NetWalker تحليل

IOB - Indicator of Behavior (339)

التسلسل الزمني

اللغة

en234
fr68
de10
ru8
it8

البلد

us202
fr72
ru20
ch6
co4

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Linux Kernel12
Microsoft IIS12
Microsoft Windows10
BigTree CMS6
Apache HTTP Server6

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Microsoft Windows توثيق ضعيف6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.02397CVE-2004-0540
2SourceCodester Library Management System index.php حقن إس كيو إل7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00114CVE-2022-2492
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
4Tiki Wiki CMS Groupware tiki-edit_wiki_section.php سكربتات مشتركة5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.090.00110CVE-2010-4240
5Tiki TikiWiki tiki-editpage.php تجاوز الصلاحيات7.36.6$0-$5kجاري الحسابProof-of-ConceptOfficial Fix0.050.01194CVE-2004-1386
6Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
7Apple M1 Register s3_5_c15_c10_1 M1RACLES تجاوز الصلاحيات8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00000CVE-2021-30747
8Microsoft SQL Server Remote Code Execution7.37.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00186CVE-2023-23384
9WordPress admin-ajax.php حقن إس كيو إل7.37.3$25k-$100kجاري الحسابHighOfficial Fix0.020.05147CVE-2007-2821
10phpMyAdmin grab_globals.lib.php اجتياز الدليل4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.070.02334CVE-2005-3299
11Francisco Burzi PHP-Nuke Downloads Module viewsdownload حقن إس كيو إل5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00187CVE-2005-0996
12Apple macOS WebKit تلف الذاكرة6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00218CVE-2021-1844
13Laravel Framework Illuminate PendingCommand.php __destruct تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.01269CVE-2019-9081
14Ecommerce Online Store Kit shop.php حقن إس كيو إل9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300
15freeciv تجاوز الصلاحيات9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00412CVE-2010-2445
16Samba smb.conf samrchangepassword تجاوز الصلاحيات6.36.0$0-$5k$0-$5kHighOfficial Fix0.070.75074CVE-2007-2447
17BestXsoftware Best Free Keylogger syscrb.exe تجاوز الصلاحيات6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00060CVE-2018-18519
18Trapeze TransitMaster GetSubscriber الكشف عن المعلومات6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00168CVE-2017-14943
19Jenkins workspaceCleanup تجاوز الصلاحيات5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00254CVE-2017-2611
20WordPress WP_Query class-wp-query.php حقن إس كيو إل8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
193.179.69.154NetWalker26/04/2022verifiedعالي
2141.98.81.191NetWalker26/04/2022verifiedعالي
3XXX.XXX.XXX.XXXxxxxxxxx26/04/2022verifiedعالي
4XXX.XXX.XXX.XXXxxxxxxxx26/04/2022verifiedعالي
5XXX.XXX.XX.XXXxxxxxxxx26/04/2022verifiedعالي
6XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xx.xxx.xx.xxxXxxxxxxxx26/04/2022verifiedعالي
7XXX.XXX.XXX.XXXXxxxxxxxx26/04/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
8TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
10TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxxpredictiveعالي
11TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
16TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (187)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/+CSCOE+/logon.htmlpredictiveعالي
2File/admin/ajax/file-browser/upload/predictiveعالي
3File/admin/api/theme-edit/predictiveعالي
4File/apply_noauth.cgipredictiveعالي
5File/cgi-bin/wapopenpredictiveعالي
6File/cgi-bin/wlogin.cgipredictiveعالي
