Xpiro تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

التسلسل الزمني

اللغة

en84
zh2

البلد

us16
es4
vn2
ir2
cn2

الفاعلين

Xpiro4
Ramnit3
Zeus1
TrickBot1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined28
Smartphone Operating System6
Programming Language Software6
WordPress Plugin4
Web Server4

المجهز

Not Defined34
Google8
SAP6
Microsoft4
Apache4

منتج

Google Android6
vsftpd2
OTCMS2
Rust Programming Language Standard Library2
SAP Internet Graphics Server2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1ThemeIsle Orbit Fox Plugin سكربتات مشتركة4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2024-1323
2IBM PowerSC تجاوز الصلاحيات6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000730.02CVE-2023-50940
3Embed Calendly Plugin Shortcode سكربتات مشتركة5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.09CVE-2023-4995
4Tracker Software PDF-XChange Editor U3D File Parser الكشف عن المعلومات6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00CVE-2023-42058
5Mozilla Firefox XLL Add-In File تجاوز الصلاحيات4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000550.03CVE-2023-4581
6PHP Jabbers Yacht Listing Script Password Recovery الكشف عن المعلومات6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000910.00CVE-2023-40761
7OpenRapid RapidCMS run-movepass.php تجاوز الصلاحيات7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000630.00CVE-2023-4448
8Chamilo SVG File fileUpload.lib.php تجاوز الصلاحيات7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000880.00CVE-2023-34944
9Apache InLong تجاوز الصلاحيات6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001250.00CVE-2023-31206
10Nokia NetAct Configuration Dashboard Page XML External Entity6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2023-26057
11Google Android PowerVR Kernel Driver PVRSRVBridgeRGXTDMSubmitTransfer تلف الذاكرة6.56.4$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2021-0879
12Oracle MySQL Server Packaging الكشف عن المعلومات7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000920.07CVE-2022-43551
13Mikrobi Babel redirect.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.002150.03CVE-2019-1010290
14Nextcloud App Password Protection توثيق ضعيف4.14.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2023-28647
15Google Android unwinding.cc UnwindingWorker تلف الذاكرة5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-21018
16OTCMS apiRun.php AutoRun سكربتات مشتركة4.44.3$0-$5k$0-$5kNot DefinedNot Defined0.000620.05CVE-2023-1635
17Google Android تلف الذاكرة5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-21042
18SourceCodester Alphaware Simple E-Commerce System Payment summary.php تجاوز الصلاحيات6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002000.14CVE-2023-0998
19ThingsBoard توثيق ضعيف8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.003370.02CVE-2023-26462
20Microsoft Dynamics 365 سكربتات مشتركة5.44.9$5k-$25k$0-$5kUnprovenOfficial Fix0.000520.02CVE-2023-21573

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
13.217.206.46ec2-3-217-206-46.compute-1.amazonaws.comXpiro13/08/2022verifiedمتوسط
23.223.115.185ec2-3-223-115-185.compute-1.amazonaws.comXpiro06/11/2021verifiedمتوسط
313.107.42.23Xpiro18/07/2021verifiedعالي
420.36.252.129Xpiro08/01/2022verifiedعالي
520.42.73.29Xpiro13/02/2022verifiedعالي
620.189.173.20Xpiro13/02/2022verifiedعالي
7XX.XXX.XXX.XXXxxxx13/02/2022verifiedعالي
8XX.XXX.XX.XXxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxx13/02/2022verifiedمتوسط
9XX.XX.XX.XXXXxxxx06/11/2021verifiedعالي
10XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx13/02/2022verifiedعالي
11XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx13/02/2022verifiedعالي
12XX.XXX.XXX.XXXXxxxx13/02/2022verifiedعالي
13XX.XXX.XXX.XXXXxxxx13/02/2022verifiedعالي
14XX.XX.XX.XXXxxxxxxxxx.xxx.xxxxxxx.xxXxxxx24/10/2021verifiedعالي
15XX.XX.XXX.XXxxxx.xxxxxxxxx.xxxXxxxx24/10/2021verifiedعالي
16XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx13/02/2022verifiedعالي
17XX.XXX.XXX.XXXXxxxx24/10/2021verifiedعالي
18XX.XXX.XXX.XXxxxx.xxxxxxxxxx.xxxXxxxx13/02/2022verifiedعالي
19XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx13/02/2022verifiedعالي
20XXX.XX.XX.XXXxxxx08/01/2022verifiedعالي
21XXX.XX.XX.XXXxxxx08/01/2022verifiedعالي
22XXX.XXX.XX.XXXxxxx13/02/2022verifiedعالي
23XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx13/08/2022verifiedمتوسط
24XXX.XX.XX.XXXxxxx13/02/2022verifiedعالي
25XXX.XX.XX.XXXxxxx13/02/2022verifiedعالي
26XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx06/05/2022verifiedعالي
27XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxx13/02/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1T1006CAPEC-126CWE-22Path Traversalpredictiveعالي
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CAPEC-242CWE-94Argument Injectionpredictiveعالي
4T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictiveعالي
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictiveعالي
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
12TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
13TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveعالي
14TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
15TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
16TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/alphaware/summary.phppredictiveعالي
2File/LoginAdminpredictiveمتوسط
3File/vloggers_merch/classes/Master.php?f=delete_inventorypredictiveعالي
4Fileadmin/run-movepass.phppredictiveعالي
5Filexxxxxx.xxxpredictiveمتوسط
6Filexxxxxxx/xxx/xxx-xxxx.xpredictiveعالي
7Filexxxxxx.xxpredictiveمتوسط
8Filexxx/xxxxx.xxxxpredictiveعالي
9Filexxxxxxxxxxxxx.xxxpredictiveعالي
10Filexxxxxxxx.xxxpredictiveمتوسط
11Filexxx_xxxx.xpredictiveمتوسط
12Filexxxxxx-xxxxxxx.xxxpredictiveعالي
13Filexxxxxxx.xxxpredictiveمتوسط
14Filexxxxxxxxx.xxpredictiveمتوسط
15Filexxxxxxxxx/xxx/xxx.xpredictiveعالي
16Filexxxx.xxpredictiveواطئ
17Filexxxxxxxxxxxx.xxxpredictiveعالي
18Library/xxxxxxxxxx.xxx.xxxpredictiveعالي
19Argumentxxxxxxpredictiveواطئ
20Argumentxxx_xxxxxx_xxxx_xxx_xxxxxx_xxxx/xxx_xxxxxx_xxxx_xxx_xxxxxx_xxxxxpredictiveعالي
21Argumentxxxxpredictiveواطئ
22Argumentxxxxxxpredictiveواطئ
23Argumentxxxxpredictiveواطئ
24Argumentxxxxxxxx/xxxxxxxxxpredictiveعالي
25Argumentxxxxxxx_xxxxxxxpredictiveعالي
26Argumentxx_xxxxpredictiveواطئ
27Argumentxxx_xxxxxxx_xxxxxxxx/xxx_xxxxxxx_xxxxxxxxpredictiveعالي
28Argumentxxxpredictiveواطئ
29Argumentxxxxxxxxpredictiveمتوسط
30Input Value::$xxxxx_xxxxxxxxxxpredictiveعالي
31Pattern|xx|predictiveواطئ
32Network Portxxx xxxxxx xxxxpredictiveعالي

المصادر (8)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you need the next level of professionalism?

Upgrade your account now!