South Asia Unknown تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (114)

التسلسل الزمني

اللغة

en98
de12
ja4

البلد

us74
ir6
ru6
gb6
de4

الفاعلين

Patchwork6
Hackers-for-Hire3
Remcos3
AsyncRAT3
Meterpreter3

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined46
Content Management System22
Router Operating System6
Operating System4
Web Server4

المجهز

Not Defined38
Apache8
D-Link4
Microsoft4
Joomla4

منتج

WordPress8
D-Link DIR-6154
Joomla CMS4
Apache HTTP Server4
Accellion FTA4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Secomea GateManager تجاوز الصلاحيات5.95.7$0-$5kجاري الحسابNot DefinedOfficial Fix0.020.00054CVE-2022-25782
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3Alt-N MDaemon Worldclient تجاوز الصلاحيات4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00090CVE-2021-27182
4TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose تلف الذاكرة7.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.020.05451CVE-2019-6989
5Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
6GPAC mpd.c gf_mpd_parse_string الحرمان من الخدمة4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00044CVE-2023-48039
7Trellix ePolicy Orchestrator URL Parameter Redirect4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00048CVE-2023-5445
8ethyca Fides تشفير ضعيف7.97.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00088CVE-2023-48224
9Totolink X6000R sub_4155DC تجاوز الصلاحيات7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00200CVE-2023-46413
10Oracle Siebel CRM EAI Open UI الحرمان من الخدمة7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00094CVE-2023-1370
11D-Link DIR-820L تجاوز الصلاحيات7.67.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00671CVE-2023-44809
12Apache Airflow DAG الكشف عن المعلومات5.04.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00059CVE-2023-42663
13MediaTek MT6885 Video تلف الذاكرة5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2023-32821
14Tiki Admin Password tiki-login.php توثيق ضعيف8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix4.370.00936CVE-2020-15906
15Joomla CMS gmail.php الكشف عن المعلومات3.33.3$5k-$25k$0-$5kNot DefinedNot Defined0.020.00000
16Joomla CMS GMail Authentication تجاوز الصلاحيات5.34.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00370CVE-2014-7984
17TikiWiki tiki-register.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix7.410.01009CVE-2006-6168
18PHP PHAR phar_dir_read تلف الذاكرة8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00126CVE-2023-3824
19Zammad الكشف عن المعلومات6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00201CVE-2022-35490
20Debian Linux smokeping smokeping_cgi Remote Code Execution7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00863CVE-2015-0859

