RedDelta تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

اللغة

en	16
ru	2

البلد

us	8
ru	4
cn	4
it	2

الفاعلين

Cobalt Strike	2
RedDelta	2
Gozi	1
ISFB	1
RudeBird	1

الاهتمام

النوع

Not Defined	8
Firewall Software	4
Learning Management Software	4
Network Attached Storage Software	2

المجهز

Not Defined	8
Fortinet	4
Kaseya	2
Synology	2
Ruijie	2

منتج

Fortinet FortiOS	4
Moodle	4
CFBB	2
TablePress	2
Fortinet FortiProxy	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	EPSS	CTI	CVE
1	Synology DiskStation Manager Change Password تجاوز الصلاحيات	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.03	CVE-2018-8916
2	MinIO اجتياز الدليل	6.8	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00246	0.04	CVE-2022-35919
3	Magento حقن إس كيو إل	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09912	0.03	CVE-2019-7139
4	Ruijie RG-EW/RG-NBS/RG-EG/EAP/RAP/NBC POST Request auth تجاوز الصلاحيات	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00286	0.04	CVE-2023-34644
5	Fortinet FortiOS/FortiProxy FortiGate SSL-VPN تلف الذاكرة	9.8	9.6	$25k-$100k	$25k-$100k	High	Official Fix	0.15407	0.05	CVE-2023-27997
6	WAGO Compact Controller CC100 Web-based Management تجاوز الصلاحيات	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00063	0.03	CVE-2022-45139
7	ZyXEL ZyNOS Default Password Remote Code Execution	7.3	7.1	$5k-$25k	$0-$5k	High	Unavailable	0.00788	0.00	CVE-2008-1522
8	ZyXEL ZyNOS Admin Account تجاوز الصلاحيات	5.3	4.7	$5k-$25k	$0-$5k	Unproven	Unavailable	0.00377	0.00	CVE-2008-1529
9	TablePress XML External Entity	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00049	0.00	CVE-2017-10889
10	Fortinet FortiOS sslvpnd تلف الذاكرة	9.8	9.6	$0-$5k	$0-$5k	High	Official Fix	0.38259	0.05	CVE-2022-42475
11	OKLOK Mobile Companion App Password Requirements توثيق ضعيف	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02440	0.00	CVE-2020-8790
12	Moodle Database Module Web Service حقن إس كيو إل	6.0	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00127	0.00	CVE-2020-25700
13	Moodle MNet حقن إس كيو إل	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00087	0.00	CVE-2021-32474
14	Kaseya Virtual System Administrator الكشف عن المعلومات	3.5	3.4	$0-$5k	$0-$5k	High	Official Fix	0.88537	0.04	CVE-2021-30116
15	Samsung Galaxy Bitmap تجاوز الصلاحيات	5.4	5.1	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00053	0.00	CVE-2015-7895
16	Western Digital WD My Book Live/WD My Book Live Duo Administrator API الحرمان من الخدمة	8.2	8.0	$0-$5k	$0-$5k	High	Workaround	0.00134	0.00	CVE-2021-35941
17	CFBB index.cfm سكربتات مشتركة	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00313	0.00	CVE-2005-2560

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	Identified	النوع	الثقة
1	45.90.58.69	steenbock.store	RedDelta	11/07/2023	verified	عالي
2	XX.XXX.XX.XXX	xxxxxxxxxxxxxxxxxx.xxxxxxx.xxxxx	Xxxxxxxx	11/07/2023	verified	عالي
3	XXX.XXX.XX.XX		Xxxxxxxx	11/07/2023	verified	عالي
4	XXX.XX.XXX.XXX	xxxxxxxxxx.xxxxxx-xx-xxxxx.xxx	Xxxxxxxx	11/07/2023	verified	عالي

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الفئة	الثغرات	متجه الوصول	النوع	الثقة
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	عالي
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	عالي
3	TXXXX.XXX	CAPEC-18	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
4	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
6	TXXXX	CAPEC-112	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
8	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/cgi-bin/luci/api/auth	predictive	عالي
2	File	xxxxx.xxx	predictive	متوسط
3	Argument	xxx_xxxxxx.xxx	predictive	عالي
4	Argument	xxxx	predictive	واطئ

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Do you know our Splunk app?

Download it now for free!