Packrat تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

اللغة

en	66
pt	14
es	6

البلد

br	44
es	6
us	4
cl	2
gb	2

الفاعلين

Packrat	5
Banjori	1

الاهتمام

النوع

Not Defined	14
Operating System	8
Smartphone Operating System	6
Office Suite Software	6
Web Browser	4

المجهز

Microsoft	8
Google	6
Not Defined	6
HP	4
Sun	4

منتج

Google Android	6
Sun Solaris	4
Microsoft Office	4
HP Intelligent Management Center	2
DZCP deV!L`z Clanportal	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	EPSS	CTI	CVE
1	Dropbear SSH تجاوز الصلاحيات	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02911	0.17	CVE-2016-7406
2	OpenSSL Non-prime Moduli BN_mod_sqrt الحرمان من الخدمة	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01342	0.03	CVE-2022-0778
3	VMware ESXi Host Client Stored سكربتات مشتركة	5.2	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00076	0.07	CVE-2017-4940
4	HP Integrated Lights-Out IPMI Protocol تجاوز الصلاحيات	8.2	8.0	$5k-$25k	$0-$5k	High	Workaround	0.27196	0.04	CVE-2013-4786
5	Apache HTTP Server mod_reqtimeout الحرمان من الخدمة	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01696	0.04	CVE-2007-6750
6	Linux Kernel Socket Buffer virtio_bt.c الحرمان من الخدمة	5.7	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.02	CVE-2022-26878
7	Microsoft Windows LSA الكشف عن المعلومات	6.4	6.0	$25k-$100k	$5k-$25k	High	Official Fix	0.81552	0.04	CVE-2021-36942
8	Dropbear SSH dbclient/server Memory الكشف عن المعلومات	4.4	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2016-7409
9	Dropbear SSH dropbearconvert تجاوز الصلاحيات	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00956	0.04	CVE-2016-7407
10	phpMyAdmin grab_globals.lib.php اجتياز الدليل	4.8	4.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02334	0.04	CVE-2005-3299
11	Ietf MD5 تشفير ضعيف	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01224	0.00	CVE-2004-2761
12	Sun Solaris Authentication توثيق ضعيف	9.8	9.6	$5k-$25k	$0-$5k	High	Workaround	0.01297	0.00	CVE-1999-0502
13	TP-LINK TL-WR840N تلف الذاكرة	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00092	0.00	CVE-2022-26642
14	HP Intelligent Management Center tftpserver.exe تجاوز الصلاحيات	10.0	9.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.07173	0.00	CVE-2011-1853
15	Microsoft Windows SMB Processor EducatedScholar الحرمان من الخدمة	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.97266	0.00	CVE-2009-3103
16	avahi socket.c الحرمان من الخدمة	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.07514	0.04	CVE-2011-1002
17	OpenSSL EC الكشف عن المعلومات	3.1	3.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00386	0.05	CVE-2021-4160
18	Linux Kernel KVM تجاوز الصلاحيات	7.6	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00056	0.03	CVE-2021-3653
19	Fortinet FortiMail اجتياز الدليل	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00093	0.00	CVE-2021-24013
20	Fortinet FortiMail Identity-Based Encryption Service تشفير ضعيف	4.0	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00060	0.00	CVE-2021-26099

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	Identified	النوع	الثقة
1	46.246.89.246	joana.homework.space	Packrat	24/12/2020	verified	عالي
2	50.62.133.49	ip-50-62-133-49.ip.secureserver.net	Packrat	24/12/2020	verified	عالي
3	XXX.XXX.X.XX	xxxxxxxx.xxxxxx.xxx.xx	Xxxxxxx	24/12/2020	verified	عالي
4	XXX.XXX.XX.XX	xxxxxxxx.xxxxxx.xxx.xx	Xxxxxxx	24/12/2020	verified	عالي
5	XXX.XXX.XXX.XXX	xxxxxxxx.xxxxxx.xxx.xx	Xxxxxxx	24/12/2020	verified	عالي
6	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxx.xxxxxxxx.xx	Xxxxxxx	24/12/2020	verified	عالي
7	XXX.XXX.XXX.XXX	xxxxxxxx-xxxxxx-xxx-xxx-xxx.xxxxxxxxxxxxx.xxx	Xxxxxxx	24/12/2020	verified	عالي
8	XXX.XXX.XXX.XX	xx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxx	Xxxxxxx	24/12/2020	verified	عالي
9	XXX.XX.XXX.XXX	xx-xxx-xx-xxx-xxx.xx.xxxxxxxxxxxx.xxx	Xxxxxxx	24/12/2020	verified	عالي

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الفئة	الثغرات	متجه الوصول	النوع	الثقة
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	عالي
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	عالي
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
5	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	عالي
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
7	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
9	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	عالي

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	api/sms_check.php	predictive	عالي
2	File	avahi-core/socket.c	predictive	عالي
3	File	chmextract.c	predictive	متوسط
4	File	xxxxxxx/xxxxxxxxx/xxxxxx_xx.x	predictive	عالي
5	File	xxxx_xxxxxxx.xxx.xxx	predictive	عالي
6	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	عالي
7	File	xxxxx.xxx	predictive	متوسط
8	File	xxxxxx_xxx.x	predictive	متوسط
9	File	xxxxx-xxx.x	predictive	متوسط
10	File	xxxxxxxxxx.xxx	predictive	عالي
11	Library	xxxxxxxx.xxx	predictive	متوسط
12	Argument	-x	predictive	واطئ
13	Argument	xxxx	predictive	واطئ
14	Argument	xxx_xxx	predictive	واطئ
15	Argument	xxxxx	predictive	واطئ
16	Argument	xxxxxxxx	predictive	متوسط
17	Argument	xxxxxxxx	predictive	متوسط
18	Argument	xxxx	predictive	واطئ
19	Argument	xxxxxxxx/xxxx	predictive	عالي
20	Argument	x_xx_xxxxxxxxxxxxxxxx	predictive	عالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!