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
123.82.19.250South Asia Unknown10/08/2022verifiedعالي
245.89.175.206South Asia Unknown10/08/2022verifiedعالي
345.138.172.54South Asia Unknown10/08/2022verifiedعالي
469.175.35.9898.35.175.69.unassigned.ord.singlehop.netSouth Asia Unknown10/08/2022verifiedعالي
5XX.XX.XXX.XXXxxxx.xxxxxx.xxXxxxx Xxxx Xxxxxxx01/06/2021verifiedعالي
6XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx01/06/2021verifiedعالي
7XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx01/06/2021verifiedعالي
8XXX.XXX.XX.XXXxxxxx.xx-xxx-xxx-xx.xxxXxxxx Xxxx Xxxxxxx10/08/2022verifiedعالي
9XXX.XX.XX.XXXxxxx Xxxx Xxxxxxx10/08/2022verifiedعالي
10XXX.XXX.XX.XXXxxxx Xxxx Xxxxxxx01/06/2021verifiedعالي
11XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxx.xxxXxxxx Xxxx Xxxxxxx10/08/2022verifiedعالي
12XXX.XX.XX.XXxx-xx-xx.xxxxxxxx.xxXxxxx Xxxx Xxxxxxx01/06/2021verifiedعالي
13XXX.XXX.XXX.XXxxxx Xxxx Xxxxxxx01/06/2021verifiedعالي
14XXX.XXX.XXX.Xxxx.xxx.xxx.x.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx01/06/2021verifiedعالي
15XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx01/06/2021verifiedعالي
16XXX.XX.XX.XXXXxxxx Xxxx Xxxxxxx10/08/2022verifiedعالي
17XXX.XXX.XX.XXXxxxx Xxxx Xxxxxxx10/08/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
8TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
10TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
13TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/EXCU_SHELLpredictiveمتوسط
2File/my_photo_gallery/image.phppredictiveعالي
3File/phppath/phppredictiveمتوسط
4File/real-estate-script/search_property.phppredictiveعالي
5File/reps/classes/Users.php?f=delete_agentpredictiveعالي
6File/uncpath/predictiveمتوسط
7FileAdmin/edit-admin.phppredictiveعالي
8Fileapp/topic/action/admin/topic.phppredictiveعالي
9Filecategory.asppredictiveمتوسط
10Filexxxxxxxx.xxxpredictiveمتوسط
11Filexxxxxxxxxx_xxxxx.xxxpredictiveعالي
12Filexxxxxxx/xxxx@/xxxxx/xxxxxxxxxx/xxxxxxxx.xxxxpredictiveعالي
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
14Filexxxxxxx.xxxpredictiveمتوسط
15Filexxxxxxx.xxxxx.xxxpredictiveعالي
16Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
17Filexxxxx_xxx_xxxxx.xxxpredictiveعالي
18Filexxxxxxxxx.xxxpredictiveعالي
19Filexxxxxxx.xxxpredictiveمتوسط
20Filexxxxx.xxxpredictiveمتوسط
21Filexxxx/xxxx/xxxxxxx/xxx/xxxxxxxxxxxxxx.xxxx.xxxpredictiveعالي
22Filexxxx/xxxxxxx.xxxpredictiveعالي
23Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveعالي
24Filexxxxx.xxxpredictiveمتوسط
25Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveعالي
26Filexxxx_xxxx.xxxpredictiveعالي
27Filexxxxx_xxxxx/xxx.xpredictiveعالي
28Filexxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxxx.xpredictiveعالي
29Filexxx_xxxx_xxxxx.xpredictiveعالي
30Filexxxxxxx.xxxpredictiveمتوسط
31Filexxxxxxxxxxxxx.xxxpredictiveعالي
32Filexxxxxxxxxxxxxx.xxxpredictiveعالي
33Filexxxxxxxxxx.xxxpredictiveعالي
34Filexxxx.xxxpredictiveمتوسط
35Filexxxxxxxxx.xxxpredictiveعالي
36Filexxxxxxxxx_xxxpredictiveعالي
37Filexxxx-xxxxx.xxxpredictiveعالي
38Filexxxx-xxxxxxxx.xxxpredictiveعالي
39Filexxxx_xxxxxx.xxxpredictiveعالي
40Filexxxxx.xpredictiveواطئ
41Filexxxxx/xxxxx.xxpredictiveعالي
42Filexxxxxxx/xxxxxx/xxxxxxxxxxx.xxxpredictiveعالي
43Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
44Argumentxxxxxxxpredictiveواطئ
45Argumentxxx_xxxxx_xxxxpredictiveعالي
46Argumentxxxxxxxpredictiveواطئ
47Argumentxxx_xxpredictiveواطئ
48Argumentxxxx_xxpredictiveواطئ
49Argumentxxxxxpredictiveواطئ
50Argumentxxpredictiveواطئ
51Argumentxxxpredictiveواطئ
52Argumentxxxxxpredictiveواطئ
53Argumentxxxxxxxxxpredictiveمتوسط
54Argumentxxxxxxxx_xxxpredictiveمتوسط
55Argumentxxxxxxxxpredictiveمتوسط
56Argumentxxxpredictiveواطئ
57Argumentxxxxxxxx_xxxpredictiveمتوسط
58Argumentxxx_xxxxpredictiveمتوسط
59Argumentxxxxpredictiveواطئ
60Argumentxxxxxxxpredictiveواطئ
61Argumentxxxxxxpredictiveواطئ
62Argumentxxxxx_xxxpredictiveمتوسط
63Argumentxxxxx_xxxxpredictiveمتوسط
64Argumentxxxxxpredictiveواطئ
65Argumentxxxxxxxxpredictiveمتوسط
66Argumentxxxx->xxxxxxxpredictiveعالي
67Argument_xxxxpredictiveواطئ
68Input Value%xxpredictiveواطئ
69Input Value.%xx.../.%xx.../predictiveعالي
70Input Value../predictiveواطئ
71Input Valuexxx xxxxxxxxpredictiveمتوسط
72Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictiveعالي
73Network Portxxx/xx (xxxxxx)predictiveعالي

المصادر (4)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!