Ursu تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

التسلسل الزمني

اللغة

en32
ja10
zh8
fr2
jp2

البلد

us18
cn16
jp12
ru6

الفاعلين

Ursu7
Nanocore RAT1
Cobalt Strike1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined22
Social Network Software4
Content Management System4
Smartphone Operating System4
Network Attached Storage Software2

المجهز

Not Defined22
Google4
QNAP2
Brave2
Asus2

منتج

Dolphin4
Google Android4
Unisoc T6104
Unisoc T6064
Unisoc T7604

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Google Android Qualcomm Bootloader تجاوز الصلاحيات8.38.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2016-10276
2Synacor Zimbra Collaboration XML External Entity8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.02CVE-2016-9924
3Asus AsusWRT start_apply.htm تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.013500.04CVE-2018-20334
4Movable Type حقن إس كيو إل8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002490.03CVE-2016-5742
5Google Android Pendingintent تجاوز الصلاحيات7.36.1$25k-$100k$0-$5kUnprovenOfficial Fix0.001030.02CVE-2014-8609
6Simple Machines Forum LogInOut.php تجاوز الصلاحيات8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004890.00CVE-2016-5727
7Thymeleaf/spring-boot-admin HTML File تجاوز الصلاحيات6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000550.00CVE-2023-38286
8Lapce حالة السباق7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000530.00CVE-2023-3891
9Intel QAT Driver تلف الذاكرة8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-21804
10node-uuid GUID تشفير ضعيف5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002460.02CVE-2015-8851
11Microsoft Windows SmartScreen تجاوز الصلاحيات5.25.0$25k-$100k$5k-$25kFunctionalOfficial Fix0.006360.02CVE-2023-24880
12Brave Browser ipfs Scheme الحرمان من الخدمة5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001380.08CVE-2022-47932
13Quassel quasselcore datastreampeer.cpp processMessage(const تلف الذاكرة8.58.1$0-$5k$0-$5kNot DefinedOfficial Fix0.016010.00CVE-2018-1000178
14Unisoc S8000 WLAN Driver تلف الذاكرة6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2022-44448
15PostgreSQL Non-Temporary Object حقن إس كيو إل7.27.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002390.00CVE-2022-1552
16Ivanti Pulse Connect Secure Header تجاوز الصلاحيات5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000530.07CVE-2022-21826
17Intel Wireless Bluetooth/Killer Bluetooth الكشف عن المعلومات5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-23179
18Zoom Client for Meetings Auto Update توثيق ضعيف8.58.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-28757
19Dolphin photos_gallery.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.439870.02CVE-2006-4189
20Dolphin profile_video.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.439870.02CVE-2006-4189

