OilRig تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (487)

التسلسل الزمني

اللغة

en472
de10
ru2
es2
fr2

البلد

us334
ir112
gb4
cn4
fr2

الفاعلين

OilRig7
APT342
Mount Locker1
MuddyWater1
Cobalt Strike1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined160
Operating System32
Programming Language Software14
Chip Software14
Firewall Software12

المجهز

Not Defined116
Microsoft36
Apache20
Intel18
Cisco14

منتج

Microsoft Windows14
Linux Kernel14
Qualcomm Snapdragon Auto12
Qualcomm Snapdragon Compute12
Qualcomm Snapdragon Industrial IOT12

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.950.00000
2woo-variation-swatches Plugin سكربتات مشتركة5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00076CVE-2019-14774
3OpenSLP تلف الذاكرة8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.03272CVE-2019-5544
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
5nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.070.00241CVE-2020-12440
6vldPersonals index.php حقن إس كيو إل7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00167CVE-2014-9005
7Couchbase Sync Gateway Sync Document تشفير ضعيف2.62.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00065CVE-2021-43963
8BusyBox netstat Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01132CVE-2022-28391
9Google Chrome TabStrip تلف الذاكرة7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01048CVE-2021-21159
10DZCP deV!L`z Clanportal browser.php الكشف عن المعلومات5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined1.300.02733CVE-2007-1167
11VMware vRealize Operations JMX RMI Service تجاوز الصلاحيات8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00894CVE-2020-3943
12PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00348CVE-2015-4134
13vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.240.00141CVE-2018-6200
14ZNC Web Skin Name اجتياز الدليل5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00190CVE-2018-14056
15Alt-N MDaemon Worldclient تجاوز الصلاحيات4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00090CVE-2021-27182
16Moodle Lesson Question Import اجتياز الدليل6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00293CVE-2022-35650
17Flask-RESTX Regular Expression email_regex الحرمان من الخدمة6.46.3$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00547CVE-2021-32838
18Couchbase Sync Gateway REST API حقن إس كيو إل8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00415CVE-2019-9039
19SkaDate Skadate Online Dating Software featured_list.php اجتياز الدليل5.35.3$0-$5k$0-$5kHighUnavailable0.020.01416CVE-2007-5299
20WordPress WP_Query حقن إس كيو إل6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.93536CVE-2022-21661

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
111.24.237.110OilRig22/12/2020verifiedعالي
224.125.0.1OilRig22/12/2020verifiedعالي
331.3.225.55h31-3-225-55.host.redstation.co.ukOilRig23/12/2020verifiedعالي
433.33.94.94OilRig22/12/2020verifiedعالي
5XX.XX.XX.XXXxxxxx22/12/2020verifiedعالي
6XX.XX.XX.XXXxxxxx22/12/2020verifiedعالي
7XX.XX.XX.XXXxxxxx22/12/2020verifiedعالي
8XX.XX.XX.XXXXxxxxx23/12/2020verifiedعالي
9XX.XX.XX.XXXXxxxxx22/12/2020verifiedعالي
10XX.XX.XX.XXXXxxxxx22/12/2020verifiedعالي
11XX.XXX.XXX.XXXXxxxxx23/12/2020verifiedعالي
12XX.XXX.XXX.XXXxxxxxxxxxxxxxxx-xxxxxxxxxxxxxx.xxx.xxx.xxxxx.xxxxxx.xxxXxxxxx22/12/2020verifiedعالي
13XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx23/12/2020verifiedعالي
14XXX.XX.XXX.XXXXxxxxx23/12/2020verifiedعالي
15XXX.XX.XX.XXXxxxxx23/12/2020verifiedعالي
16XXX.XX.XX.XXxxx.xx.xxx-xxxxxxx-xx-xxx.xxxXxxxxx23/12/2020verifiedعالي
17XXX.XXX.XXX.XXXxxxxx22/12/2020verifiedعالي
18XXX.XXX.XXX.XXXXxxxxx22/12/2020verifiedعالي
19XXX.XXX.XX.XXxxxxx05/03/2024verifiedعالي
20XXX.XXX.XX.XXxx-xx-xxx-xxx.xxxx.xxxXxxxxx05/03/2024verifiedعالي

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22, CWE-23, CWE-37Path Traversalpredictiveعالي
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveعالي
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
4T1059CWE-94Argument Injectionpredictiveعالي
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
11TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
12TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictiveعالي
18TXXXX.XXXCWE-XXXXxxxxxxxpredictiveعالي
19TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
20TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
21TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي

