VBREVSHELL تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (126)

اللغة

en	118
zh	8

البلد

us	98
cn	12
gb	2
nl	2

الفاعلين

VBREVSHELL	6
Cobalt Strike	3
HyperBro	1

الاهتمام

النوع

Router Operating System	6
Not Defined	6
Network Camera Software	4
Smartphone Operating System	2
Forum Software	2

المجهز

Not Defined	8
Cisco	6
Microsoft	4
Google	2
AVTECH	2

منتج

Google Android	2
jforum	2
AVTECH IP Camera	2
AVTECH NVR	2
AVTECH DVR	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	EPSS	CTI	CVE
1	Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit سكربتات مشتركة	3.2	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00127	0.09	CVE-2018-25085
2	Microsoft Windows NetBIOS WinNuke الحرمان من الخدمة	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.00304	0.03	CVE-1999-0153
3	jforum User تجاوز الصلاحيات	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.03	CVE-2019-7550
4	python-django تجاوز الصلاحيات	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00209	0.00	CVE-2023-31047
5	Palo Alto PAN-OS Web Interface تجاوز الصلاحيات	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00182	0.02	CVE-2021-3050
6	Cisco Packaged Contact Center Enterprise تجاوز الصلاحيات	9.9	9.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00162	0.04	CVE-2024-20253
7	Paddle الحرمان من الخدمة	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00046	0.04	CVE-2023-38677
8	DolphinPHP Incomplete Fix CVE-2021-46097 common.php تجاوز الصلاحيات	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01283	0.03	CVE-2023-0935
9	PbootCMS GET Request حقن إس كيو إل	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00109	0.05	CVE-2021-37497
10	October CMS Admin Panel تجاوز الصلاحيات	5.8	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00090	0.06	CVE-2022-35944
11	WordPress سكربتات مشتركة	4.3	4.1	$5k-$25k	$0-$5k	High	Official Fix	0.00192	0.00	CVE-2008-2068
12	Microsoft IIS سكربتات مشتركة	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.24	CVE-2017-0055
13	Goahead Web Server Multi-Part Request تلف الذاكرة	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Workaround	0.47818	0.04	CVE-2019-5096
14	Bitcoin wallet.dat AES Encryption Padding تشفير ضعيف	7.1	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.12
15	QNAP QTS Helpdesk تجاوز الصلاحيات	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00274	0.03	CVE-2018-0714
16	Linux Kernel Call tcp_collapse_ofo_queue تجاوز الصلاحيات	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.78302	0.04	CVE-2018-5390
17	Cisco Linksys Router tmUnblock.cgi تجاوز الصلاحيات	9.8	9.2	$25k-$100k	$0-$5k	High	Workaround	0.00000	0.00
18	AVTECH IP Camera/NVR/DVR PwdGrp.cgi تجاوز الصلاحيات	9.8	9.2	$5k-$25k	$0-$5k	High	Unavailable	0.00000	0.03
19	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.03	CVE-2018-6200
20	Google Android Ashmem تلف الذاكرة	6.5	5.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00101	0.03	CVE-2017-13216

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	Identified	النوع	الثقة
1	8.134.126.121		VBREVSHELL	01/04/2024	verified	عالي
2	27.124.47.147		VBREVSHELL	15/10/2023	verified	عالي
3	45.77.250.196	45.77.250.196.vultrusercontent.com	VBREVSHELL	29/11/2023	verified	عالي
4	XX.XXX.XXX.XX		Xxxxxxxxxx	21/10/2023	verified	عالي
5	XX.XXX.XXX.XX		Xxxxxxxxxx	03/11/2023	verified	عالي
6	XX.XX.XX.XX		Xxxxxxxxxx	29/11/2023	verified	عالي
7	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxx	09/03/2024	verified	عالي
8	XXX.XXX.XXX.XX	xxx-xxx-xxx-xxx-xx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxxxxxx	29/10/2023	verified	عالي
9	XXX.XXX.XXX.XX		Xxxxxxxxxx	10/11/2023	verified	عالي
10	XXX.XXX.XXX.XX		Xxxxxxxxxx	15/10/2023	verified	عالي
11	XXX.XXX.XX.XXX		Xxxxxxxxxx	15/10/2023	verified	عالي
12	XXX.XX.XX.XXX	xxx-xx-xx-xxx-xxxxxxxxx.xxxxxxxx.xxx	Xxxxxxxxxx	15/10/2023	verified	عالي

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الفئة	الثغرات	متجه الوصول	النوع	الثقة
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	عالي
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	عالي
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
4	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	عالي
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	عالي
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	عالي
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
8	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	عالي
9	TXXXX	CAPEC-157	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	عالي
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/cgi-bin/supervisor/PwdGrp.cgi	predictive	عالي
2	File	/uncpath/	predictive	متوسط
3	File	common.php	predictive	متوسط
4	File	xxxxxxxxxx.xxx	predictive	عالي
5	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	عالي
6	File	xxxxxxxxxx_xxxxx.xxxxxx	predictive	عالي
7	File	xxxxx.xxx	predictive	متوسط
8	File	xxxxxxxxx.xxx	predictive	عالي
9	File	xxxxxx.xxx	predictive	متوسط
10	Argument	xxxxx.xxxxxxxxx/xxxxx.xxxxxxxxxx	predictive	عالي
11	Argument	xx	predictive	واطئ
12	Argument	xxxxxxxx	predictive	متوسط
13	Argument	xxxx_xx	predictive	واطئ
14	Argument	xxx	predictive	واطئ
15	Network Port	xxx/xxxx	predictive	متوسط

المصادر (13)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Do you need the next level of professionalism?

Upgrade your account now!