Leviathan Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

Sprache

en	22
it	12
sv	2

Land

us	20
ru	4
ir	2
fr	2

Akteure

Leviathan	3
APT28	1
Zeus	1
Qakbot	1
Cobalt Strike	1

Interesse

Typ

Virtualization Software	6
Network Management Software	4
Not Defined	4
Smartphone Operating System	2
Web Server	2

Hersteller

Not Defined	16
Samsung	2
Zoho ManageEngine	2
Trend Micro	2
Cisco	2

Produkt

libvirtd	2
Zabbix	2
Samsung Mobile Phone	2
nginx	2
WallacePOS	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	EPSS	CTI	CVE
1	Drupal SQL Injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00135	0.00	CVE-2008-2999
2	Unisoc S8000 Telephony Service Denial of Service	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.05	CVE-2022-48447
3	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 Denial of Service	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00172	0.03	CVE-2023-20079
4	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 erweiterte Rechte	9.8	9.7	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00287	0.00	CVE-2023-20078
5	iRZ RUH2 Firmware Patch schwache Authentisierung	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00226	0.00	CVE-2016-2309
6	Joomla SQL Injection	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00142	0.08	CVE-2022-23797
7	Microsoft Access Pufferüberlauf	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00330	0.00	CVE-2020-1582
8	libvirtd API virDomainSaveImageGetXMLDesc erweiterte Rechte	7.3	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.02	CVE-2019-10161
9	nginx erweiterte Rechte	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	1.90	CVE-2020-12440
10	Desiscripts Desi Short URL Script index.php schwache Authentisierung	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00933	0.00	CVE-2009-2642
11	Cisco FirePOWER Management Center Web UI Pufferüberlauf	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00107	0.00	CVE-2019-12688
12	vsftpd deny_file unbekannte Schwachstelle	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00312	0.16	CVE-2015-1419
13	phpMyAdmin Information Disclosure	6.1	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.18290	0.05	CVE-2019-6799
14	WallacePOS resetpassword.php Cross Site Scripting	5.2	5.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00101	0.00	CVE-2017-7388
15	Linksys Spa921 Denial of Service	7.5	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.01834	0.00	CVE-2006-7121
16	Zabbix zabbix_agentd Information Disclosure	4.0	3.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00042	0.00	CVE-2007-6210
17	BEA WebLogic Mobility Server schwache Authentisierung	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02056	0.00	CVE-2007-6384
18	Netop Remote Control Guest Client Pufferüberlauf	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00063	0.02	CVE-2017-5216
19	Samsung Mobile Phone Application Installation bad_alloc erweiterte Rechte	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.02	CVE-2017-5217
20	Splunk Header Cross Site Scripting	4.3	4.3	$0-$5k	$0-$5k	High	Not Defined	0.00213	0.00	CVE-2014-8380

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	54.87.87.13	ec2-54-87-87-13.compute-1.amazonaws.com	Leviathan	23.12.2020	verifiziert	Medium
2	54.242.66.219	ec2-54-242-66-219.compute-1.amazonaws.com	Leviathan	23.12.2020	verifiziert	Medium
3	XX.XX.XXX.XXX		Xxxxxxxxx	23.12.2020	verifiziert	High
4	XX.XX.XXX.XXX		Xxxxxxxxx	23.12.2020	verifiziert	High
5	XX.XX.XXX.XXX		Xxxxxxxxx	23.12.2020	verifiziert	High
6	XXX.XXX.XXX.XXX		Xxxxxxxxx	17.12.2020	verifiziert	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klassifizierung	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CAPEC-126	CWE-22	Path Traversal	prädiktiv	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	prädiktiv	High
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
8	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	encrypt.c	prädiktiv	Medium
2	File	ept.c	prädiktiv	Low
3	File	xxxxx.xxx	prädiktiv	Medium
4	File	xxxxx:xxxxxxxxxxx.xx	prädiktiv	High
5	File	xxxx-xxx.xxx	prädiktiv	Medium
6	File	xxxxxxxxxx-xxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxx	prädiktiv	High
7	Argument	xxxxxxx	prädiktiv	Low
8	Argument	xxxxxxx_xx	prädiktiv	Medium
9	Argument	xxx	prädiktiv	Low
10	Argument	xxxxx	prädiktiv	Low
11	Input Value	xxxxxx/**/xxxx.	prädiktiv	High
12	Input Value	xxxxxxxxxx:xxxxxx("xxx xx xxxxxxxxxxx");	prädiktiv	High

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Interested in the pricing of exploits?

See the underground prices here!