IOA - Indicator of Attack (157)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/index.phppredictiveعالي
2File/bdswebui/assignusers/predictiveعالي
3File/bin/goaheadpredictiveمتوسط
4File/cgi-bin/lucipredictiveعالي
5File/cgi-bin/supervisor/PwdGrp.cgipredictiveعالي
6File/dev/dri/card1predictiveعالي
7File/forum/away.phppredictiveعالي
8File/GetCSSashx/?CP=%2fwebconfigpredictiveعالي
9File/HNAP1predictiveواطئ
10File/horde/util/go.phppredictiveعالي
11File/login.htmlpredictiveمتوسط
12File/proc/#####/fd/3predictiveعالي
13File/squashfs-root/www/HNAP1/control/SetWizardConfig.phppredictiveعالي
14File/uir/predictiveواطئ
15File/uncpath/predictiveمتوسط
16File/xpdf/Stream.ccpredictiveعالي
17Fileactions.hsppredictiveمتوسط
18Fileadclick.phppredictiveمتوسط
19Filexxx_xxxx_xxxx.xxxpredictiveعالي
20Filexxxxx/xxxxxxxxx/predictiveعالي
21Filexxxxx/xxxxx.xxxpredictiveعالي
22Filexxx/xxpredictiveواطئ
23Filexxxxxxx.xxxpredictiveمتوسط
24Filexxxxxxx/xxxxxxxxxxx.xpredictiveعالي
25Filexxxxx_xxx.xxxpredictiveعالي
26Filexxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveعالي
27Filexxxxx_xxxx.xpredictiveمتوسط
28Filexxxxx.xxxpredictiveمتوسط
29Filexxx-xxxx.xxxpredictiveمتوسط
30Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveعالي
31Filexxxxx_xx_xxxx.xxxpredictiveعالي
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
33Filexxxxxx.xxxpredictiveمتوسط
34Filexxxxxxx/xxxx/xxxxxx.xpredictiveعالي
35Filexxxxxxx/xxx/xxxxxx/xxx-xxxxx-xxxxxxx.xpredictiveعالي
36Filexxxxxxx/xxx/xxx.xpredictiveعالي
37Filexxxxxxx/xxxx/xxxxxxxx/xxxxxxxx_xxx_xxxx.xpredictiveعالي
38Filexxxxxxxx.xpredictiveمتوسط
39Filexxxxx.xxxpredictiveمتوسط
40Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveعالي
41Filexxx_xx/xxx/xxx/xxxxxx_xxxxxxx.xxxpredictiveعالي
42Filexxxx.xxxpredictiveمتوسط
43Filexxxx.xpredictiveواطئ
44Filexxx/xxxx/xxxx_xxxxxx.xpredictiveعالي
45Filexxxxxxxx_xxxx.xxxpredictiveعالي
46Filexxxxxxxxxxxxxxx.xxxpredictiveعالي
47Filexxxxxxxxxxxxxxxx.xxxpredictiveعالي
48Filexxxxxxxx.xxxxpredictiveعالي
49Filexxxxxxx.xpredictiveمتوسط
50Filexxxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
51Filexx/xxx/xxxxx.xpredictiveعالي
52Filexxxxxxxxx.xxxpredictiveعالي
53Filexxxxxxxxx/xxx_xxxx_xxxxxx.xxxpredictiveعالي
54Filexxxxxx.xxxpredictiveمتوسط
55Filexxxxxx/xxxxxxxxxxxpredictiveعالي
56Filexxxx.xxxpredictiveمتوسط
57Filexxxx.xxxpredictiveمتوسط
58Filexxxxxxxxx/xxxxxx/xxxxxxx.xxxpredictiveعالي
59Filex/xpredictiveواطئ
60Filexxxxxx_xxxx.xxxpredictiveعالي
61Filexxx/xxxxxx.xxxpredictiveعالي
62Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveعالي
63Filexxxxx.xxxpredictiveمتوسط
64Filexx-xxx.xpredictiveمتوسط
65Filexx_xxxxx/xxx_xxxx.xpredictiveعالي
66Filexxxxxxxxxxxx/xxxxxx_xxxxx.xxpredictiveعالي
67Filexxxxx.xxxpredictiveمتوسط
68Filexxxxx.xxxxpredictiveمتوسط
69Filexxxxx.xxxpredictiveمتوسط
70Filexxx/xxx_xxx/xxxxxx/xxx_xxxxx.xpredictiveعالي
71Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictiveعالي
72Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveعالي
73Filexxx_xxxx.xpredictiveمتوسط
74Filexxxxx-xxxxx.xpredictiveعالي
75Filexxxxxxxxx.xxxpredictiveعالي
76Filexxxxx.xxxpredictiveمتوسط
77Filexxxxxxxx.xxpredictiveمتوسط
78Filexxxxxxxxxx.xxxpredictiveعالي
79Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveعالي
80Filexxx.xxxpredictiveواطئ
