PennyWise Stealer تحليل

IOB - Indicator of Behavior (89)

التسلسل الزمني

اللغة

en68
it8
de6
sv2
es2

البلد

us66
ru18
it2
gb2

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Francisco Burzi PHP-Nuke4
Coffeecup Ftp Client2
Microsoft Windows2
ProjectApp2
Linux Kernel2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Joomla CMS com_easyblog حقن إس كيو إل6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.200.00000
2Tiki Admin Password tiki-login.php توثيق ضعيف8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix2.840.00936CVE-2020-15906
3LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.920.00000
4Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.470.01871CVE-2007-2046
5Discuz UCenter Home shop.php حقن إس كيو إل7.37.1$0-$5kجاري الحسابHighUnavailable0.000.00064CVE-2010-4912
6SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php حقن إس كيو إل7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00135CVE-2023-2090
7jforum User تجاوز الصلاحيات5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00289CVE-2019-7550
8Tiki Wiki CMS Groupware سكربتات مشتركة5.25.2$0-$5kجاري الحسابNot DefinedNot Defined0.000.00079CVE-2016-7394
9Tiki Wiki CMS Groupware tiki-jsplugin.php تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.04033CVE-2010-4239
10Tiki Wiki CMS Groupware tiki-adminusers.php طلب تزوير مشترك6.56.5$0-$5kجاري الحسابNot DefinedNot Defined0.080.00211CVE-2010-4241
11TikiWiki tiki-register.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix6.930.01009CVE-2006-6168
12real3d-flipbook-lite Plugin flipbooks.php سكربتات مشتركة5.25.2$0-$5kجاري الحسابNot DefinedNot Defined0.040.00076CVE-2016-10967
13Advanced Poll booth.php اجتياز الدليل7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.040.01100CVE-2003-1180
14Redisson تجاوز الصلاحيات8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00073CVE-2023-42809
15PHPOffice PhpSpreadsheet Encoding securityScan تجاوز الصلاحيات7.57.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01689CVE-2018-19277
16Fortinet FortiOS fgfmd Format String9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00091CVE-2024-23113
17cURL tool_cb_wrt.c tool_cb_wrt تلف الذاكرة5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000CVE-2023-52071
18Ubiquiti UniFi OS تجاوز الصلاحيات7.27.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00043CVE-2023-31997
19Microsoft Exchange Server Outlook Web Access logon.aspx تجاوز الصلاحيات7.97.9$5k-$25k$25k-$100kNot DefinedNot Defined0.020.00379CVE-2018-16793
20Microsoft Windows Kerberos توثيق ضعيف8.98.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00048CVE-2024-20674

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
4TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
5TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/maintenance/view_designation.phppredictiveعالي
2File/forum/away.phppredictiveعالي
3File/owa/auth/logon.aspxpredictiveعالي
4File/spip.phppredictiveمتوسط
5File/wp-admin/admin-ajax.phppredictiveعالي
6Fileaction.phppredictiveمتوسط
7Fileadclick.phppredictiveمتوسط
8Fileadmin/partials/ajax/add_field_to_form.phppredictiveعالي
9Filexxxxx.xxxpredictiveمتوسط
10Filexxx:.xxxpredictiveمتوسط
11Filexxx/xxx.xxxpredictiveمتوسط
12Filexxx/xxxxx.xxxpredictiveعالي
13Filexxxxx.xxxpredictiveمتوسط
14Filexxx.xxxpredictiveواطئ
15Filexxx.xxxpredictiveواطئ
16Filexxxxxx.xxxpredictiveمتوسط
17Filexxxxxxxxxx.xxxpredictiveعالي
18Filexxxxx.xxxpredictiveمتوسط
19Filexxxxxx.xxxpredictiveمتوسط
20Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveعالي
21Filexxx.xxxxxx.xxxpredictiveعالي
22Filexxxx.xxxpredictiveمتوسط
23Filexxxxxx/xx_xxxxxx_xxxxxx/xxxxx/xxxxx.xxxpredictiveعالي
24Filexxxxxxx.xxxpredictiveمتوسط
25Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveعالي
26Filexxxxx\xxxx.xxxpredictiveعالي
27Filexxxx.xxxpredictiveمتوسط
28Filexxx/xxxx_xx_xxx.xpredictiveعالي
29Filexxxxxxx_xxxxxx.xxxpredictiveعالي
30Filexxxx-xxxxxxxxxx.xxxpredictiveعالي
31Filexxxx-xxxxxxxx.xxxpredictiveعالي
32Filexxxx-xxxxx.xxxpredictiveعالي
33Filexxxx-xxxxxxxx.xxxpredictiveعالي
34Filexxxxxxxxxx.xxxpredictiveعالي
35Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveعالي
36Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxx-xxxxx-xxxxxxxxpredictiveعالي
37Filexx-xxxxxxx/xxxxxxx/xxxxxx-xxxxxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
38Argumentxxxxpredictiveواطئ
39Argumentxxxxxxpredictiveواطئ
40Argumentxxxxxpredictiveواطئ
41Argumentxxxpredictiveواطئ
42Argumentxxxxxxpredictiveواطئ
43Argumentxxxxpredictiveواطئ
44Argumentxxxxpredictiveواطئ
45Argumentxxxxx_xxxx/xxxxx_xxx/xxxxx_xxxx/xxxx_xxpredictiveعالي
46Argumentxxxxpredictiveواطئ
47Argumentxx_xxpredictiveواطئ
48Argumentxxxxxxxxxxpredictiveمتوسط
49Argumentxxpredictiveواطئ
50Argumentxxxxxxx_xxxxpredictiveمتوسط
51Argumentxxxxxxxxpredictiveمتوسط
52Argumentxxxxpredictiveواطئ
53Argumentxxxxxxxxpredictiveمتوسط
54Argumentxxxxxxxxpredictiveمتوسط
55Argumentxxxxxxpredictiveواطئ
56Argumentxxxxpredictiveواطئ
57Argumentxxxpredictiveواطئ
58Argumentxxxxxxxxxxxpredictiveمتوسط
59Argumentxxxpredictiveواطئ
60Argumentxxxxxx/xxxxpredictiveمتوسط
61Argumentxxxxxxxxpredictiveمتوسط

المصادر (6)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!