Bondnet Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

Sprache

zh	18
en	18

Land

cn	28
us	8

Akteure

Bondnet	7

Interesse

Typ

Not Defined	16
Document Reader Software	2
Programming Language Software	2
Log Management Software	2
Hardware Driver Software	2

Hersteller

Not Defined	8
Weaver	4
Adobe	2
PHP Arena	2
kalcaddle	2

Produkt

Gxlcms	2
Adobe Acrobat Reader	2
PHP Arena paFileDB	2
AWStats	2
kalcaddle KodExplorer	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Kubernetes kubelet pprof Information Disclosure	7.3	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09	0.53513	CVE-2019-11248
2	AWstats bis 6.5 awstats.pl config-Parameter fehlerhafter Wert gibt Pfad preis	4.3	4.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00587	CVE-2006-3681
3	Microsoft Windows User Access Policy schwache Authentisierung	7.8	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00043	CVE-1999-0505
4	Hikvision Intercom Broadcasting System ping.php erweiterte Rechte	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.09	0.90160	CVE-2023-6895
5	Weaver E-Office File Upload utility_all.php erweiterte Rechte	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00064	CVE-2023-2647
6	Weaver OA downfile.php Information Disclosure	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.06	0.00121	CVE-2023-2765
7	Hikvision LocalServiceComponents Messages Remote Code Execution	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00048	CVE-2023-28813
8	Hikvision Intercom Broadcasting System exportrecord.php Directory Traversal	5.4	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.11	0.00064	CVE-2023-6893
9	DataGear pagingQueryData SQL Injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00119	CVE-2023-1571
10	kalcaddle KodExplorer Cross Site Request Forgery	5.8	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.09	0.00125	CVE-2022-4944
11	node-sqlite3 Remote Code Execution	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00257	CVE-2022-43441
12	Web2py Sample Web Application session.connect schwache Authentisierung	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.02059	CVE-2016-3953
13	Gxlcms TplAction.class.php add Information Disclosure	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.01201	CVE-2018-14685
14	O2OA invoke Privilege Escalation	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00497	CVE-2022-22916
15	Cognos Powerplay Web Edition ppdscgi.exe Information Disclosure	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00000
16	Strapi Admin Panel erweiterte Rechte	5.6	5.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00109	CVE-2021-28128
17	DZCP deV!L`z Clanportal config.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.54	0.00943	CVE-2010-0966
18	Schneider Electric EcoStruxure Control Expert/Unity Pro Pufferüberlauf	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00072	CVE-2020-7560
19	Portainer erweiterte Rechte	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.01314	CVE-2020-24264
20	CMS Made Simple Watermark class.showtime2_image.php erweiterte Rechte	6.5	6.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.43026	CVE-2019-9692

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	47.90.206.226		Bondnet	13.02.2022	verifiziert	High
2	50.207.71.22	50-207-71-22-static.hfc.comcastbusiness.net	Bondnet	13.02.2022	verifiziert	High
3	59.3.127.132		Bondnet	13.02.2022	verifiziert	High
4	69.90.114.185		Bondnet	13.02.2022	verifiziert	High
5	72.167.201.140	ip-72-167-201-140.ip.secureserver.net	Bondnet	13.02.2022	verifiziert	High
6	112.53.74.38		Bondnet	13.02.2022	verifiziert	High
7	XXX.XXX.XX.XXX		Xxxxxxx	13.02.2022	verifiziert	High
8	XXX.XXX.XXX.XXX		Xxxxxxx	13.02.2022	verifiziert	High
9	XXX.XX.XXX.XX		Xxxxxxx	13.02.2022	verifiziert	High
10	XXX.XXX.XXX.XX		Xxxxxxx	13.02.2022	verifiziert	High
11	XXX.XXX.XXX.XXX		Xxxxxxx	13.02.2022	verifiziert	High
12	XXX.XXX.XXX.XX		Xxxxxxx	13.02.2022	verifiziert	High
13	XXX.XXX.XXX.XXX	xxx.xxxxx.xxx	Xxxxxxx	13.02.2022	verifiziert	High
14	XXX.XX.XXX.XXX		Xxxxxxx	13.02.2022	verifiziert	High
15	XXX.XX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxx	13.02.2022	verifiziert	High
16	XXX.XXX.XXX.XX		Xxxxxxx	13.02.2022	verifiziert	High
17	XXX.XX.XX.X		Xxxxxxx	13.02.2022	verifiziert	High
18	XXX.X.XXX.XX	xxxx.xxxxxxxx-xx.xx	Xxxxxxx	13.02.2022	verifiziert	High
19	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxxx.xxxxx.xxx	Xxxxxxx	13.02.2022	verifiziert	High
20	XXX.XXX.XX.XX		Xxxxxxx	13.02.2022	verifiziert	High
21	XXX.XX.XXX.XXX	xxxxxx.xxxxx.xxx	Xxxxxxx	13.02.2022	verifiziert	High
22	XXX.XX.XXX.XX	xxx-xx-xxx-xx.xxxxx-xx.xxxxx.xxx	Xxxxxxx	13.02.2022	verifiziert	High
23	XXX.XXX.XXX.XXX		Xxxxxxx	13.02.2022	verifiziert	High
24	XXX.XXX.XXX.XXX		Xxxxxxx	13.02.2022	verifiziert	High
25	XXX.XXX.XX.XX		Xxxxxxx	13.02.2022	verifiziert	High
26	XXX.XXX.X.XX		Xxxxxxx	13.02.2022	verifiziert	High
27	XXX.XXX.XXX.XXX		Xxxxxxx	13.02.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22, CWE-36	Path Traversal	prädiktiv	High
2	T1059	CWE-94	Argument Injection	prädiktiv	High
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
10	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/analysisProject/pagingQueryData	prädiktiv	High
2	File	/debug/pprof	prädiktiv	Medium
3	File	/E-mobile/App/System/File/downfile.php	prädiktiv	High
4	File	/php/exportrecord.php	prädiktiv	High
5	File	/xxx/xxxx.xxx	prädiktiv	High
6	File	/xxxxxxx/xxx/xxxxxxx_xxx.xxx	prädiktiv	High
7	File	/x_xxxxxxx_xxxxxx/xxxxx/xxxxxx	prädiktiv	High
8	File	xxxxxxx.xx	prädiktiv	Medium
9	File	xxxxx.xxxxxxxxx_xxxxx.xxx	prädiktiv	High
10	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
11	File	xxx/xxxxxx.xxx	prädiktiv	High
12	File	xxxxxxxx.xxx	prädiktiv	Medium
13	File	xxxxxxx.xxx	prädiktiv	Medium
14	File	xxx_xxxxxx.x	prädiktiv	Medium
15	File	xxx_xxxxxx.xx	prädiktiv	High
16	Library	xxx/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxx.xxxxx.xxx	prädiktiv	High
17	Argument	xxxxxxxx	prädiktiv	Medium
18	Argument	xxxxxx	prädiktiv	Low
19	Argument	xxxxxxxx	prädiktiv	Medium
20	Argument	xx	prädiktiv	Low
21	Argument	xxxxxxxx[xx]	prädiktiv	Medium
22	Argument	xxxxxxxxxx	prädiktiv	Medium
23	Argument	xxx	prädiktiv	Low
24	Input Value	x:\xxxxx\xxxx\xxx\xxx\xxxxxxxxxx.xxx	prädiktiv	High
25	Input Value	xxxxxxx -xxx	prädiktiv	Medium

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!