81Filexxxxx.xxxpredictiveمتوسط
82Filexxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx%xxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveعالي
83Filex/xxxxx.xxxpredictiveمتوسط
84Filexxx_xxxx.xpredictiveمتوسط
85Filexxx_xxxxxx.xxxpredictiveعالي
86Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveعالي
87Filexxx.xxxpredictiveواطئ
88Filexxxxx.xxxpredictiveمتوسط
89Filexxxx.xpredictiveواطئ
90Filexxxxxxxxxxxxxxxxx.xxxpredictiveعالي
91Filexx-xxxxx/xxxxx.xxxpredictiveعالي
92Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx_xxxxxxxxpredictiveعالي
93Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxxxxxx-xxxxxxxx-xxxxxxxxpredictiveعالي
94Filexx-xxxx.xxxpredictiveمتوسط
95Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
96Filexx-xxxxxxxx/xxxx.xxxpredictiveعالي
97Filexx-xxxxxxxx/xxxx.xxxpredictiveعالي
98Filexx-xxxxxxxxxxx.xxxpredictiveعالي
99Filexxx_xxxxxx.xpredictiveمتوسط
100Filexxx.xxxxpredictiveمتوسط
101Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxpredictiveعالي
102Libraryxxxxxx.xxxpredictiveمتوسط
103Libraryxxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxxpredictiveعالي
104Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveعالي
105Argumentxxxxxxxxpredictiveمتوسط
106Argumentxxxxxxpredictiveواطئ
107Argumentxx_xxpredictiveواطئ
108Argumentxxxx/xxxxpredictiveمتوسط
109Argumentxxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxxpredictiveعالي
110Argumentxxxxpredictiveواطئ
111Argumentxxxxxx_xxxx_xxxxpredictiveعالي
112Argumentxxxxpredictiveواطئ
113Argumentxxxxxxxxxpredictiveمتوسط
114Argumentxxxxxx_xxxxxx_xxxxxpredictiveعالي
115Argumentxxxx_xxpredictiveواطئ
116Argumentxxxxxxxpredictiveواطئ
117Argumentxxxxxxxpredictiveواطئ
118Argumentxxxxpredictiveواطئ
119Argumentxxxxxxxxpredictiveمتوسط
120Argumentxxpredictiveواطئ
121Argumentxxxxxxxxxpredictiveمتوسط
122Argumentxxxxxpredictiveواطئ
123Argumentxxxxpredictiveواطئ
124Argumentxxx_xxxxx_xxxxxxxxpredictiveعالي
125Argumentxxx_xxxxxxxxpredictiveمتوسط
126Argumentxxxxxxxxxxxxxxxxxpredictiveعالي
127Argumentxxxxxxxxpredictiveمتوسط
128Argumentxxxxxxxxpredictiveمتوسط
129Argumentxxxxxx_xxxxpredictiveمتوسط
130Argumentx_xxxxxxxxpredictiveمتوسط
131Argumentxxxxxxxxpredictiveمتوسط
132Argumentxxxxxxxxxpredictiveمتوسط
133Argumentxxxxxxxxxpredictiveمتوسط
134Argumentxxxpredictiveواطئ
135Argumentxxxxx_xxxxxxpredictiveمتوسط
136Argumentxxx-xxxxxxxxxx-xxxxpredictiveعالي
137Argumentxxxxxpredictiveواطئ
138Argumentxxxxxxxx/xxxxxxpredictiveعالي
139Argumentxxxpredictiveواطئ
140Argumentxxxxpredictiveواطئ
141Argumentxxxpredictiveواطئ
142Argumentxxxxxxxxpredictiveمتوسط
143Argumentxxxx_xxpredictiveواطئ
144Argumentx_xxxxpredictiveواطئ
145Argumentxxxx_xxxxpredictiveمتوسط
146Argumentxxxxxx_xxxxxxx_xxxpredictiveعالي
147Input Value../predictiveواطئ
148Input Value../../xxxxxxx.xxxpredictiveعالي
149Input Value./../predictiveواطئ
150Input Value/../predictiveواطئ
151Input Valuex">[xxx/xxxxxx=xxxxx(x)]predictiveعالي
152Input Valuexxxxxxx-xxxxxxxxxxx: xxxx-xxxx; xxxx="xx"[\x][\x][\x]predictiveعالي
153Input Valuexxxx://xxx.xxxxxx.xxxpredictiveعالي
154Pattern|xx|xx|xx|predictiveمتوسط
155Network Portxxx/xx (xxx)predictiveمتوسط
156Network Portxxx/xx (xxx)predictiveمتوسط
157Network Portxxx xxxxxx xxxxpredictiveعالي

المصادر (8)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!