NDSW تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (72)

التسلسل الزمني

اللغة

en52
ru8
de6
it4
zh2

البلد

ru58
us10
fr2

الفاعلين

NDSW3
Locky2
Emotet (Trickbot + Zeus Panda)1
Hancitor (HelloFax Theme)1
YKCOL (Locky Variant)1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined18
Forum Software6
WordPress Plugin4
Programming Language Software2
Operating System2

المجهز

Not Defined20
Microsoft4
Phplinkdirectory2
212cafe2
Huawei2

منتج

Add Comments Plugin2
GetSimpleCMS2
Phplinkdirectory PHP Link Directory2
Microsoft Windows2
212cafe 212cafeboard2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1PHP Link Directory Administration Page index.html سكربتات مشتركة4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.580.00374CVE-2007-0529
2LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.950.00000
3Esoftpro Online Guestbook Pro ogp_show.php حقن إس كيو إل7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.210.00108CVE-2009-4935
4phpMyAdmin phpinfo.php الكشف عن المعلومات5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00142CVE-2016-9848
5DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.640.00943CVE-2010-0966
6Flat PHP Board اجتياز الدليل3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00000
7Simple PHP Guestbook guestbook.php سكربتات مشتركة3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
8212cafe 212cafeboard view.php حقن إس كيو إل7.37.1$0-$5kجاري الحسابHighUnavailable0.080.00064CVE-2008-4713
9Microsoft Office Object Remote Code Execution7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.97339CVE-2017-8570
10Lars Ellingsen Guestserver guestbook.cgi سكربتات مشتركة4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.070.00169CVE-2005-4222
11Huawei SmartCare Dashboard Stored سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00065CVE-2017-15312
12Flat PHP Board اجتياز الدليل3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00000
13MGB OpenSource Guestbook email.php حقن إس كيو إل7.37.3$0-$5k$0-$5kHighUnavailable0.940.01302CVE-2007-0354
14Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
15jforum User تجاوز الصلاحيات5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00289CVE-2019-7550
16Cannot PHP infoBoard تجاوز الصلاحيات7.36.9$0-$5kجاري الحسابProof-of-ConceptNot Defined0.000.01049CVE-2008-4334
17Phplinkdirectory PHP Link Directory conf_users_edit.php طلب تزوير مشترك6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00526CVE-2011-0643
18Add Comments Plugin Setting سكربتات مشتركة3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00056CVE-2022-3909
19AlilG AliBoard File Upload usercp.php تجاوز الصلاحيات6.36.1$0-$5k$0-$5kHighUnavailable0.000.00529CVE-2008-7029
20GetSimpleCMS index.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.050.00123CVE-2019-9915

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
1109.234.35.249v1020533.hosted-by-vdsina.ruNDSW29/07/2022verifiedعالي
2XXX.XX.XXX.XXXxxx29/07/2022verifiedعالي
3XXX.XXX.XXX.XXXxxxx.xxXxxx29/07/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059CWE-94Argument Injectionpredictiveعالي
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
7TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (39)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/forum/away.phppredictiveعالي
2Fileadmin/conf_users_edit.phppredictiveعالي
3Fileadmin/index.phppredictiveعالي
4Fileblog.phppredictiveمتوسط
5Filecomments/feedpredictiveعالي
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
7Filexxxxxxxx.xxxpredictiveمتوسط
8Filexxx/xxx/xxxxxpredictiveعالي
9Filexxxxx.xxxpredictiveمتوسط
10Filexxxxx.xxxpredictiveمتوسط
11Filexxxxxxxxx.xxxpredictiveعالي
12Filexxxxxxxxx.xxxpredictiveعالي
13Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
14Filexxx/xxxxxx.xxxpredictiveعالي
15Filexxxxx.xxxxpredictiveمتوسط
16Filexxxxxxxx.xxxpredictiveمتوسط
17Filexxxx.xxxpredictiveمتوسط
18Filexxx_xxxx.xxxpredictiveمتوسط
19Filexxxxxxx.xxxpredictiveمتوسط
20Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveعالي
21Filexxx.xpredictiveواطئ
22Filexxxxxx.xxxpredictiveمتوسط
23Filexxxx.xxxpredictiveمتوسط
24Filexxxxxx.xxxpredictiveمتوسط
25Argumentxxxxxxpredictiveواطئ
26Argumentxxxxxxxxpredictiveمتوسط
27Argumentxxxpredictiveواطئ
28Argumentxxxxxxxxxxxpredictiveمتوسط
29Argumentxxxxxxxpredictiveواطئ
30Argumentxxpredictiveواطئ
31Argumentxxxxpredictiveواطئ
32Argumentxxxpredictiveواطئ
33Argumentxxxxxxxxpredictiveمتوسط
34Argumentxxxxxxxxpredictiveمتوسط
35Argumentxxxxxxxxpredictiveمتوسط
36Argumentxxxxxxpredictiveواطئ
37Argumentxxxxpredictiveواطئ
38Argumentxxxxxpredictiveواطئ
39Argumentxxxxxxxxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!