FontOnLake Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (36)

Sprache

en	22
zh	12
ko	2

Land

cn	32
us	4

Akteure

FontOnLake	2
APT29	1
Cobalt Strike	1
Beapy	1

Interesse

Typ

Not Defined	26
Web Browser	2
SSH Server Software	2
Database Software	2
Operating System	2

Hersteller

Not Defined	14
Microsoft	4
Google	2
AnyMacro	2
Penta	2

Produkt

ExifTool	2
Google Chrome	2
Dropbear SSH	2
AnyMacro AnyMacro Mail System	2
Penta WAPPLES	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	EPSS	CTI	CVE
1	Penta WAPPLES erweiterte Rechte	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.00	CVE-2022-35582
2	GNU binutils BFD Library opncls.c bfd_zalloc Pufferüberlauf	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00132	0.03	CVE-2018-17359
3	UUSee UUPlayer ActiveX control ActiveX Control erweiterte Rechte	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01063	0.00	CVE-2011-2590
4	Oracle MySQL Server Client programs Privilege Escalation	7.1	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00095	0.03	CVE-2023-21980
5	Penta WAPPLES Fehlkonfiguration	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2022-31322
6	Spring Boot Admins Notifier env erweiterte Rechte	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00262	0.02	CVE-2022-46166
7	Apache Commons FileUpload Request Part Denial of Service	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03359	0.00	CVE-2023-24998
8	redis-py Async Command Information Disclosure	4.0	3.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00095	0.02	CVE-2023-28858
9	Microsoft Windows Win32k Local Privilege Escalation	7.8	7.4	$25k-$100k	$0-$5k	High	Official Fix	0.00350	0.21	CVE-2021-1732
10	Microsoft Windows L2TP Privilege Escalation	7.8	7.3	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00827	0.02	CVE-2022-30211
11	ZStack REST API erweiterte Rechte	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00482	0.00	CVE-2021-32836
12	ZhongBangKeJi CRMEB UploadService.php Getshell erweiterte Rechte	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00309	0.02	CVE-2020-21787
13	WP Fastest Cache Directory Traversal	3.8	3.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00294	0.00	CVE-2021-20714
14	Atlassian Bamboo Double OGNL Evaluation Java erweiterte Rechte	8.3	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01040	0.00	CVE-2017-14589
15	Atlassian Confluence Server Information Disclosure	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96321	0.07	CVE-2021-26085
16	Google Chrome V8 Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.24380	0.02	CVE-2020-16040
17	ExifTool djvu File Remote Code Execution	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.92438	0.02	CVE-2021-22204
18	Microsoft Windows DNS Server SigRed Pufferüberlauf	10.0	9.8	$25k-$100k	$0-$5k	High	Official Fix	0.94458	0.03	CVE-2020-1350
19	Huawei NIP6800/Secospace USG6600/Secospace USG9500 Pufferüberlauf	7.4	7.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00110	0.05	CVE-2020-1876
20	Microsoft Windows NTLM Information Disclosure	5.4	4.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00654	0.04	CVE-2021-1678

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	27.102.130.63		FontOnLake	10.10.2021	verifiziert	High
2	XX.XXX.XX.XXX		Xxxxxxxxxx	10.10.2021	verifiziert	High
3	XX.XXX.XXX.XXX		Xxxxxxxxxx	10.10.2021	verifiziert	High
4	XXX.XXX.XXX.XXX		Xxxxxxxxxx	10.10.2021	verifiziert	High
5	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxxxx.xxx	Xxxxxxxxxx	10.10.2021	verifiziert	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-21, CWE-22	Path Traversal	prädiktiv	High
2	T1059	CWE-94	Argument Injection	prädiktiv	High
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
8	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/crmeb/crmeb/services/UploadService.php	prädiktiv	High
2	File	/env	prädiktiv	Low
3	File	/s/	prädiktiv	Low
4	File	xxxxxxxxxxxxxxxxxxx.xxxxx.xxx	prädiktiv	High
5	File	xxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxx	prädiktiv	High
6	File	xxxx.x	prädiktiv	Low
7	File	xxxxxxx.xxx	prädiktiv	Medium
8	File	xxxxxx.x	prädiktiv	Medium
9	File	xxxxxx.x	prädiktiv	Medium
10	Library	xxxx.xxx	prädiktiv	Medium
11	Argument	-x/-x	prädiktiv	Low
12	Argument	xxxxxx	prädiktiv	Low
13	Argument	xxxxxxxxxx[xxx][x]	prädiktiv	High
14	Argument	xxxxxxxxxxx	prädiktiv	Medium
15	Argument	xx	prädiktiv	Low
16	Input Value	..\	prädiktiv	Low
17	Network Port	xxxx	prädiktiv	Low

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!