Earth Berberoka Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (51)

Sprache

zh	26
en	26

Land

cn	44
us	6
kr	2

Akteure

Earth Berberoka	3
Cobalt Strike	3
MsraMiner	2
AsyncRAT	1
Purple Fox	1

Interesse

Typ

Not Defined	20
Content Management System	4
Web Server	4
Cloud Software	4
Operating System	4

Hersteller

Not Defined	12
Microsoft	6
Wind River	4
D-Link	2
Ivanti	2

Produkt

Microsoft IIS	4
Wind River VxWorks	4
DedeCMS	2
D-Link DSL-2730E	2
Ivanti EPM Cloud Services Appliance	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	DrayTek Vigor 2960/Vigor 3900/Vigor 300B HTTP mainfunction.cgi Format String	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00755	CVE-2021-42911
2	Microsoft Windows SMB Denial of Service	6.6	6.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00247	CVE-2022-32230
3	Hitachi Vantara Pentaho Security Model applicationContext-spring-security.xml erweiterte Rechte	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.36115	CVE-2021-31602
4	SuiteCRM Privilege Escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00544	CVE-2021-45897
5	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
6	Cisco ASA VPN schwache Authentisierung	7.4	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00136	CVE-2018-0227
7	OpenStack Horizon Web Dashboard Redirect	4.5	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06	0.00052	CVE-2022-45582
8	Yellowfin Business Intelligence MIAdminStyles.i4 Admin UI erweiterte Rechte	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00115	CVE-2020-19586
9	XAMPP cds-fpdf.php SQL Injection	8.5	8.5	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.03	0.06372	CVE-2019-8923
10	Xampp Installation erweiterte Rechte	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00125	CVE-2022-29376
11	Bootstrap add_product.php Cross Site Scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00068	CVE-2022-26624
12	Micro-Star MSI Afterburner Driver RTCore64.sys erweiterte Rechte	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00051	CVE-2019-16098
13	F5 BIG-IP iControl REST Authentication bash schwache Authentisierung	9.8	9.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.97477	CVE-2022-1388
14	HP HP-UX at Pufferüberlauf	9.3	8.8	$25k-$100k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.00042	CVE-2002-1614
15	SAP Commerce Cloud virtualjdbc extension erweiterte Rechte	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.02	0.00287	CVE-2019-0344
16	Microsoft Windows Remote Procedure Call Runtime Remote Code Execution	9.8	8.9	$100k und mehr	$5k-$25k	Unproven	Official Fix	0.03	0.01558	CVE-2022-26809
17	Keycloak erweiterte Rechte	7.3	6.8	$0-$5k	$0-$5k	Functional	Official Fix	0.04	0.33085	CVE-2020-10770
18	Oracle Business Intelligence Enterprise Edition Analytics Web General Remote Code Execution	9.8	9.4	$100k und mehr	$5k-$25k	Not Defined	Official Fix	0.00	0.86121	CVE-2020-2950
19	Wyze Cam Pan v2/Cam v2/Cam v3 schwache Authentisierung	7.4	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00115	CVE-2019-9564
20	FasterXML jackson-databind Deserialization slf4j-ext erweiterte Rechte	8.5	8.1	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.03	0.05359	CVE-2018-14718

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	42.200.181.116	42-200-181-116.static.imsbiz.com	Earth Berberoka	27.07.2022	verifiziert	High
2	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxxxxx	27.07.2022	verifiziert	High
3	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxxxxx	27.07.2022	verifiziert	High
4	XXX.X.XXX.X		Xxxxx Xxxxxxxxx	27.07.2022	verifiziert	High
5	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxxxxx	27.07.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1059	CWE-94	Argument Injection	prädiktiv	High
2	T1059.007	CWE-79	Cross Site Scripting	prädiktiv	High
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/mgmt/tm/util/bash	prädiktiv	High
2	File	/uncpath/	prädiktiv	Medium
3	File	/usr/bin/at	prädiktiv	Medium
4	File	/xxxxxx/xxxxx/xxx_xxxxxxx.xxx	prädiktiv	High
5	File	xxxxxxxxxxxxxxxxxx-xxxxxx-xxxxxxxx.xxx	prädiktiv	High
6	File	xxx-xxxx.xxx	prädiktiv	Medium
7	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
8	File	xxxxxxxxxxxx.xxx	prädiktiv	High
9	File	xxxx_xxxx_xxxx	prädiktiv	High
10	Library	xxxxxxxx.xxx	prädiktiv	Medium
11	Argument	xx_xx	prädiktiv	Low
12	Argument	xxxx	prädiktiv	Low
13	Argument	xxxxxxxx	prädiktiv	Medium
14	Argument	xxxxx_xxxxxx	prädiktiv	Medium
15	Argument	xxxxxxx_xxx	prädiktiv	Medium
16	Argument	xxxxxxx_xxx	prädiktiv	Medium
17	Argument	xxxxx	prädiktiv	Low
18	Argument	xxxxxxxx	prädiktiv	Medium
19	Input Value	x=x	prädiktiv	Low

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!