7File/config.cgi?webminpredictiveعالي
8File/core/feeds/custom.phppredictiveعالي
9File/home/masterConsolepredictiveعالي
10File/index.phppredictiveمتوسط
11File/lib/predictiveواطئ
12File/manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1predictiveعالي
13File/phppath/phppredictiveمتوسط
14File/public/login.htmpredictiveعالي
15File/public_main_modul.phppredictiveعالي
16File/rom-0predictiveواطئ
17File/uncpath/predictiveمتوسط
18File/usr/bin/pkexecpredictiveعالي
19File/var/run/beaker/container_file/predictiveعالي
20File/wireless/basic.asppredictiveعالي
21File/wireless/guestnetwork.asppredictiveعالي
22File/wordpress/wp-admin/options-general.phppredictiveعالي
23File/xxxxxxxxxxxxxxxxpredictiveعالي
24Filex.x.x\xxxxxx.xxxpredictiveعالي
25Filexxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxxpredictiveعالي
26Filexxxx/xxxpredictiveمتوسط
27Filexxxxxxxxxx_xxxxxxxxxx.xxxpredictiveعالي
28Filexxxxxxx.xxxpredictiveمتوسط
29Filexxxxx-xxxx.xxxpredictiveعالي
30Filexxxxx/xxx_xxxxxxx.xxxpredictiveعالي
31Filexxxxx/xxxxxxx_xxxxxx.xxxpredictiveعالي
32Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveعالي
33Filexxxxxx.xxxpredictiveمتوسط
34Filexxxx.xxxpredictiveمتوسط
35Filexxxxx-xxx.xpredictiveمتوسط
36Filexxxxxxx.xxpredictiveمتوسط
37Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
38Filexxx/xxxxxxx.xxpredictiveعالي
39Filexxxxx.xx_xxxxxxxxx.xxxpredictiveعالي
40Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveعالي
41Filexxxx/xxxxx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveعالي
42Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
43Filexxxxx.xxxpredictiveمتوسط
44Filexxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictiveعالي
45Filexxxxxxxx.xxxpredictiveمتوسط
46Filexxx_xxxx.xpredictiveمتوسط
47Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveعالي
48Filexx/xxxxx/xxxxxxx.xpredictiveعالي
49Filexxx_xxxx.xxxpredictiveمتوسط
50Filexx_xxxxxxx.xpredictiveمتوسط
51Filexxxx_xxxxxxx.xxx.xxxpredictiveعالي
52Filexxx/xxxxxx/xxxxxxx.xpredictiveعالي
53Filexx_xxxxxxx.xpredictiveمتوسط
54Filexxxxx_xxxxxx.xxxpredictiveعالي
55Filexxx/xxxxxx.xxxpredictiveعالي
56Filexxxxxxx.xxxpredictiveمتوسط
57Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveعالي
58Filexxxxxxxx/xxxxx/xxxxx/xxxx-xxxxxxx-xxxxxxxxx-xxxxxxx-xxxxx.xxxpredictiveعالي
59Filexxxxx.xxpredictiveمتوسط
60Filexxxxx.xxxpredictiveمتوسط
61Filexxxxx.xxxpredictiveمتوسط
62Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveعالي
63Filexxxxxxxxxxxx.xxxpredictiveعالي
64Filexxxx_xxxx.xxxpredictiveعالي
65Filex_xxxxxx.xxxpredictiveمتوسط
66Filexxxxxx/xxxxxx.xpredictiveعالي
67Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveعالي
68Filexxxxx.xxxpredictiveمتوسط
69Filexxx_xxxxx_xxx.xxxpredictiveعالي
70Filexxxxxxxxxxxxxxxx.xxxx/xxxxxxxxxxxxxpredictiveعالي
71Filexxxxxx/xxxxxx_xxxx.xxxpredictiveعالي
72Filexxxxxxxx.xxpredictiveمتوسط
73Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
74Filexxx_xxxxx_xxxx.xpredictiveعالي
75Filexxx.xpredictiveواطئ
76Filexxxxxxxxxxxxxx.xxxpredictiveعالي
77Filexxxxxxx.xxxpredictiveمتوسط
78Filexxxxxxxxxxxxxx.xxxpredictiveعالي
79Filexxxxxxx.xxxpredictiveمتوسط
80Filexxxxxxxxxx.xxxpredictiveعالي
81Filexxxxx.xxxxpredictiveمتوسط
82Filexxxxxxxx.xxxpredictiveمتوسط
83Filexxxxxxxx.xxxpredictiveمتوسط
84Filexxxxxxxx.xxxpredictiveمتوسط
85Filexxxxxx_xxxxxx.xxxpredictiveعالي
86Filexxxxxx.xxxxpredictiveمتوسط
87Filexxxxxx_xxxx.xxxpredictiveعالي
88Filexxxx.xxxpredictiveمتوسط
89Filexxxx/xxxxx.xxx/xxxxx/xxxxx/xxxxxxpredictiveعالي
90Filexxx.xxxxpredictiveمتوسط
91Filexxx/xxxxxxx/xxxxxxx/xxxxxxxxx.xxpredictiveعالي
92Filexxx/xxxxx.xxpredictiveمتوسط
