xmrig.pe تحليل

IOB - Indicator of Behavior (129)

التسلسل الزمني

اللغة

en88
zh12
ru10
de10
es4

البلد

us78
cn14
ir4
br2
ru2

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Linux Kernel6
Qualcomm Snapdragon Auto4
Qualcomm Snapdragon Consumer Electronics Connectiv ...4
Qualcomm Snapdragon Consumer IOT4
Qualcomm Snapdragon Industrial IOT4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.460.00943CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3Cisco Wireless LAN Controller 802.11v تجاوز الصلاحيات5.85.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00102CVE-2017-12275
4LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.600.00000
5Cisco Wireless LAN Controller ANQP تلف الذاكرة5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00102CVE-2017-12282
6jeecg-boot qurestSql حقن إس كيو إل7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.04509CVE-2023-1454
7Webmin تجاوز الصلاحيات7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.97183CVE-2022-0824
8Atlassian Jira Server/Jira Data Center Mobile Plugin تجاوز الصلاحيات6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.03312CVE-2022-26135
9SPIP spip.php سكربتات مشتركة3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.370.00132CVE-2022-28959
10Jetty Login Password.java الكشف عن المعلومات5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00299CVE-2017-9735
11FileRun index.php حقن إس كيو إل7.37.1$0-$5k$0-$5kHighUnavailable0.030.00649CVE-2007-2469
12I-O DATA DEVICE LAN DISK Connect تلف الذاكرة6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00080CVE-2017-10875
13Cisco Wireless LAN Controller SNMP الحرمان من الخدمة5.35.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00143CVE-2017-12278
14D-Link DIR-850L LAN Traffic تجاوز الصلاحيات5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00277CVE-2017-14430
15Apple iOS/iPadOS Attachment BLASTPASS تجاوز الصلاحيات7.06.9$25k-$100k$5k-$25kHighOfficial Fix0.030.00070CVE-2023-41061
16MikroTik RouterOS igmp-proxy الحرمان من الخدمة4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.050.00201CVE-2020-20219
17TIBCO Spotfire Statistics Services Splus Server تجاوز الصلاحيات9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00145CVE-2023-29268
18Google Chrome V8 تجاوز الصلاحيات7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.040.04424CVE-2023-2033
19Tenda W30E editUserName تلف الذاكرة6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00075CVE-2022-45508
20Traefik الكشف عن المعلومات4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00095CVE-2022-23469

حملات (1)

These are the campaigns that can be associated with the actor:

  • Log4Shell

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
8TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
12TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
13TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/.ssh/authorized_keyspredictiveعالي
2File/forum/away.phppredictiveعالي
3File/goform/delFileNamepredictiveعالي
4File/goform/editUserNamepredictiveعالي
5File/index/user/upload_img.htmlpredictiveعالي
6File/xxxxx/xxxx/xxxx_xxxx.xxxxpredictiveعالي
7File/xxxx/xxx/xxxx-xxxxxpredictiveعالي
8File/xxxx.xxxpredictiveمتوسط
9File/xxxxxxx/predictiveمتوسط
10Filexxxxx.xxxpredictiveمتوسط
11Filexxxxxxxx.xxxpredictiveمتوسط
12Filexxxxxx/xxxxxx/xxx_xxxx.xpredictiveعالي
13Filex_xxxxxxpredictiveمتوسط
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
15Filexxxx.xxxpredictiveمتوسط
16Filexxx/xxxxxx.xxxpredictiveعالي
17Filexxxxx.xxxpredictiveمتوسط
18Filexxxx.xxxpredictiveمتوسط
19Filexxxxxxxx/xxxxxxxxxpredictiveعالي
20Filexxxxxx/xxx/xxxxxxxx.xpredictiveعالي
21Filexxxxx.xxxpredictiveمتوسط
22Filexxx_xxxxx_xxxxx.xpredictiveعالي
23Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveعالي
24Filexxxxxxxx.xxxpredictiveمتوسط
25Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveعالي
26Filexxxxxxxxxxxxxxx.xxxxpredictiveعالي
27Argumentxxxxxxxxxxxpredictiveمتوسط
28Argumentxxx_xxxpredictiveواطئ
29Argumentxxxxxxxxpredictiveمتوسط
30Argumentxxxxxxxpredictiveواطئ
31Argumentxxxxxxx-xxxx/xxxxxxx-xxxxxxxx-xxxxxxxxpredictiveعالي
32Argumentxx_xxxxx_xxpredictiveمتوسط
33Argumentxxxpredictiveواطئ
34Argumentxxxxpredictiveواطئ
35Argumentxxxxxxxxxxxpredictiveمتوسط
36Argumentxxxx/xxx/xxx_xxpredictiveعالي
37Argumentxxxxxxxxpredictiveمتوسط
38Argumentxxx_xxxxxxxxxxxpredictiveعالي
39Argumentxxxxxxpredictiveواطئ
40Argumentxxx_xxxxxxxpredictiveمتوسط
41Argumentxxxpredictiveواطئ
42Argumentxxxxxxxxpredictiveمتوسط
43Input Value../predictiveواطئ
44Input Valuexxxxxxxxx' xxx 'x'='xpredictiveعالي

المصادر (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!