Wirte تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (241)

التسلسل الزمني

اللغة

en202
fr12
ru10
de10
zh4

البلد

us164
gb12
cn10
me6
de2

الفاعلين

Wirte3
RedLine Stealer2
Exchange Marauder1
Miner1
Mirai_ptea1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined92
Operating System20
Firewall Software6
Database Software6
Router Operating System6

المجهز

Not Defined60
Microsoft14
Dahua8
F56
Apple6

منتج

Microsoft Windows10
Linux Kernel6
F5 BIG-IP4
MariaDB4
Apple macOS4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DataLife Engine addnews.html سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.02CVE-2018-14777
3Dahua IP Camera تجاوز الصلاحيات7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001010.13CVE-2017-7253
4Microsoft Windows Clipboard User Service Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.08CVE-2022-21869
5eSyndicat Directory Software suggest-listing.php سكربتات مشتركة3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.21
6nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.39CVE-2020-12440
7jforum User تجاوز الصلاحيات5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
8Smart Slider 3 Plugin Imported File تجاوز الصلاحيات7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.04CVE-2022-3357
9MariaDB تجاوز الصلاحيات6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.016820.03CVE-2021-27928
10MariaDB mysql-wsrep wsrep_sst_method تجاوز الصلاحيات6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.008580.02CVE-2020-15180
11Yii unserialize تجاوز الصلاحيات7.76.7$0-$5k$0-$5kNot DefinedOfficial Fix0.028220.00CVE-2020-15148
12Linux Kernel dfl-afu-region.c afu_mmio_region_get_by_offset تلف الذاكرة6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2023-26242
13AssoCIateD Postman X.509 Certificate Validation توثيق ضعيف5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.002450.03CVE-2018-17215
14WordPress اجتياز الدليل5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.04CVE-2023-2745
15ImageMagick تجاوز الصلاحيات7.06.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000430.05CVE-2023-34153
16ImageMagick OpenBlob تجاوز الصلاحيات8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.003860.03CVE-2023-34152
17Reolink RLC-410W Firmware Update Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.001490.03CVE-2021-40419
18Dahua IPC-HDBW2XXX/IPC-HFW2XXX/ASI7XXXX ONVIF توثيق ضعيف7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001350.01CVE-2022-30563
19Dahua DH-IPC-Hxxxxxxxxx Authentication توثيق ضعيف7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.031480.00CVE-2017-7927
20Dahua IPC-HDW1X2X IP Address الكشف عن المعلومات5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.02CVE-2019-9680

حملات (1)

These are the campaigns that can be associated with the actor:

  • Middle East

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
145.129.96.174free.gmhost.hostingWirteMiddle East22/03/2022verifiedعالي
245.129.97.207WirteMiddle East22/03/2022verifiedعالي
3XX.XXX.X.XXxxxx.xxxxxx.xxxXxxxxXxxxxx Xxxx22/03/2022verifiedعالي
4XX.XXX.XX.XXXxxxxXxxxxx Xxxx22/03/2022verifiedعالي
5XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxxxx21/12/2020verifiedمتوسط
6XXX.XX.XX.XXXxxxxxx-xxx-xxxxxxxxxx.xxxxxx.xx.xxXxxxx21/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
10TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
11TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
12TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveعالي
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/addnews.htmlpredictiveعالي
2File/admin.php/pic/admin/type/pl_savepredictiveعالي
3File/churchcrm/WhyCameEditor.phppredictiveعالي
4File/example/editorpredictiveعالي
5File/goform/aspFormpredictiveعالي
6File/index.php?page=search/rentalspredictiveعالي
7File/members/view_member.phppredictiveعالي
8File/xxxx/xx/xxxx/xxxxpredictiveعالي
9File/xxx_xxxx_xxxxxxx.xxxpredictiveعالي
10File/xxxx.xxxpredictiveمتوسط
11File/xxxxxxxx/xxxxpredictiveعالي
12File/xxx/xxx/xxxxxxx/predictiveعالي
13Filexxxxx.xxxpredictiveمتوسط
14Filexxxxx.xxxpredictiveمتوسط
15Filexxx.xxxpredictiveواطئ
16Filexxxxxxx.xpredictiveمتوسط
17Filexxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveعالي
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
19Filexxxxxxxxx.xxxpredictiveعالي
20Filexxxxxxx/xxxx/xxx-xxx-xxxxxx.xpredictiveعالي
21Filexxxxxxx/xxx/xxx-xxxx.xpredictiveعالي
22Filexxxx-xxxxx-xxxxxxxxx.xxxpredictiveعالي
23Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveعالي
24Filexxx.xxx/xxx.xxxpredictiveعالي
25Filexx.xxxpredictiveواطئ
26Filexxxxx.xxxpredictiveمتوسط
27Filexxxxxxxx.xpredictiveمتوسط
28Filexxxxxxxx/xxxxxx/xxxxxx/_xxxxxxxxxxxx/_xxxxxxxx.xxxpredictiveعالي
29Filexxxxxxxx.xpredictiveمتوسط
30Filexxxxxx.xpredictiveمتوسط
31Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveعالي
32Filexxx.xxxxxpredictiveمتوسط
33Filexxxxxx.xxpredictiveمتوسط
34Filexxxxxxx-xxxxxxx.xxxpredictiveعالي
35Filexxxxx.xpredictiveواطئ
36Filexxxxx/xxx_xxxxxx.xpredictiveعالي
37Filexxx_xxx.xxxxpredictiveمتوسط
38Filexxx/xxx/xxxxxxxxxx/xxxx/xxxxx/xxxxxxxx.xxxpredictiveعالي
39Filexxxxx-xxxxxx.xxxpredictiveعالي
40Libraryxxxxx.xxxpredictiveمتوسط
41Libraryxxxxx.xxxpredictiveمتوسط
42Argumentxxxxxxxxpredictiveمتوسط
43Argumentxxxxxx_xxxpredictiveمتوسط
44Argumentxxxxxxx-xxxxpredictiveمتوسط
45Argumentxxxxxx/xxxxxxxxxxpredictiveعالي
46Argumentxxxxpredictiveواطئ
47Argumentxxxxxpredictiveواطئ
48Argumentxxxxxxxxpredictiveمتوسط
49Argumentxxxx xxxxpredictiveمتوسط
50Argumentxxxxxpredictiveواطئ
51Argumentxxxxxxpredictiveواطئ
52Argumentxxpredictiveواطئ
53Argumentxxx_xxxxxxxpredictiveمتوسط
54Argumentxxxxxxxx_xxxxxx_xxxpredictiveعالي
55Argumentxxxxxxxxpredictiveمتوسط
56Argumentxxxxxxx/xxxxxpredictiveعالي
57Argumentxxxxxxxxxxxxxxxxxxxpredictiveعالي
58Argumentxxxxxpredictiveواطئ
59Input Valuexxxxxxxxpredictiveمتوسط
60Network Portxxxxx xxx-xxxpredictiveعالي

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!