Royal Road تحليل

IOB - Indicator of Behavior (175)

التسلسل الزمني

اللغة

en140
fr12
es8
it8
de4

البلد

us100
gb12
ru10
fr8
pl6

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

WordPress10
Apache HTTP Server6
Microsoft Windows6
BigTree CMS2
SmarterTools SmarterMail2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.080.00241CVE-2020-12440
2MidiCart PHP Shopping Cart item_show.php حقن إس كيو إل6.36.0$0-$5kجاري الحسابProof-of-ConceptNot Defined0.050.00000
3WordPress Private Post تجاوز الصلاحيات4.64.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00272CVE-2020-11028
4Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.070.00258CVE-2020-1927
5ProFTPD mod_copy تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.94462CVE-2019-12815
6Microsoft Exchange Server Privilege Escalation8.57.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.03563CVE-2021-26412
7Gempar Script Toko Online shop_display_products.php حقن إس كيو إل7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00100CVE-2009-0296
8Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
9Mihalism Multi Host users.php حقن إس كيو إل7.37.3$0-$5k$0-$5kHighUnavailable0.000.00152CVE-2008-0714
10Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
11Mailman تجاوز الصلاحيات6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00160CVE-2018-13796
12WordPress Thumbnail تجاوز الصلاحيات7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00990CVE-2018-1000773
13XenForo تجاوز الصلاحيات8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000
14DCP-Portal forums.php حقن إس كيو إل7.37.3$0-$5kجاري الحسابNot DefinedNot Defined0.000.00000
15Ideal BB.NET forums.aspx سكربتات مشتركة3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
16logwatch logwatch.pl تجاوز الصلاحيات9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.05151CVE-2011-1018
17OpenSSH Authentication Username الكشف عن المعلومات5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
18Apache Shiro API اجتياز الدليل8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00071CVE-2023-34478
19Subversion svn+ssh:/ URL تجاوز الصلاحيات8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.12851CVE-2017-9800
20Apache Subversion mod_authz_svn authenticated الكشف عن المعلومات5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.020.00380CVE-2015-3184

حملات (1)

These are the campaigns that can be associated with the actor:

  • Royal Road

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
1138.68.133.211share.sawblade.org.ukRoyal RoadRoyal Road22/12/2020verifiedعالي
2XXX.XXX.XX.XXXxxxx XxxxXxxxx Xxxx22/12/2020verifiedعالي
3XXX.XXX.XX.XXxxxx XxxxXxxxx Xxxx22/12/2020verifiedعالي
4XXX.XX.X.XXXxxx.xx.x.xxx.xxxxx.xxxXxxxx XxxxXxxxx Xxxx22/12/2020verifiedمتوسط

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
11TXXXX.XXXCWE-XXXXxxxxxxxpredictiveعالي
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (92)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/bin/shpredictiveواطئ
2File/oauth/authorizepredictiveعالي
3File/see_more_details.phppredictiveعالي
4File/uncpath/predictiveمتوسط
5File/webmail/predictiveمتوسط
6File/_nextpredictiveواطئ
7Fileadmin/index.phppredictiveعالي
8Fileanonymous/authenticatedpredictiveعالي
9Fileassets/add/registrar.phppredictiveعالي
10Filebooking.phppredictiveمتوسط
11Filebooks.phppredictiveمتوسط
12Filexxxx.xxxpredictiveمتوسط
13Filexxxxxxxxx.xxxxpredictiveعالي
14Filexxx-xxxx.xxxpredictiveمتوسط
15Filexxx-xxxpredictiveواطئ
16Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveعالي
17Filexxxxxx/xxx/x_xxxxxxxx_xxxxxxxx.xpredictiveعالي
18Filexxxxxxxx_xxxxxxxxxxxx.xxxpredictiveعالي
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
20Filexxxxx.xxx?xxx=xxxx&xxxxxx=xxxxxxxxxpredictiveعالي
21Filexxxxxx.xxxxpredictiveمتوسط
22Filexxxxxx.xxxpredictiveمتوسط
23Filexxxx.xpredictiveواطئ
24Filexxxx.xxxpredictiveمتوسط
25Filexxxxx.xxxpredictiveمتوسط
26Filexxxx_xxxx.xxxpredictiveعالي
27Filexxxxx.xxxpredictiveمتوسط
28Filexxxxxxxx.xxpredictiveمتوسط
29Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveعالي
30Filexxx/xxxxx.xxxxpredictiveعالي
31Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveعالي
32Filexxxxxxxxx.xxxxpredictiveعالي
33Filexxxx.xxxpredictiveمتوسط
34Filexxxxxxxx.xxxpredictiveمتوسط
35Filexxxxxxxxx/xxxxxx.xpredictiveعالي
36Filexxx.xpredictiveواطئ
37Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictiveعالي
38Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveعالي
39Filexxxxxxxx.xxxpredictiveمتوسط
40Filexxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveعالي
41Filexxxx-xxxxx_xxxxxxx.xxxpredictiveعالي
42Filexxxxx.xxxpredictiveمتوسط
43Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveعالي
44Filexxxxxx.xxxpredictiveمتوسط
45Filexxxxxx/xx/xxxx.xxxpredictiveعالي
46Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveعالي
47Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveعالي
48Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxx-xxxx&xxpredictiveعالي
49Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxxpredictiveعالي
50Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveعالي
51Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveعالي
52Libraryxxxxxxxx.xxxpredictiveمتوسط
53Argument--xxxpredictiveواطئ
54Argumentxxx_xxxxpredictiveمتوسط
55Argumentxxxxxpredictiveواطئ
56Argumentxxxxxxpredictiveواطئ
57Argumentxxxpredictiveواطئ
58Argumentxxxxxpredictiveواطئ
59Argumentxxx_xxpredictiveواطئ
60Argumentxxxpredictiveواطئ
61Argumentxxxx_xxpredictiveواطئ
62Argumentxxxx/xxxxpredictiveمتوسط
63Argumentxxxxxxxpredictiveواطئ
64Argumentxxpredictiveواطئ
65Argumentxxxx_xxxxxxxpredictiveمتوسط
66Argumentxxpredictiveواطئ
67Argumentxxxxpredictiveواطئ
68Argumentxxxxpredictiveواطئ
69Argumentxxpredictiveواطئ
70Argumentxxxxxxpredictiveواطئ
71Argumentxxxxpredictiveواطئ
72Argumentxxxxxpredictiveواطئ
73Argumentxxpredictiveواطئ
74Argumentxxxxxxxxpredictiveمتوسط
75Argumentxxxxxxxxpredictiveمتوسط
76Argumentxxxx_xxpredictiveواطئ
77Argumentxxxxxxxx_xxxx/xxxxxx_xx/xxxxxxxx_xxxpredictiveعالي
78Argumentxxxxxx/xxxxxpredictiveمتوسط
79Argumentxxxxxxpredictiveواطئ
80Argumentxxxxxxpredictiveواطئ
81Argumentxxxxxpredictiveواطئ
82Argumentxxxxxxxxxx[xxxx]predictiveعالي
83Argumentxxxxxxxxxxx_xxpredictiveعالي
84Argumentxxxpredictiveواطئ
85Argumentxxxpredictiveواطئ
86Argumentxxxxxxxxpredictiveمتوسط
87Argumentxxxx->xxxxxxxpredictiveعالي
88Input Value.%xx.../.%xx.../predictiveعالي
89Input Valuexxx.xxx[xxxxx]predictiveعالي
90Input Value…/.predictiveواطئ
91Patternxxxxxxxxpredictiveمتوسط
92Pattern|xx xx xx xx|predictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!