PoshC2 تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (508)

التسلسل الزمني

اللغة

en394
de88
zh12
pl4
es4

البلد

us386
ru20
cn20
tr4
de2

الفاعلين

PoshC217
Cobalt Strike3
BianLian2
RecordBreaker2
RedLine Stealer2

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined110
Operating System14
Forum Software14
Content Management System12
Web Server12

المجهز

Not Defined68
Microsoft16
Apple12
Asus12
Cisco10

منتج

Apple QuickTime8
Microsoft Windows8
Linux Kernel4
Microsoft IIS4
HP Support Assistant4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.630.00943CVE-2010-0966
3TikiWiki tiki-register.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix7.450.01009CVE-2006-6168
4FreeBSD FPU x87 Register الكشف عن المعلومات4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000
5Russcom Network Loginphp register.php سكربتات مشتركة4.34.1$0-$5kجاري الحسابProof-of-ConceptUnavailable0.040.00677CVE-2006-2160
6Jelsoft vBulletin register.php الحرمان من الخدمة7.37.3$0-$5kجاري الحسابNot DefinedNot Defined0.000.01562CVE-2006-4272
7CONTROLzx HMS register_domain.php سكربتات مشتركة3.53.3$0-$5kجاري الحسابProof-of-ConceptNot Defined0.000.00000
8Ultimate PHP Board register.php ثغرات غير معروفة5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00317CVE-2006-3206
9SloughFlash SF-Users register.php سكربتات مشتركة4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00587CVE-2006-2167
10Linux Kernel FXSAVE x87 Register تشفير ضعيف4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.00101CVE-2006-1056
11MGB OpenSource Guestbook email.php حقن إس كيو إل7.37.3$0-$5k$0-$5kHighUnavailable0.930.01302CVE-2007-0354
12Cisco AnyConnect Secure Mobility Client Profile Editor XML External Entity4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00074CVE-2018-0100
13Citrix Workspace App Automatic Updater Service تجاوز الصلاحيات7.57.5$5k-$25k$5k-$25kNot DefinedOfficial Fix0.030.00088CVE-2020-8207
14X7 Group X7 Chat register.php سكربتات مشتركة4.33.9$0-$5kجاري الحسابProof-of-ConceptOfficial Fix0.020.00615CVE-2006-2282
15Kailash Nadh boastMachine Admin Interface register.php سكربتات مشتركة4.33.8$0-$5kجاري الحسابProof-of-ConceptUnavailable0.020.00807CVE-2006-3826
16GeoClassifieds Enterprise register.php سكربتات مشتركة3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
17PhotoPost PHP register.php تجاوز الصلاحيات5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
18Tritanium Bulletin Board register.php سكربتات مشتركة4.34.1$0-$5kجاري الحسابProof-of-ConceptNot Defined0.030.00677CVE-2006-1815
19nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.070.00241CVE-2020-12440
20Asus RT-AX82U HTTP Request get_IFTTTTtoken.cgi Remote Code Execution8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00218CVE-2022-35401

حملات (1)

These are the campaigns that can be associated with the actor:

