Leviathan تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

اللغة

en	18
it	18

البلد

us	22
ru	6
cn	2

الفاعلين

Leviathan	2
APT28	1
Zeus	1
Qakbot	1
Cobalt Strike	1

الاهتمام

النوع

Not Defined	8
Content Management System	4
Application Server Software	2
Web Server	2
IP Phone Software	2

المجهز

Not Defined	10
Cisco	4
BEA	2
Linksys	2
Netop	2

منتج

Unisoc T610	4
Unisoc T606	4
Unisoc T760	4
BEA WebLogic Mobility Server	2
nginx	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	Drupal حقن إس كيو إل	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00	0.00135	CVE-2008-2999
2	Unisoc S8000 Telephony Service الحرمان من الخدمة	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00042	CVE-2022-48447
3	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 الحرمان من الخدمة	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00172	CVE-2023-20079
4	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 تجاوز الصلاحيات	9.8	9.7	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00	0.00327	CVE-2023-20078
5	iRZ RUH2 Firmware Patch توثيق ضعيف	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00226	CVE-2016-2309
6	Joomla حقن إس كيو إل	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00142	CVE-2022-23797
7	Microsoft Access تلف الذاكرة	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00232	CVE-2020-1582
8	libvirtd API virDomainSaveImageGetXMLDesc تجاوز الصلاحيات	7.3	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00045	CVE-2019-10161
9	nginx تجاوز الصلاحيات	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.07	0.00241	CVE-2020-12440
10	Desiscripts Desi Short URL Script index.php توثيق ضعيف	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00933	CVE-2009-2642
11	Cisco FirePOWER Management Center Web UI تلف الذاكرة	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00107	CVE-2019-12688
12	vsftpd deny_file ثغرات غير معروفة	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00312	CVE-2015-1419
13	phpMyAdmin الكشف عن المعلومات	6.1	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.18290	CVE-2019-6799
14	WallacePOS resetpassword.php سكربتات مشتركة	5.2	5.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00101	CVE-2017-7388
15	Linksys Spa921 الحرمان من الخدمة	7.5	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00	0.01834	CVE-2006-7121
16	Zabbix zabbix_agentd الكشف عن المعلومات	4.0	3.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00042	CVE-2007-6210
17	BEA WebLogic Mobility Server توثيق ضعيف	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.02056	CVE-2007-6384
18	Netop Remote Control Guest Client تلف الذاكرة	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00063	CVE-2017-5216
19	Samsung Mobile Phone Application Installation bad_alloc تجاوز الصلاحيات	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00055	CVE-2017-5217
20	Splunk Header سكربتات مشتركة	4.3	4.3	$0-$5k	$0-$5k	High	Not Defined	0.05	0.00213	CVE-2014-8380

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	Identified	النوع	الثقة
1	54.87.87.13	ec2-54-87-87-13.compute-1.amazonaws.com	Leviathan	23/12/2020	verified	متوسط
2	54.242.66.219	ec2-54-242-66-219.compute-1.amazonaws.com	Leviathan	23/12/2020	verified	متوسط
3	XX.XX.XXX.XXX		Xxxxxxxxx	23/12/2020	verified	عالي
4	XX.XX.XXX.XXX		Xxxxxxxxx	23/12/2020	verified	عالي
5	XX.XX.XXX.XXX		Xxxxxxxxx	23/12/2020	verified	عالي
6	XXX.XXX.XXX.XXX		Xxxxxxxxx	17/12/2020	verified	عالي

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1006	CWE-22	Path Traversal	predictive	عالي
2	T1059	CWE-94	Argument Injection	predictive	عالي
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	عالي
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
8	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	encrypt.c	predictive	متوسط
2	File	ept.c	predictive	واطئ
3	File	xxxxx.xxx	predictive	متوسط
4	File	xxxxx:xxxxxxxxxxx.xx	predictive	عالي
5	File	xxxx-xxx.xxx	predictive	متوسط
6	File	xxxxxxxxxx-xxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxx	predictive	عالي
7	Argument	xxxxxxx	predictive	واطئ
8	Argument	xxxxxxx_xx	predictive	متوسط
9	Argument	xxx	predictive	واطئ
10	Argument	xxxxx	predictive	واطئ
11	Input Value	xxxxxx/**/xxxx.	predictive	عالي
12	Input Value	xxxxxxxxxx:xxxxxx("xxx xx xxxxxxxxxxx");	predictive	عالي

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!