Syrian Electronic Army تحليل

IOB - Indicator of Behavior (313)

التسلسل الزمني

اللغة

en292
es10
ar4
pt2
de2

البلد

us170
cn80
ir28
et8
es8

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Microsoft Office14
Microsoft Windows12
Microsoft IIS10
Oracle WebLogic Server8
WordPress8

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Microsoft Windows SMB تجاوز الصلاحيات7.77.1$25k-$100k$0-$5kHighOfficial Fix0.000.97446CVE-2017-0144
2Cisco IOS NTP Interface Queue تجاوز الصلاحيات7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00563CVE-2016-1478
3Microsoft Word/Office/Outlook RTF Document تلف الذاكرة10.09.6$25k-$100k$0-$5kHighOfficial Fix0.000.61445CVE-2014-1761
4Peplink Balance Cookie admin.cgi حقن إس كيو إل8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.01457CVE-2017-8835
5vsftpd deny_file ثغرات غير معروفة3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00312CVE-2015-1419
6Citrix Netscaler SD-WAN Session ID Cookie تجاوز الصلاحيات9.89.4$5k-$25kجاري الحسابHighOfficial Fix0.000.96168CVE-2017-6316
7Saxum Picker حقن إس كيو إل8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00282CVE-2018-7178
8Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
9TVT Dvr Firmware اجتياز الدليل7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.15391CVE-2013-6023
10D-Link IP Cameras rtpd.cgi تكوين خاطئ9.88.8$5k-$25kجاري الحسابProof-of-ConceptOfficial Fix0.020.91288CVE-2013-1599
11Microsoft IIS IP/Domain Restriction تجاوز الصلاحيات6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.030.00817CVE-2014-4078
12Linksys WVC11B main.cgi سكربتات مشتركة4.34.3$0-$5kجاري الحسابNot DefinedNot Defined0.040.01569CVE-2004-2508
13Yiiframework تجاوز الصلاحيات7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00554CVE-2014-4672
14RealNetworks RealServer Port 7070 Service الحرمان من الخدمة7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.030.02116CVE-2000-0272
15phpMyAdmin grab_globals.lib.php اجتياز الدليل4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.02334CVE-2005-3299
16Huawei SXXXX XML Parser تجاوز الصلاحيات3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00056CVE-2017-15346
17WordPress Installation functions.php is_blog_installed تجاوز الصلاحيات8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.02421CVE-2020-28037
18Plupload plupload.flash.swf سكربتات مشتركة6.15.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01019CVE-2016-4566
19Telerik Progress UI for ASP.NET AJAX Telerik.Web.UI تشفير ضعيف8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.08137CVE-2017-11317
20WordPress Password Reset wp-login.php mail تجاوز الصلاحيات6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.02827CVE-2017-8295