  • PoshC2

IOC - Indicator of Compromise (36)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
13.120.209.174ec2-3-120-209-174.eu-central-1.compute.amazonaws.comPoshC216/01/2024verifiedمتوسط
23.253.77.60ec2-3-253-77-60.eu-west-1.compute.amazonaws.comPoshC227/10/2023verifiedمتوسط
313.48.77.144ec2-13-48-77-144.eu-north-1.compute.amazonaws.comPoshC201/11/2023verifiedمتوسط
413.78.10.244PoshC213/02/2024verifiedعالي
518.134.14.164ec2-18-134-14-164.eu-west-2.compute.amazonaws.comPoshC211/10/2023verifiedمتوسط
635.80.38.180ec2-35-80-38-180.us-west-2.compute.amazonaws.comPoshC202/01/2024verifiedمتوسط
735.202.253.4545.253.202.35.bc.googleusercontent.comPoshC227/03/2022verifiedمتوسط
845.79.196.20345-79-196-203.ip.linodeusercontent.comPoshC219/10/2023verifiedعالي
9XX.XXX.XXX.XXXXxxxxx27/01/2024verifiedعالي
10XX.XXX.XXX.XXXXxxxxx22/06/2021verifiedعالي
11XX.XXX.XX.XXXxxxxx22/11/2023verifiedعالي
12XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxx04/01/2024verifiedعالي
13XX.XXX.XXX.XXXXxxxxx15/11/2023verifiedعالي
14XX.XX.XXX.XXxxxxxxxxxxxxxxxxx.xx.xxxxxxxxx.xxxXxxxxx10/12/2023verifiedعالي
15XX.XXX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx11/11/2023verifiedعالي
16XX.XXX.X.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx16/10/2023verifiedعالي
17XX.XX.XXX.XXxxxxxxxx.xx-xx-xx-xxx.xxXxxxxx26/10/2023verifiedعالي
18XX.XXX.XX.XXXxxxxxxx.xxxxxx.xxxXxxxxx09/10/2023verifiedعالي
19XX.XXX.XXX.XXXXxxxxx17/10/2022verifiedعالي
20XXX.XX.XXX.XXXXxxxxx22/06/2021verifiedعالي
21XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx22/11/2023verifiedعالي
22XXX.XXX.XXX.XXXxxxxx07/11/2023verifiedعالي
23XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxx02/01/2024verifiedعالي
24XXX.XXX.XXX.XXXxxxxx10/12/2023verifiedعالي
25XXX.XXX.XX.XXXXxxxxx19/10/2023verifiedعالي
26XXX.XX.XX.XXXXxxxxx09/01/2024verifiedعالي
27XXX.XX.XXX.XXXxxxxx20/02/2024verifiedعالي
28XXX.XXX.XXX.XXXXxxxxx25/01/2024verifiedعالي
29XXX.XXX.XX.XXxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx15/12/2023verifiedعالي
30XXX.XX.XXX.XXxxx-xxx-xx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx09/11/2023verifiedمتوسط
31XXX.XXX.XX.XXXxxxxx26/01/2024verifiedعالي
32XXX.XXX.XXX.XXXxxxxx17/10/2023verifiedعالي
33XXX.XXX.XX.XXXxxxxx22/06/2021verifiedعالي
34XXX.XXX.XXX.XXXXxxxxx09/10/2023verifiedعالي
35XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx20/10/2023verifiedعالي
36XXX.XXX.XXX.XXXxxxxXxxxxx31/05/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
10TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
12TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (114)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/config/uploadicon.phppredictiveعالي
2File/admin/del_feedback.phppredictiveعالي
3File/cms/category/listpredictiveعالي
4File/inquiries/view_inquiry.phppredictiveعالي
5File/Loginpredictiveواطئ
6File/product/savenewproduct.php?flag=1predictiveعالي
7File/searchpredictiveواطئ
8File/start_apply.htmpredictiveعالي
9File/sysmanage/updatelib.phppredictiveعالي
10File/thruk/#cgi-bin/extinfo.cgi?type=2predictiveعالي
11File/var/log/nginxpredictiveعالي
12Filebooking.phppredictiveمتوسط
13Filebrowse-category.phppredictiveعالي
14FileBSW_cxttongr.htmpredictiveعالي
15Filecat.asppredictiveواطئ
16Filexxxxxxxx.xxxpredictiveمتوسط
17Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveعالي
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
19Filexxxxxxxx.xxxpredictiveمتوسط
20Filexxxxxxxxxxx.xxxpredictiveعالي
21Filexxxxxxxx.xxxpredictiveمتوسط