IOC - Indicator of Compromise (50)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
114.0.32.88Ursu22/07/2021verifiedعالي
214.0.63.141Ursu22/07/2021verifiedعالي
314.11.5.18M014011005018.v4.enabler.ne.jpUrsu22/07/2021verifiedعالي
415.11.35.18Ursu22/07/2021verifiedعالي
523.3.13.88a23-3-13-88.deploy.static.akamaitechnologies.comUrsu22/07/2021verifiedعالي
627.254.66.8asn4.hostneverdie.comUrsu19/06/2022verifiedعالي
734.117.237.239239.237.117.34.bc.googleusercontent.comUrsu29/08/2021verifiedمتوسط
835.162.37.28ec2-35-162-37-28.us-west-2.compute.amazonaws.comUrsu22/07/2021verifiedمتوسط
944.230.33.128ec2-44-230-33-128.us-west-2.compute.amazonaws.comUrsu22/07/2021verifiedمتوسط
1044.236.48.31ec2-44-236-48-31.us-west-2.compute.amazonaws.comUrsu29/08/2021verifiedمتوسط
11XX.XXX.X.XXXxx-xxx-x-xxx.xxxxx-xx.xxxxx.xxxXxxx18/12/2021verifiedعالي
12XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxXxxx22/07/2021verifiedعالي
13XX.XXX.XXX.XXxxxx.xxxxxxx.xxxXxxx22/05/2022verifiedعالي
14XX.XX.XXX.XXXxxx.xxxxx.xxXxxx22/07/2021verifiedعالي
15XXX.XX.XXX.XXXxxx08/04/2022verifiedعالي
16XXX.XXX.XXX.XXxxx21/03/2023verifiedعالي
17XXX.XXX.XXX.XXxxx21/03/2023verifiedعالي
18XXX.XXX.XXX.XXxxx21/03/2023verifiedعالي
19XXX.XXX.XXX.XXXxxx21/03/2023verifiedعالي
20XXX.XXX.XXX.XXXxxx21/03/2023verifiedعالي
21XXX.XXX.XXX.XXXxxx21/03/2023verifiedعالي
22XXX.XXX.XXX.XXXXxxx21/03/2023verifiedعالي
23XXX.XXX.XXX.XXxxx21/03/2023verifiedعالي
24XXX.XXX.XXX.XXxxx21/03/2023verifiedعالي
25XXX.XXX.XXX.XXxxx21/03/2023verifiedعالي
26XXX.XXX.XXX.XXxxx21/03/2023verifiedعالي
27XXX.XXX.XXX.XXXxxx21/03/2023verifiedعالي
28XXX.XXX.XXX.XXXxxx21/03/2023verifiedعالي
29XXX.XX.XXX.XXXXxxx22/05/2022verifiedعالي
30XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxx18/12/2021verifiedعالي
31XXX.XX.XXX.XXxxx21/03/2023verifiedعالي
32XXX.XX.XXX.XXxxx21/03/2023verifiedعالي
33XXX.XX.XXX.XXxxx21/03/2023verifiedعالي
34XXX.XX.XXX.XXxxx21/03/2023verifiedعالي
35XXX.XX.XXX.XXXxxx21/03/2023verifiedعالي
36XXX.XX.XXX.XXXxxx21/03/2023verifiedعالي
37XXX.XX.XXX.XXXxxx21/03/2023verifiedعالي
38XXX.XX.XXX.XXXXxxx21/03/2023verifiedعالي
39XXX.XX.XXX.XXXXxxx21/03/2023verifiedعالي
40XXX.XX.XXX.XXXXxxx21/03/2023verifiedعالي
41XXX.XX.XXX.XXXXxxx21/03/2023verifiedعالي
42XXX.XX.XXX.XXxxxx.xxxxxxxxxxx.xxxXxxx22/07/2021verifiedعالي
43XXX.XXX.XX.XXXxxx23/07/2021verifiedعالي
44XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxx22/07/2021verifiedعالي
45XXX.XX.XX.XXXxxx22/07/2021verifiedعالي
46XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxx22/07/2021verifiedعالي
47XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxx22/07/2021verifiedمتوسط
48XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxx23/07/2021verifiedعالي
49XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxx18/12/2021verifiedعالي
50XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxx18/12/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1059CWE-94Argument Injectionpredictiveعالي
2T1059.007CWE-79Cross Site Scriptingpredictiveعالي
3T1068CWE-264, CWE-269Execution with Unnecessary Privilegespredictiveعالي
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
10TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي
11TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File$SPLUNK_HOME/etc/splunk-launch.confpredictiveعالي
2File/config/getuserpredictiveعالي
3File/start_apply.htmpredictiveعالي
4Filexxxxxxxxxxxxxx.xxxpredictiveعالي
5Filexxxxxxx_xxxx.xxxx.xxx/xxxxxxx_xxxx.xxxpredictiveعالي
6Filexxxxxx.xxxxpredictiveمتوسط
7Filexxxxxxxx.xxxpredictiveمتوسط
8Filexxxxxx_xxxxxxx.xxxpredictiveعالي
9Filexxxxxxx_xxxxx.xxxpredictiveعالي
10Filexxxxxx.xxxpredictiveمتوسط
11Filexxxxxxxxxxxx.xxxpredictiveعالي
12Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
13Filexxxxxx.xxxpredictiveمتوسط
14Argument$_xxxxxx['xxxx_xxxx_xxxxx']predictiveعالي
15Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxpredictiveعالي
16Argumentxxxxxxx-xxxxxxpredictiveعالي
17Argumentxxx[xxx]predictiveمتوسط
18Argumentxx_xxxxxpredictiveمتوسط
19Argumentxxxxx_xxxpredictiveمتوسط
20Input Valuexxx.xxx[xxxxx]predictiveعالي
21Pattern|xx|xx|xx|predictiveمتوسط

المصادر (10)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you need the next level of professionalism?

Upgrade your account now!