Avos Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

Sprache

en	56
fr	4
de	2
es	2
pl	2

Land

us	6
fr	4
de	2
es	2
ru	2

Akteure

AvosLocker	1
Tofsee	1
Amadey	1
RedLine Stealer	1
RedLine	1

Interesse

Typ

Not Defined	20
Content Management System	4
Anti-Malware Software	2
Operating System	2
Enterprise Resource Planning Software	2

Hersteller

Not Defined	8
Microsoft	4
ORY	2
SunHater	2
Sitekit	2

Produkt

ORY Hydra	2
SunHater KCFinder	2
Intern Record System	2
WordPress	2
OmniSecure	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	EPSS	CTI	CVE
1	HP SAN/iQ hydra.exe erweiterte Rechte	4.3	3.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00277	0.00	CVE-2012-4362
2	Hydra HTTP Header read.c process_header_end Denial of Service	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00117	0.02	CVE-2019-17502
3	IW Guestbook badwords_edit.asp SQL Injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
4	Hydra schwache Authentisierung	5.6	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00099	0.00	CVE-2020-5300
5	OmniSecure AddUrlShield index.php SQL Injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
6	ORY Hydra error Reflected Cross Site Scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.00	CVE-2019-8400
7	PHPGurukul Hospital Management System dashboard.php erweiterte Rechte	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00661	0.02	CVE-2020-35745
8	HP SAN/iQ Login hydra.exe Pufferüberlauf	10.0	9.5	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.46643	0.00	CVE-2011-4157
9	HP LeftHand Virtual SAN Appliance hydra Pufferüberlauf	10.0	9.5	$25k-$100k	$0-$5k	High	Official Fix	0.77622	0.00	CVE-2013-2343
10	Coinsoft Technologies phpCOIN db.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.07606	0.00	CVE-2005-4211
11	Coinsoft Technologies phpCOIN db.php Directory Traversal	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03877	0.02	CVE-2005-4212
12	Ilohamail Cross Site Scripting	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.09
13	Small CRM Cross Site Scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00052	0.00	CVE-2023-44075
14	Intern Record System controller.php Cross Site Scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.00	CVE-2022-40348
15	Sitekit CMS registration-form.html Cross Site Scripting	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
16	Microsoft Windows Backup Service Privilege Escalation	7.7	7.1	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00389	0.04	CVE-2023-21752
17	SunHater KCFinder upload.php Cross Site Scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00131	0.09	CVE-2019-14315
18	Canto Cumulus login erweiterte Rechte	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00283	0.02	CVE-2022-40305
19	IW Guestbook messages_edit.asp SQL Injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
20	CKEditor Clipboard Package erweiterte Rechte	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00163	0.03	CVE-2021-32809

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	45.136.230.191		Avos		29.07.2022	verifiziert	High
2	XXX.XXX.XXX.XXX		Xxxx		29.07.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1040	CWE-294	Authentication Bypass by Capture-replay	prädiktiv	High
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	prädiktiv	High
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/cwc/login	prädiktiv	Medium
2	File	/intern/controller.php	prädiktiv	High
3	File	/iwguestbook/admin/badwords_edit.asp	prädiktiv	High
4	File	/iwguestbook/admin/messages_edit.asp	prädiktiv	High
5	File	xxxxx/xxxxxxxxx.xxx	prädiktiv	High
6	File	xxxxx.xxx	prädiktiv	Medium
7	File	xxxx_xxxxxxxx/xx.xxx	prädiktiv	High
8	File	xxxxx.xxx	prädiktiv	Medium
9	File	xxxxx.xxx	prädiktiv	Medium
10	File	xxxxx.xxx/xxxxxxxxxxxxx/xxx	prädiktiv	High
11	File	xxxxxx/xxxxxxxxx/xxxxx	prädiktiv	High
12	File	xxxx.x	prädiktiv	Low
13	File	xxxxxxxxxxxx-xxxx.xxxx	prädiktiv	High
14	File	xxxxxx.xxx	prädiktiv	Medium
15	File	xx-xxxxx/xxxxx-xxxxxx.xxx	prädiktiv	High
16	Argument	xxxxxxx	prädiktiv	Low
17	Argument	xxxxxx	prädiktiv	Low
18	Argument	xxxxxxxxxxxxxxx	prädiktiv	High
19	Argument	xxxxxxxxx	prädiktiv	Medium
20	Argument	xxxxxxx-xxxxxx	prädiktiv	High
21	Argument	xxxxx_xxxx	prädiktiv	Medium
22	Argument	xxxxxx$xxxxx	prädiktiv	Medium
23	Argument	xx	prädiktiv	Low
24	Argument	xxxxx	prädiktiv	Low
25	Argument	xxxx/xxxxx	prädiktiv	Medium
26	Argument	xxxx_xx	prädiktiv	Low
27	Argument	xxxxxx	prädiktiv	Low
28	Argument	_xxxx[_xxx_xxxx_xxxx	prädiktiv	High
29	Input Value	x+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#	prädiktiv	High

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you need the next level of professionalism?

Upgrade your account now!