Hackers-for-Hire Analyse

IOB - Indicator of Behavior (39)

Zeitverlauf

Sprache

en34
de4
ru2

Land

Akteure

Aktivitäten

Interesse

Zeitverlauf

Typ

Hersteller

Produkt

Apache HTTP Server4
sitepress-multilingual-cms Plugin2
ESMI PayPal Storefront2
Drupal2
Google Android2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Secomea GateManager erweiterte Rechte5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00054CVE-2022-25782
2Alt-N MDaemon Worldclient erweiterte Rechte4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00090CVE-2021-27182
3TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose Pufferüberlauf7.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.020.05451CVE-2019-6989
4TikiWiki tiki-register.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix5.100.01009CVE-2006-6168
5sitepress-multilingual-cms Plugin class-wp-installer.php Cross Site Request Forgery6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00427CVE-2020-10568
6SourceCodester Web-Based Student Clearance System edit-admin.php SQL Injection6.36.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00080CVE-2022-3733
7php-fusion downloads.php Cross Site Scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00159CVE-2020-12708
8Gallarific PHP Photo Gallery script gallery.php SQL Injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00112CVE-2011-0519
9Gallery My Photo Gallery image.php SQL Injection6.35.7$0-$5kWird berechnetProof-of-ConceptNot Defined0.020.00000
10Host Web Server phpinfo.php phpinfo Information Disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.080.00000
11ESMI PayPal Storefront products1h.php Cross Site Scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.05468CVE-2005-0936
12Ecommerce Online Store Kit shop.php SQL Injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300
13Simple Real Estate Portal System SQL Injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00172CVE-2022-28410
14Alan Ward A-CART deliver.asp Cross Site Scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00397CVE-2004-1874
15Alan Ward A-CART category.asp SQL Injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.01169CVE-2004-1873
16Hikvision DVR DS-7204HGHI-F1 capabilities User Information Disclosure4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00126CVE-2020-7057
17Dahua IPC-HX3XXX Data Packet schwache Authentisierung8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.070.29051CVE-2021-33044
18Microsoft Windows Win32k erweiterte Rechte7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00043CVE-2021-1709
19Apache HTTP Server mod_session Pufferüberlauf7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.73777CVE-2021-26691
20CrushFTP Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00078CVE-2018-18288

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • CostaRicto

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
3TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
4TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
6TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/EXCU_SHELLprädiktivMedium
2File/my_photo_gallery/image.phpprädiktivHigh
3File/reps/classes/Users.php?f=delete_agentprädiktivHigh
4FileAdmin/edit-admin.phpprädiktivHigh
5Filexxxxxxxx.xxxprädiktivMedium
6Filexxxxxxx.xxxprädiktivMedium
7Filexxxxxxxxx/xxxxxxxxx.xxxprädiktivHigh
8Filexxxxxxx.xxxprädiktivMedium
9Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxprädiktivHigh
10Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxprädiktivHigh
11Filexxxxxxx.xxxprädiktivMedium
12Filexxxxxxxxxxxxx.xxxprädiktivHigh
13Filexxxxxxxxxx.xxxprädiktivHigh
14Filexxxx.xxxprädiktivMedium
15Filexxxxxxxxx.xxxprädiktivHigh
16Filexxxx-xxxxxxxx.xxxprädiktivHigh
17Filexxxxx/xxxxx.xxprädiktivHigh
18ArgumentxxxxxxxprädiktivLow
19Argumentxxx_xxprädiktivLow
20ArgumentxxprädiktivLow
21ArgumentxxxxxprädiktivLow
22ArgumentxxxxxxxxxprädiktivMedium
23ArgumentxxxxxxxxprädiktivMedium
24Input Valuexxx xxxxxxxxprädiktivMedium
25Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--prädiktivHigh
26Network Portxxx/xx (xxxxxx)prädiktivHigh

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!