22Filexxxxx.xxxpredictiveمتوسط
23Filexxxxxxxxxxxx.xxxpredictiveعالي
24Filexxxx.xxxpredictiveمتوسط
25Filexxx_xxxxxxxxxxx.xxxpredictiveعالي
26Filexxxx.xxxpredictiveمتوسط
27Filexxx/xxxxxx.xxxpredictiveعالي
28Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveعالي
29Filexxxxx.xxxpredictiveمتوسط
30Filexxxxx.xxxpredictiveمتوسط
31Filexxxxx.xxx?xx=xxxxxxxxxx&xxxxpredictiveعالي
32Filexxxxxxx.xpredictiveمتوسط
33Filexxxxxxxxxxx-xxxxxxx-xxxx.xxxx.xxxpredictiveعالي
34Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveعالي
35Filexxxx.xxxpredictiveمتوسط
36Filexxxxx.xxxpredictiveمتوسط
37Filexxxxxxx.xxxpredictiveمتوسط
38Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveعالي
39Filexxx_xxxx.xxxpredictiveمتوسط
40Filexxxx_xxxxxxx.xxxpredictiveعالي
41Filexxxxx_xxx.xxxpredictiveعالي
42Filexxxxx.xxxpredictiveمتوسط
43Filexxxxx.xxxpredictiveمتوسط
44Filexxxxxxxxxx.xxxpredictiveعالي
45Filexxxxxxxx.xxxxpredictiveعالي
46Filexxxxxxxx.xxxpredictiveمتوسط
47Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveعالي
48Filexxxxxxxx_xxxxxx.xxxpredictiveعالي
49Filexxxxxxx/xxxxxxxxxx.xxxpredictiveعالي
50Filexxxxxx.xxpredictiveمتوسط
51Filexxxxxxx/xxxxxxxx.xxxpredictiveعالي
52Filexxxxx.xxxpredictiveمتوسط
53Filexxxxxx.xxxpredictiveمتوسط
54Filexxxxxx-xxxxxx.xxxpredictiveعالي
55Filexxxx-xxxxxxxx.xxxpredictiveعالي
56Filexxxxx_xxxxxx.xxxpredictiveعالي
57Filexxxxxx.xxxpredictiveمتوسط
58Filexx-xxxxx/xxxxx-xxx.xxx?xxxxxxx-xxxxxxxxpredictiveعالي
59Filexxxx.xxpredictiveواطئ
60File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveعالي
61File~/xxx-xxx-xxxx.xxxpredictiveعالي
62Libraryxxxxxxxx.xxxpredictiveمتوسط
63Libraryxxxxxx.xxxxx.xxxxxxxpredictiveعالي
64Argumentxx_xxxx_xxxxpredictiveمتوسط
65Argumentxxxxxxxpredictiveواطئ
66Argumentxxxxxxxxxpredictiveمتوسط
67Argumentxxxxxxpredictiveواطئ
68Argumentxxxxxxxxpredictiveمتوسط
69Argumentxxxpredictiveواطئ
70Argumentxxxpredictiveواطئ
71Argumentxxx/xxxxx_xxxx/xxxxxx_xxxx/xxxxxxx_x/xxxxxxxpredictiveعالي
72Argumentxxxxxxx_xxxxxpredictiveعالي
73Argumentxxxxxxx/xxxx/xxxxx_xxxxx_xxpredictiveعالي
74Argumentx[xxxxx]predictiveمتوسط
75Argumentxxxxxxxpredictiveواطئ
76Argumentxxxxxxxxpredictiveمتوسط
77Argumentxxxxxxx=xxxxxxxxpredictiveعالي
78Argumentxx_xxxxxpredictiveمتوسط
79Argumentxxxxpredictiveواطئ
80Argumentxxxxxxxxpredictiveمتوسط
81Argumentxxxx_xxxxxxpredictiveمتوسط
82Argumentxxxxxxxxxxpredictiveمتوسط
83Argumentxxxx/xxxxxxx/xxxxxxxpredictiveعالي
84Argumentxxxx_xxpredictiveواطئ
85Argumentxxxxpredictiveواطئ
86Argumentxxpredictiveواطئ
87Argumentxx_xxxxxpredictiveمتوسط
88Argumentxxxxxpredictiveواطئ
89Argumentxxxxxxxxpredictiveمتوسط
90Argumentxxxxxpredictiveواطئ
91Argumentxxxxxxxxxxxpredictiveمتوسط
92Argumentxxxx-xxx-xxxxxxxxxpredictiveعالي
93Argumentxxxxx_xxpredictiveمتوسط
94Argumentxxxxpredictiveواطئ
95Argumentxxxx_xxxxxpredictiveمتوسط
96Argumentxxxxxxx_xxxpredictiveمتوسط
97Argumentxxxxxxxxpredictiveمتوسط
98Argumentxx_xxxxpredictiveواطئ
99Argumentxxxxxxx_xxxxpredictiveمتوسط
100Argumentxxxxxxpredictiveواطئ
101Argumentxxxpredictiveواطئ
102Argumentxxxpredictiveواطئ
103Argumentxxxxxxxxpredictiveمتوسط
104Argumentxxxxx/xxxpredictiveمتوسط
105Argumentxxxxxxpredictiveواطئ
106Argumentxxxxxxxpredictiveواطئ
107Argumentxxxxxpredictiveواطئ
108Argumentxxxxxpredictiveواطئ
109Argumentxxxxxxpredictiveواطئ
110Argumentxxxpredictiveواطئ
111Argumentxxxpredictiveواطئ
112Argumentxxxxxxxxpredictiveمتوسط
113Argumentxxxpredictiveواطئ
114Pattern|xx|predictiveواطئ

المصادر (30)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!