93Filexxxxxxx-xxxxxxxx.xxxpredictiveعالي
94Filexxxxxxx.xxxpredictiveمتوسط
95Filexxx/xxxxx/xxxxxx.xxx?xxxxxxx=xxxxxxxpredictiveعالي
96Filexxxx-xxxxxxxx.xxxpredictiveعالي
97Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveعالي
98Filexxx-xxxxxxx.xpredictiveعالي
99Filexx_xxxxx.xxxxpredictiveعالي
100Filexxxxxx.xxxpredictiveمتوسط
101Filexxxx.xxxxpredictiveمتوسط
102Filexxxxx.xxxxxx.xxxxxxx.xxxpredictiveعالي
103Filexxxxxxxx.xxxpredictiveمتوسط
104Filexxxxxxxxxx/xxx/xxx_xxxxx.xxxpredictiveعالي
105Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxx_xxxxxx_xxxxxxpredictiveعالي
106Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
107Filexxxxxxx/xxxxxx/xxxxx.xxxpredictiveعالي
108Filexxxx.xxpredictiveواطئ
109Filexxxx/xxx.xpredictiveمتوسط
110Library/xxx/xxx/xxxpredictiveمتوسط
111Libraryxxxxxxx.xxxpredictiveمتوسط
112Libraryxxxxxxxx.xxxpredictiveمتوسط
113Argument$xxxx["xx"]predictiveمتوسط
114Argument$_xxxxxx['xxx_xxxx']predictiveعالي
115Argument-xpredictiveواطئ
116Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictiveعالي
117Argumentxx/xxpredictiveواطئ
118Argumentxxxxxxxpredictiveواطئ
119Argumentxxx_xxxxpredictiveمتوسط
120Argumentxxxxxxxxpredictiveمتوسط
121Argumentxxxxpredictiveواطئ
122Argumentxxxxx_xxpredictiveمتوسط
123Argumentxxxpredictiveواطئ
124Argumentxxxxxxxxxxxxxxxpredictiveعالي
125Argumentxxxxxpredictiveواطئ
126Argumentxxxxxxx_xxxpredictiveمتوسط
127Argumentxxxx_xxpredictiveواطئ
128Argumentxxxxxxxpredictiveواطئ
129Argumentxxxx_xxxxxpredictiveمتوسط
130Argumentxxxxxxpredictiveواطئ
131Argumentxxxxxxpredictiveواطئ
132Argumentxxxx/xxxxpredictiveمتوسط
133Argumentxxxxpredictiveواطئ
134Argumentxxxxxx_xxx_xxpredictiveعالي
135Argumentxxxxxxxx_xxpredictiveمتوسط
136Argumentxxxxx_xxpredictiveمتوسط
137Argumentxxxxxxpredictiveواطئ
138Argumentxxxxxpredictiveواطئ
139Argumentxxxxxxxxxxpredictiveمتوسط
140Argumentxxx_xxxxx_xxpredictiveمتوسط
141Argumentxxxxxxx[xx_xxx_xxxx]predictiveعالي
142Argumentxxxxxxxxpredictiveمتوسط
143Argumentxxxxpredictiveواطئ
144Argumentxxxxxxx/xxxxxxxxxxxpredictiveعالي
145Argumentxxxxpredictiveواطئ
146Argumentxxpredictiveواطئ
147Argumentxxx/xxxxpredictiveمتوسط
148Argumentxxxxpredictiveواطئ
149Argumentxxxxpredictiveواطئ
150Argumentxxxpredictiveواطئ
151Argumentxxxpredictiveواطئ
152Argumentxxxxxxpredictiveواطئ
153Argumentxxxpredictiveواطئ
154Argumentxxxxpredictiveواطئ
155Argumentxxxxxxxpredictiveواطئ
156Argumentxxxxpredictiveواطئ
157Argumentxxxxxxxxpredictiveمتوسط
158Argumentxxxxxxxxpredictiveمتوسط
159Argumentxxxx_xxxpredictiveمتوسط
160Argumentxxxxxxxxpredictiveمتوسط
161Argumentxxxxxpredictiveواطئ
162Argumentxxxxxpredictiveواطئ
163Argumentxxxxxxpredictiveواطئ
164Argumentxxxpredictiveواطئ
165Argumentxxxxxxxxxxxxpredictiveمتوسط
166Argumentxxxxxpredictiveواطئ
167Argumentxx_xxxxpredictiveواطئ
168Argumentxxxxxxxxxpredictiveمتوسط
169Argumentxxxxpredictiveواطئ
170Argumentxxxx/xxxx/xxxpredictiveعالي
171Argumentxxxxxxpredictiveواطئ
172Argumentxxxxxxpredictiveواطئ
173Argumentxxxxxxxxpredictiveمتوسط
174Argumentxxxxxxxx/xxxxxxxxpredictiveعالي
175Argumentxxxxxxxxxxxxxx)predictiveعالي
176Argumentxxxxxxxxxxxx_xxxxpredictiveعالي
177Argumentxxxxxx/xxxxxx/xxxx/xxxxpredictiveعالي
178Input Value"><xxxxxx>xxxxx(x)</xxxxxx>predictiveعالي
179Input Value-x/xxxxxxxxxxpredictiveعالي
180Input Value../predictiveواطئ
181Input Value../..predictiveواطئ
182Input Value;[xxxxxxx]predictiveمتوسط
183Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveعالي
184Input Valuexxxxxxxxxx:/*predictiveعالي
185Network Portxxxx xxxxpredictiveمتوسط
186Network Portxxx/xxxxpredictiveمتوسط
187Network Portxxx xxxxxx xxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!