Rock Phish تحليل

IOB - Indicator of Behavior (20)

التسلسل الزمني

اللغة

en8
de4
it4
ru2
pl2

البلد

us20

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Tiki2
Lenze cabinet c5202
Lenze cabinet c5502
Lenze cabinet c7502
Apple QuickTime2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.570.00943CVE-2010-0966
2Pligg cloud.php حقن إس كيو إل6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.990.00000
3Tiki Admin Password tiki-login.php توثيق ضعيف8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix2.730.00936CVE-2020-15906
4Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page سكربتات مشتركة3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00053CVE-2022-28507
5Adobe Acrobat Reader تلف الذاكرة6.35.5$25k-$100kجاري الحسابUnprovenOfficial Fix0.020.29503CVE-2014-9159
6Apple QuickTime تلف الذاكرة10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.06113CVE-2011-3249
7zephyrproject-rtos RNDIS USB Device تلف الذاكرة7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.040.00081CVE-2021-3861
8Lenze cabinet c520/cabinet c550/cabinet c750 Password Verification Remote Code Execution9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00336CVE-2022-2302
9SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html سكربتات مشتركة8.07.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000
10Magic Photo Storage Website register.php تجاوز الصلاحيات5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
11Russcom Network Loginphp register.php سكربتات مشتركة4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.040.00677CVE-2006-2160
12Linux Kernel FXSAVE x87 Register تشفير ضعيف4.33.9$5k-$25kجاري الحسابProof-of-ConceptOfficial Fix0.020.00101CVE-2006-1056
13WordPress wp-register.php سكربتات مشتركة4.34.2$5k-$25k$0-$5kHighUnavailable0.000.00322CVE-2007-5105

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
181.16.131.40Rock Phish19/06/2022verifiedعالي
2XXX.XX.XXX.XXXxxx Xxxxx19/06/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1059CWE-94Argument Injectionpredictiveعالي
2TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
4TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1Filecloud.phppredictiveمتوسط
2Fileinc/config.phppredictiveعالي
3Filexxxxxxxx.xxxpredictiveمتوسط
4Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveعالي
5Filexxxx-xxxxx.xxxpredictiveعالي
6Filexxxx/xxxxxxxx.xxxpredictiveعالي
7Filexx-xxxxxxxx.xxxpredictiveعالي
8Argumentxxxxxxxxpredictiveمتوسط
9Argumentxxxxxxxxxxpredictiveمتوسط
10Argumentxxxxxxxxpredictiveمتوسط
11Argumentxxxxxpredictiveواطئ
12Argumentxxxx_xxxxxpredictiveمتوسط
13Argument_xxxxxx[xxxx_xxxx]predictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!