TA428 تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (150)

التسلسل الزمني

اللغة

en110
zh30
es4
ar2
de2

البلد

cn50
us48
es4
ru2

الفاعلين

TA4289
TA5051
Mirai1
RedLine Stealer1
Cobalt Strike1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined62
Content Management System10
Web Server8
Router Operating System8
WordPress Plugin6

المجهز

Not Defined64
Microsoft12
Qualcomm4
Samsung4
Google4

منتج

WordPress6
Microsoft Windows6
Qualcomm Snapdragon Auto4
Qualcomm Snapdragon Compute4
Qualcomm Snapdragon Consumer IOT4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
3Sir GNUboard حقن إس كيو إل6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00112CVE-2014-2339
4Devilz Clanportal حقن إس كيو إل7.37.0$0-$5k$0-$5kHighOfficial Fix0.000.00684CVE-2006-6339
5WordPress WP_Query class-wp-query.php حقن إس كيو إل8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611
6Cisco ASA WebVPN Login Page logon.html سكربتات مشتركة4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00192CVE-2014-2120
7Microsoft Windows Registry Password الكشف عن المعلومات3.73.6$25k-$100k$0-$5kNot DefinedWorkaround0.020.00000
8Brocade Fabric OS CLI Local Privilege Escalation7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00042CVE-2022-33182
9WordPress Password Reset wp-login.php mail تجاوز الصلاحيات6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.02827CVE-2017-8295
10PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00108CVE-2022-24663
11Microsoft Windows ICMP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.02758CVE-2023-23415
12Microsoft Windows Win32k Local Privilege Escalation7.87.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.00264CVE-2023-29336
13Google WebP libwebp تلف الذاكرة7.57.4$5k-$25k$0-$5kHighOfficial Fix0.030.49095CVE-2023-4863
14RARLabs WinRAR ZIP Archive Remote Code Execution6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.120.40418CVE-2023-38831
15SourceCodester Doctors Appointment System login.php حقن إس كيو إل7.47.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00064CVE-2023-4219
16Microsoft Excel Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00113CVE-2023-33158
17Microsoft Visual Studio ثغرات غير معروفة5.14.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00078CVE-2023-28299
18Microsoft Office Local Privilege Escalation7.06.4$0-$5k$0-$5kUnprovenOfficial Fix0.020.00411CVE-2023-33146
19Th3-822 Rapidleech zip.php zip_go سكربتات مشتركة4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00063CVE-2021-4312
20Google Chrome Blink تجاوز الصلاحيات6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00133CVE-2022-3315

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
15.180.174.10TA42816/08/2022verifiedعالي
245.63.27.16245.63.27.162.vultrusercontent.comTA42816/08/2022verifiedعالي
3XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx16/02/2024verifiedعالي
4XX.XXX.XXX.XXXXxxxx16/08/2022verifiedعالي
5XX.XX.XXX.XXXxxx-xxxxxxxx.xxx.xxx.xxxXxxxx16/08/2022verifiedعالي
6XX.XXX.XXX.XXxxxxxxxxxx.xxXxxxx16/02/2024verifiedعالي
7XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx16/02/2024verifiedعالي
8XXX.XXX.XXX.XXXxxxxxxxxx.xxxxx.xxxXxxxx16/08/2022verifiedعالي
9XXX.XXX.XX.XXxxx-xxx-xx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxx16/02/2024verifiedعالي
10XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx16/08/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveعالي
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
4T1059CWE-94Argument Injectionpredictiveعالي
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
10TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
12TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictiveعالي
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
16TXXXX.XXXCWE-XXXXxxxxxxxpredictiveعالي
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
18TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/+CSCOE+/logon.htmlpredictiveعالي
2File/api/adduserspredictiveعالي
3File/debug/pprofpredictiveمتوسط
4File/forum/away.phppredictiveعالي
5File/uncpath/predictiveمتوسط
6Fileadclick.phppredictiveمتوسط
7Fileadmin.cgi?action=%spredictiveعالي
8Filexxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveعالي
9Filexxxxx.xxxpredictiveمتوسط
10Filexxxxxxxx.xxxpredictiveمتوسط
11Filexxxxx/xxxxxxx.xxxpredictiveعالي
12Filexxxxxxx/xxxxxxx/xxx.xxxpredictiveعالي
13Filexxxxxx.xxxpredictiveمتوسط
14Filexxxxxxxxxxx/xxxxxx/xxx.xxxpredictiveعالي
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
16Filexxxxxx.xxxpredictiveمتوسط
17Filexxxx_xxx.xxxpredictiveمتوسط
18Filexxx/xxxxxx.xxxpredictiveعالي
19Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveعالي
20Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveعالي
21Filexxxxxxxxxxx/xx_xxxx.xpredictiveعالي
22Filexxx\xxxxxxx\xxxxxxxx\xxxxx.xxxxxxxxxxxxxxx.xxxpredictiveعالي
23Filexxxxx.xxxpredictiveمتوسط
24Filexxx_xxxxxx_xxxxxx.xxpredictiveعالي
25Filexxxxxx/xxxxxxxxxxx.xxx?xxxx=xx&x=xxxxxxxpredictiveعالي
26Filexxx/xxxxx_xxxx.xpredictiveعالي
27Filexxxxxx/xxxxxxxxxx.xxxpredictiveعالي
28Filexxxxxxxxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveعالي
29Filexxxxxxxx_xxxx.xxxpredictiveعالي
30Filexxxxxxx.xxx/xxxxx.xxxpredictiveعالي
31Filexxxxxxxxxxx.xxxpredictiveعالي
32Filexxxxx.xxxpredictiveمتوسط
33Filexxxxxxxxxxxxxxx.xxxpredictiveعالي
34Filexxx/xxx/xxx_xxxx/xxxx.xpredictiveعالي
35Filexxx/xxxxxxx.xpredictiveعالي
36Filexxxxxxxxxx.xxxpredictiveعالي
37Filexxxxxxxxxx.xxxxpredictiveعالي
38Filexx-xxxxx-xxxxxx.xxxpredictiveعالي
39Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
40Filexx-xxxxx.xxxpredictiveمتوسط
41Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveعالي
42Libraryxxx_xxxx.xxxpredictiveمتوسط
43Libraryxxxxxxxxxxxxxxx.xxxpredictiveعالي
44Argumentxxxxxxxpredictiveواطئ
45Argumentxxxxxxxxpredictiveمتوسط
46Argumentxxxxx_xxxxpredictiveمتوسط
47Argumentxxxxx_xxxx/xx_xxxxx_xxxxx_xx/xx_xxxxx_xxxxx_xxxxx_xxxx_xxxx/xxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxx_xxxxxpredictiveعالي
48Argumentxxxxxxxpredictiveواطئ
49Argumentxxxxxxxxxxxxpredictiveمتوسط
50Argumentxxxx_xxxpredictiveمتوسط
51Argumentxxxxpredictiveواطئ
52Argumentxxxxpredictiveواطئ
53Argumentxxpredictiveواطئ
54Argumentxxxxxpredictiveواطئ
55Argumentxxxxxxx_xxxxpredictiveمتوسط
56Argumentxxxxxxpredictiveواطئ
57Argumentxxxxpredictiveواطئ
58Argumentxxxxxxxxxpredictiveمتوسط
59Argumentxxxx->xxxxxxxpredictiveعالي
60Input Value..predictiveواطئ
61Input Value/../predictiveواطئ

المصادر (4)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!