MsAttacker تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (12)

اللغة

en	12

البلد

us	6
cn	6

الفاعلين

MsAttacker	2
MyKings	1
APT41	1

الاهتمام

النوع

Not Defined	6
Operating System	2
Forum Software	2
Application Server Software	2

المجهز

Not Defined	4
Webwizguide	2
guzzlehttp	2
Oracle	2
DZCP	2

منتج

FreeBSD	2
Webwizguide Web Wiz Forums	2
CodeIgniter	2
guzzlehttp psr7	2
Oracle WebLogic Server	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	PHP Scripts Mall hotel-booking-script سكربتات مشتركة	4.4	4.4	$0-$5k	جاري الحساب	Not Defined	Not Defined	0.00	0.00058	CVE-2018-15190
2	guzzlehttp psr7 Header Parser تجاوز الصلاحيات	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00095	CVE-2022-24775
3	DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.67	0.00943	CVE-2010-0966
4	Webwizguide Web Wiz Forums Filters functions_filters.asp formatSQLInput حقن إس كيو إل	7.3	6.6	$0-$5k	جاري الحساب	Proof-of-Concept	Official Fix	0.04	0.00369	CVE-2007-1548
5	Orange Livebox Service Port 8080 get_getnetworkconf.cgi تجاوز الصلاحيات	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00	0.02105	CVE-2018-20377
6	FreeBSD sendmsg(2) تجاوز الصلاحيات	7.8	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00070	CVE-2016-1887
7	FreeBSD portsnap تجاوز الصلاحيات	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.00000
8	FreeBSD setgroups Syscall تجاوز الصلاحيات	7.8	7.3	$5k-$25k	جاري الحساب	Unproven	Official Fix	0.02	0.00042	CVE-2016-1881
9	FineCMS Redirector Weixin.php	6.2	6.2	$0-$5k	جاري الحساب	Not Defined	Not Defined	0.07	0.00121	CVE-2017-11586
10	Oracle WebLogic Server ثغرات غير معروفة	5.3	4.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.02	0.01156	CVE-2014-4241
11	CodeIgniter Sendmail Email.php تجاوز الصلاحيات	8.5	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.04920	CVE-2016-10131

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	ممثل	Identified	النوع	الثقة
1	23.27.127.200	MsAttacker	24/12/2020	verified	عالي
2	XXX.XX.XXX.X	Xxxxxxxxxx	24/12/2020	verified	عالي
3	XXX.XX.XXX.XX	Xxxxxxxxxx	24/12/2020	verified	عالي
4	XXX.XX.XXX.XXX	Xxxxxxxxxx	24/12/2020	verified	عالي

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	عالي
2	T1059	CWE-94	Argument Injection	predictive	عالي
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	عالي
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/get_getnetworkconf.cgi	predictive	عالي
2	File	controllers/Weixin.php	predictive	عالي
3	File	xxxxxxxxx/xxxxxxxxx_xxxxxxx.xxx	predictive	عالي
4	File	xxx/xxxxxx.xxx	predictive	عالي
5	Library	xxxxxx/xxxxxxxxx/xxxxx.xxx	predictive	عالي
6	Argument	xxxxxxxx	predictive	متوسط
7	Argument	xxxxx->xxxx	predictive	متوسط
8	Argument	xxxxx xxxx/xxxx xxxx/xxxxxxx xxxxx	predictive	عالي
9	Argument	xxxx	predictive	واطئ
10	Argument	xxx	predictive	واطئ
11	Network Port	xxx/xxxx	predictive	متوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Interested in the pricing of exploits?

See the underground prices here!