواطئ
92Argumentxxxxxxxxpredictiveمتوسط
93Argumentxxxxxx_xxxxxxxxpredictiveعالي
94Argument_xxxxxxxpredictiveمتوسط
95Input Value%xxpredictiveواطئ
96Input Value'>[xxx]predictiveواطئ
97Input Valuexxx.xxxx.%xxx.%xxxpredictiveعالي
98Input Value</xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveعالي
99Input Valuexxxxxpredictiveواطئ
100Pattern|xx xx xx xx|predictiveعالي
101Network Portxxx/xxxx (xxx)predictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!