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
131.8.47.7h31-8-47-7.dyn.bashtel.ruSyrian Electronic Army01/01/2021verifiedعالي
231.8.48.7h31-8-48-7.dyn.bashtel.ruSyrian Electronic Army01/01/2021verifiedعالي
331.9.48.1Syrian Electronic Army01/01/2021verifiedعالي
431.9.48.7Syrian Electronic Army01/01/2021verifiedعالي
531.9.48.11Syrian Electronic Army01/01/2021verifiedعالي
631.9.48.84Syrian Electronic Army01/01/2021verifiedعالي
731.9.48.119Syrian Electronic Army01/01/2021verifiedعالي
831.9.48.141Syrian Electronic Army01/01/2021verifiedعالي
9XX.X.XX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
10XX.X.XX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
11XX.X.XX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
12XX.XX.XX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
13XX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
14XX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
15XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
16XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
17XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
18XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
19XX.X.XX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
20XX.XX.XX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
21XX.X.XX.XXxxxxx.xx.x.xx.xx.xxxxxxx.xxXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
22XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
23XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
24XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
25XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
26XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
27XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
28XXX.XX.X.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
29XXX.XX.XX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
30XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
31XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
32XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
33XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
34XXX.XX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
35XXX.XX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
36XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
37XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
38XXX.XX.XXX.XXxxxx.xxx-xxxxx.xxxxxxxx.xxxx.xxXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي
39XXX.X.X.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
9TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
11TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictiveعالي
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
13TXXXX.XXXCWE-XXXXxxxxxxxpredictiveعالي
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
15TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (107)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/.ssh/authorized_keys2predictiveعالي
2File/anony/mjpg.cgipredictiveعالي
3File/forms/doLoginpredictiveعالي
4File/html/device-idpredictiveعالي
5File/uncpath/predictiveمتوسط
6Filea2dp_aac_decoder.ccpredictiveعالي
7Fileactbar3.ocxpredictiveمتوسط
8Fileadclick.phppredictiveمتوسط
9Fileadmin.phppredictiveمتوسط
10Fileadmin/users/addpredictiveعالي
11Fileadministrator/components/com_media/helpers/media.phppredictiveعالي
12Fileajax-actions.phppredictiveعالي
13Filexxxxxxxxxxx/xxxxxxxxxx.xxpredictiveعالي
14Filexxxxx.xxxpredictiveمتوسط
15Filexxxxxxxx.xxxpredictiveمتوسط
16Filexxxxxxxxx.xxxpredictiveعالي
17Filexxxxxx.xxxpredictiveمتوسط
18Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveعالي
19Filexxxxx.xxxxxxxxx.xxxpredictiveعالي
20Filexxxxxxxxxxxx.xxxxpredictiveعالي
21Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
22Filexxxxxxx/xxxx/xxxx/xxxx.xpredictiveعالي
23Filexxxxxxx.xxxpredictiveمتوسط
24Filexxxx/xxxxxxxxxx/xxxxxx-xxxxxxx.xpredictiveعالي
25Filexxx/xxxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveعالي
26Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveعالي
27Filexxxx_xxxxxxx.xxx.xxxpredictiveعالي
28Filexx/xxx/xxx-xxxx.xpredictiveعالي
29Filexxxxx.xxx.xxxpredictiveعالي
30Filexxxxx.xxxpredictiveمتوسط
31Filexxxxxxxxx.xxxpredictiveعالي
32Filexxxxxx.xpredictiveمتوسط
33Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveعالي
34Filexxxx.xxxpredictiveمتوسط
35Filexxx_xxx_xxxxxx.xpredictiveعالي
36Filexxx_xxxxx_xxxx.xpredictiveعالي
37Filexxxxx.xxxpredictiveمتوسط
38Filexxxxx.xxxpredictiveمتوسط
39Filexxx/xxxxxx/xx_xxxxxx.xpredictiveعالي
40Filexxx.xxxpredictiveواطئ
41Filexxxxxxxx.xxxxx.xxxpredictiveعالي
42Filexxxxx_xxx.xxxpredictiveعالي
43Filexxxxxxx.xxxpredictiveمتوسط
44Filexxxxxxx_xxxx.xxxpredictiveعالي
45Filexxxxxxx.xpredictiveمتوسط
46Filexxxxx/xxxxx.xxxpredictiveعالي
47Filexxxxxxxxxxxxxxxx.xxpredictiveعالي
48Filexxxxxx.xxxpredictiveمتوسط
49Filexxxx.xxxpredictiveمتوسط
50Filexxx/xxxxxxxx.xpredictiveعالي
51Filexxxxxxxxx.xxxpredictiveعالي
52Filexxxxxxx.xxxpredictiveمتوسط
53Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveعالي
54Filexxx.xxxpredictiveواطئ
55Filexx-xxxxx/xxxxx.xxxpredictiveعالي
56Filexx-xxxxx/xxxx.xxxpredictiveعالي
57Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
58Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveعالي
59Filexx-xxxxx.xxxpredictiveمتوسط
60Library/xxx/xxxxx/xxxxxxxxx.xxpredictiveعالي
61Libraryxxxxxx.xxxpredictiveمتوسط
62Libraryxxxxx.xxxpredictiveمتوسط
63Libraryxxxxx.xxxpredictiveمتوسط
64Libraryxxxxxx.xxxpredictiveمتوسط
65Libraryxxxxxxxxxx/xxxxxx_xxxxxxxxx.xpredictiveعالي
66Libraryxxxxxxxx.xxxpredictiveمتوسط
67Libraryxxxxxxxxxxxxxxxx.xxxpredictiveعالي
68Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveعالي
69Libraryxxxxxx.xxxpredictiveمتوسط
70Libraryxxxxxx.xxxpredictiveمتوسط
71Argument$xxxxpredictiveواطئ
72Argumentxxxxxpredictiveواطئ
73Argumentxxxxxxxxxxpredictiveمتوسط
74Argumentxxxxxxxxxx_xxxxpredictiveعالي
75Argumentxxx_xxpredictiveواطئ
76Argumentxxxxxxxpredictiveواطئ
77Argumentxxxxxxxxxxpredictiveمتوسط
78Argumentxxxx/xxxx/xxxxxxxxxpredictiveعالي
79Argumentxxxxxpredictiveواطئ
80Argumentxxxxxpredictiveواطئ
81Argumentxxxxx xxxxpredictiveمتوسط
82Argumentxxxx_xxxxxx[xxxxx]predictiveعالي
83Argumentxxxxpredictiveواطئ
84Argumentxxxxxxxpredictiveواطئ
85Argumentxxxxpredictiveواطئ
86Argumentxxpredictiveواطئ
87Argumentxxxxxxx_xxxxpredictiveمتوسط
88Argumentx_xxxxxx_xxxxx_xxxxpredictiveعالي
89Argumentxxxx_xxxxpredictiveمتوسط
90Argumentxxxxxxxx_xxpredictiveمتوسط
91Argumentxxxxxxxxpredictiveمتوسط
92Argumentxxxxxxpredictiveواطئ
93Argumentxxxxxxxpredictiveواطئ
94Argumentxxxpredictiveواطئ
95Argumentxxxxpredictiveواطئ
96Argumentxxxxpredictiveواطئ
97Argumentxxxxxpredictiveواطئ
98Argumentxx_xxxx_xxxpredictiveمتوسط
99Argumentxxxxxxxx/xxxxxxxxpredictiveعالي
100Argumentxxxxxxxxxxxxpredictiveمتوسط
101Pattern|xx|xx|xx|predictiveمتوسط
102Network Portxxxxpredictiveواطئ
103Network Portxxx/xxxx (xxxxx)predictiveعالي
104Network Portxxx/xxxxpredictiveمتوسط
105Network Portxxx/xxx (xxx)predictiveعالي
106Network Portxxx/xxx (xxxx)predictiveعالي
107Network Portxxx xxxxxx xxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!