BEAR Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (87)

Sprache

en	74
ru	8
zh	2
fr	2
de	2

Land

ee	32
us	28
ua	12
ru	10
tr	2

Akteure

BEAR	2
RedLine Stealer	2
Grizzly Steppe	1
QakBot	1
SideWinder	1

Interesse

Typ

Not Defined	32
Web Server	6
Content Management System	6
Automation Software	6
WordPress Plugin	4

Hersteller

Not Defined	24
Microsoft	6
IBM	4
GNU	4
Juniper	2

Produkt

Microsoft IIS	4
Dropbear SSH	4
GNU wget	4
Database Administrator Plugin	2
Juniper Junos	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	Huawei SmartCare Dashboard Stored Cross Site Scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00065	CVE-2017-15312
3	Microsoft IIS Cross Site Scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00548	CVE-2017-0055
4	IBM Security AppScan Enterprise Enterprise Source Database schwache Verschlüsselung	9.8	8.5	$5k-$25k	Wird berechnet	Unproven	Official Fix	0.00	0.00082	CVE-2013-3989
5	raspap-webgui activate_ovpncfg.php erweiterte Rechte	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.86945	CVE-2022-39986
6	PHP Everywhere Plugin Shortcode Privilege Escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00108	CVE-2022-24663
7	Forumer / IPB Board Show Topic index.php SQL Injection	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00000
8	WordPress Metadata erweiterte Rechte	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.01578	CVE-2018-20148
9	Add Link to Facebook Plugin profile.php Cross Site Scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00057	CVE-2018-5214
10	SeedProd Website Builder Plugin seedprod_lite_new_lpage erweiterte Rechte	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00057	CVE-2024-1072
11	Patreon Plugin Cross Site Request Forgery	5.8	5.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00058	CVE-2023-41129
12	Database Administrator Plugin SQL Injection	4.7	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00530	CVE-2023-3211
13	Telegram Web Cross Site Scripting	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00075	CVE-2022-43363
14	User Post Gallery Plugin erweiterte Rechte	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.03753	CVE-2022-4060
15	eSST Monitoring erweiterte Rechte	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00116	CVE-2023-41631
16	Microsoft Windows IIS Server Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.00133	CVE-2023-36434
17	Boa Web Server HEAD Method erweiterte Rechte	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00112	CVE-2022-45956
18	GitLab Privilege Escalation	5.1	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00118	CVE-2021-22263
19	ThinkPHP erweiterte Rechte	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08	0.00058	CVE-2022-44289
20	Microsoft Lync Server/Skype for Business Server unbekannte Schwachstelle	6.5	5.9	$25k-$100k	$5k-$25k	Proof-of-Concept	Official Fix	0.02	0.00074	CVE-2021-24073

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	5.149.248.67	mx1-mail.com	BEAR	23.12.2020	verifiziert	High
2	5.149.248.193		BEAR	23.12.2020	verifiziert	High
3	X.XXX.XXX.XXX		Xxxx	23.12.2020	verifiziert	High
4	X.XXX.XXX.XXX	xxxxx.xxxxxxxxxxxxxxxx.xxxx	Xxxx	23.12.2020	verifiziert	High
5	XX.XXX.XX.XX	xxx.xxxxxxxxxxxxxxxxxxx.xxx	Xxxx	23.12.2020	verifiziert	High
6	XXX.XXX.XX.XXX		Xxxx	23.12.2020	verifiziert	High

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
3	T1068	CWE-264, CWE-269, CWE-284	Execution with Unnecessary Privileges	prädiktiv	High
4	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
10	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High
11	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/ajax/openvpn/activate_ovpncfg.php	prädiktiv	High
2	File	/cgi-bin/wlogin.cgi	prädiktiv	High
3	File	/index.php	prädiktiv	Medium
4	File	/uncpath/	prädiktiv	Medium
5	File	xxx_xxxxxxx.xxx	prädiktiv	High
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
7	File	xxxxxxxx.xxx	prädiktiv	Medium
8	File	xxxxxx.xxxx	prädiktiv	Medium
9	File	xxxxxx.xxx	prädiktiv	Medium
10	File	xxxxx.xxx	prädiktiv	Medium
11	File	xxxxxxx.xxx	prädiktiv	Medium
12	File	xxxxx-xxxxxxx.xxx	prädiktiv	High
13	File	xxxxxxxx.xx	prädiktiv	Medium
14	File	xxxxx.xxxxxxx.xx	prädiktiv	High
15	File	xxxxxxxxx/xxxxx/xxxxxx.xxxx	prädiktiv	High
16	File	xx-xxxxx/xxxxxxx.xxx	prädiktiv	High
17	Library	xxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxx.xxx	prädiktiv	High
18	Library	xxx/xxxxxxx-xxxxxxxxx-x.x.x.xxx	prädiktiv	High
19	Argument	-x	prädiktiv	Low
20	Argument	xx/xx	prädiktiv	Low
21	Argument	xxxxx_xxxxxxxx/xxxxx_xxxxxxxx	prädiktiv	High
22	Argument	xxxxx_xxxxxxxx_xx	prädiktiv	High
23	Argument	xxxxx	prädiktiv	Low
24	Argument	xxx_xx	prädiktiv	Low
25	Argument	xx	prädiktiv	Low
26	Argument	xxxxx	prädiktiv	Low
27	Argument	xxxxxxxxx	prädiktiv	Medium
28	Argument	x[]	prädiktiv	Low
29	Argument	xxx_xx	prädiktiv	Low
30	Argument	xxxxx_xxx	prädiktiv	Medium
31	Argument	xxxx	prädiktiv	Low
32	Argument	xxxxxxxx/xxxx	prädiktiv	High
33	Argument	_xxxx	prädiktiv	Low
34	Input Value	xxx	prädiktiv	Low

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!