PortDoor تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

التسلسل الزمني

اللغة

en10
fr4
de2

البلد

us12
fr4

الفاعلين

TA4281

النشاطات

الاهتمام

التسلسل الزمني

النوع

Programming Language Software4
Not Defined4
Content Management System2
Router Operating System2
Cloud Software2

المجهز

Not Defined4
Google2
WordPress2
D-Link2
Nextcloud2

منتج

Google Go2
PHP2
WordPress AdServe2
D-Link DIR-865L2
Nextcloud Server2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Microsoft Windows Registry Password الكشف عن المعلومات3.73.6$25k-$100k$0-$5kNot DefinedWorkaround0.020.00000
3Nextcloud Server Image Preview config.php تجاوز الصلاحيات7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00250CVE-2021-32802
4D-Link DIR-865L register_send.php توثيق ضعيف7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.000.00109CVE-2013-3096
5Google Go ExtractTo اجتياز الدليل7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00107CVE-2020-7668
6PHP phpinfo تلف الذاكرة6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.02345CVE-2005-2491
7DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.630.00943CVE-2010-0966
8DZCP deV!L`z Clanportal browser.php الكشف عن المعلومات5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined1.290.02733CVE-2007-1167
9Kerberos Package DLL LoadLibrary تجاوز الصلاحيات6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00440CVE-2020-13110
10WordPress AdServe adclick.php حقن إس كيو إل7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00073CVE-2008-0507
11LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.850.00000
12Bitcoin Core/Bitcoin Knots Final Alert تشفير ضعيف6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00158CVE-2016-10725
13DUware DUdownload detail.asp حقن إس كيو إل7.37.1$0-$5k$0-$5kHighUnavailable0.030.00254CVE-2006-6367

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
145.63.27.16245.63.27.162.vultr.comPortDoor04/03/2022verifiedمتوسط

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059CWE-94Argument Injectionpredictiveعالي
3TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
4TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/forum/away.phppredictiveعالي
2Fileadclick.phppredictiveمتوسط
3Filexxxxxx.xxxpredictiveمتوسط
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
5Filexxxxxx.xxxpredictiveمتوسط
6Filexxx/xxxxxx.xxxpredictiveعالي
7Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveعالي
8Filexxxxxxxx_xxxx.xxxpredictiveعالي
9Argumentxxxxxxxxpredictiveمتوسط
10Argumentxxxxpredictiveواطئ
11Argumentxxpredictiveواطئ
12Argumentxxxxxpredictiveواطئ
13Input Value..predictiveواطئ

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Might our Artificial Intelligence support you?

Check our Alexa App!