Winter Vivern تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (148)

التسلسل الزمني

اللغة

en104
ru16
ar6
ko4
ja4

البلد

us60
ru18
il16
ar6
pl4

الفاعلين

Winter Vivern8
Mirai5
RedLine Stealer5
Cobalt Strike4
BitRAT3

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined54
Operating System12
Content Management System8
WordPress Plugin6
Smartphone Operating System6

المجهز

Not Defined48
Microsoft14
Google6
Tenda4
Kbase2

منتج

Microsoft Windows10
Google Android4
Kbase Doc2
Intel Data Center Manager SDK2
Better Messages Plugin2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Vmware Workspace ONE Access/Identity Manager Template تجاوز الصلاحيات9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.974360.04CVE-2022-22954
2nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.64CVE-2020-12440
3binutils Table elf.c _bfd_elf_slurp_version_tables تلف الذاكرة5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.00CVE-2023-1972
4Looknet FineShop index.php سكربتات مشتركة4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.005870.00CVE-2006-3235
5woocommerce-gutenberg-products-block حقن إس كيو إل7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.097680.00CVE-2021-32789
6Microsoft Windows تجاوز الصلاحيات5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000830.02CVE-2019-1074
7BTCPay Server Payment Button Privilege Escalation6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001660.02CVE-2021-29249
8BTCPay Server POS Add Products سكربتات مشتركة3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.02CVE-2021-29250
9MikroTik RouterOS SMB تلف الذاكرة8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.880650.02CVE-2018-7445
10cPanel cpsrvd سكربتات مشتركة5.04.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.03CVE-2023-29489
11Next.js _error.js Redirect5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2021-37699
12OpenBSD OpenSSH PKCS 11 تجاوز الصلاحيات7.47.1$5k-$25k$5k-$25kProof-of-ConceptOfficial Fix0.029990.13CVE-2023-38408
13Aquifer CMS index.asp سكربتات مشتركة4.34.1$0-$5kجاري الحسابProof-of-ConceptNot Defined0.004140.00CVE-2006-0122
14Netsweeper index.php توثيق ضعيف7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.077880.00CVE-2014-9611
15Basti2web Book Panel books.php حقن إس كيو إل7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.04CVE-2009-4889
16SourceCodester Online Clothing Store offer.php سكربتات مشتركة4.84.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.002200.00CVE-2020-28139
17Apache HTTP Server mod_proxy تجاوز الصلاحيات7.47.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.007390.04CVE-2023-25690
18Citrix NetScaler ADC/NetScaler Gateway تجاوز الصلاحيات9.89.6$25k-$100k$5k-$25kHighOfficial Fix0.911860.00CVE-2023-3519
19FluentForm Plugin حقن إس كيو إل4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.000760.02CVE-2023-24410
20wkhtmltopdf HTML File اجتياز الدليل5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.004800.04CVE-2020-21365

حملات (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-5631

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
137.252.5.133Winter Vivern22/03/2022verifiedعالي
237.252.9.123gw.r-service.infoWinter Vivern22/03/2022verifiedعالي
338.180.76.31Winter VivernCVE-2023-563129/10/2023verifiedعالي
4XX.XXX.XXX.XXXXxxxxx Xxxxxx20/03/2024verifiedعالي
5XX.XX.XXX.XXXXxxxxx Xxxxxx20/03/2024verifiedعالي
6XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxx.xxXxxxxx Xxxxxx05/04/2023verifiedعالي
7XXX.XX.XX.XXXxxxxx Xxxxxx05/04/2023verifiedعالي
8XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxx.xxxXxxxxx Xxxxxx05/04/2023verifiedعالي
9XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxx.xxxXxxxxx Xxxxxx05/04/2023verifiedعالي
10XXX.XXX.XXX.XXXxxxxx Xxxxxx22/03/2022verifiedعالي
11XXX.XX.XXX.XXXxxxxx Xxxxxx05/04/2023verifiedعالي

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22Path Traversalpredictiveعالي
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveعالي
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
4T1059CWE-94Argument Injectionpredictiveعالي
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictiveعالي
11TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
12TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictiveعالي
14TXXXXCWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx Xxxxxpredictiveعالي
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/scripts/pi-hole/phpqueryads.phppredictiveعالي
2File/etc/gsissh/sshd_configpredictiveعالي
3File/goform/WifiBasicSetpredictiveعالي
4File/login/index.phppredictiveعالي
5File/out.phppredictiveمتوسط
6File/spip.phppredictiveمتوسط
7File/web/IndexController.javapredictiveعالي
8File/youthappam/editcategory.phppredictiveعالي
9Fileadmin.php3predictiveمتوسط
10Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictiveعالي
11Filexxxxx/xxx/xxxxxxxxxxxxpredictiveعالي
12Filexxx/xxxxxxx.xpredictiveعالي
13Filexxxxxxxxxxxx.xxxpredictiveعالي
14Filexxx/xxx.xpredictiveمتوسط
15Filexxxxxx.xpredictiveمتوسط
16Filexxxxx.xxxpredictiveمتوسط
17Filexxxxxxx/xxxxx.xxx?x=xxxx_xxxxxpredictiveعالي
18Filexxxxxx.xxxpredictiveمتوسط
19Filexxxxxxxx.xpredictiveمتوسط
20Filexxxxxxxx/xxxx_xxxxxxxx.xxxpredictiveعالي
21Filexxxxxxxxxxxxxx.xxxpredictiveعالي
22Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
23Filexxxxx.xxxpredictiveمتوسط
24Filexxxxx.xxx?xxxxxx=xxxxxxxxx_xxxxxxxxx/xxxxxpredictiveعالي
25Filexxxxxxxxx.xpredictiveمتوسط
26Filexxxxxxxx.xxxpredictiveمتوسط
27Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictiveعالي
28Filexxxx/xxxxx/xxxxxxx/xxxxxxxx.xxpredictiveعالي
29Filexxxxxxx/xxxxx.xxxx.xxxpredictiveعالي
30Filexxxxx.xxxpredictiveمتوسط
31Filexxxxx/_xxxxx.xxpredictiveعالي
32Filexxxxxx/xxxxx.xxxpredictiveعالي
33Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
34Filex/xxxxx.xxxpredictiveمتوسط
35Filexxxxxx-xxxxxx.xxxpredictiveعالي
36Filexxxx-xxxxxxxx.xxxpredictiveعالي
37Filexxxxxx.xxxpredictiveمتوسط
38Filexxxx/xxxxxx.xxxxpredictiveعالي
39Filexxxxx/xxxxx.xxx?xxxxxx=xxxxxpredictiveعالي
40Filexx/xxxxx/xxxxxxxx/xxxxxxxxxx-xxxx?xxxxxxxxx_xxxxxxxxx_xxxxxx[][xxxxxxxx]predictiveعالي
41Filexxxxxxxx/xxxxx/xxxxx.xxxpredictiveعالي
42Filexxxx.xxpredictiveواطئ
43Argument$x_xxxxxx[xxxxxxxx]predictiveعالي
44Argumentxxxxxxpredictiveواطئ
45Argumentxxxxxxpredictiveواطئ
46Argumentxxxxxpredictiveواطئ
47Argumentxxxxxxxxxxxxxxxpredictiveعالي
48Argumentxxxxxxxxpredictiveمتوسط
49Argumentxxxxxxxxx/xx/xxxxxxxxpredictiveعالي
50Argumentx_xxxpredictiveواطئ
51Argumentxxpredictiveواطئ
52Argumentxxpredictiveواطئ
53Argumentxx/xxxxxpredictiveمتوسط
54Argumentxx_xxxxxpredictiveمتوسط
55Argumentxxxxxxxpredictiveواطئ
56Argumentxxxpredictiveواطئ
57Argumentxxxxx xxxxxxpredictiveمتوسط
58Argumentxxxxpredictiveواطئ
59Argumentxxxxxxxxpredictiveمتوسط
60Argumentxxxxxxxx_xxxpredictiveمتوسط
61Argumentxxxxxxxx_xxpredictiveمتوسط
62Argumentxxxx/xxxxxx/xxxxxxx/xxxxxxxxxxpredictiveعالي
63Argumentxxxxxxx[]predictiveمتوسط
64Argumentxxxxxpredictiveواطئ
65Argumentxxxxxxxpredictiveواطئ
66Argumentx-xxxx-xxxxxpredictiveمتوسط
67Input Value.%xx.../.%xx.../predictiveعالي
68Input Valuex' xxxxx xxxxx(x) xxx 'xxxx'='xxxxpredictiveعالي
69Patternx|xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx|xpredictiveعالي
70Network Portxxx/xxxxxpredictiveمتوسط

المصادر (6)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!