MsAttacker Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (12)

Zeitverlauf

Sprache

en12

Land

cn6
us6

Akteure

MsAttacker2
APT411
MyKings1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined6
Operating System4
Hospitality Software2

Hersteller

Not Defined6
guzzlehttp2
PHP Scripts Mall2
Orange2

Produkt

FreeBSD4
guzzlehttp psr72
PHP Scripts Mall hotel-booking-script2
CodeIgniter2
Orange Livebox2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1PHP Scripts Mall hotel-booking-script Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00058CVE-2018-15190
2guzzlehttp psr7 Header Parser erweiterte Rechte6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00095CVE-2022-24775
3DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.600.00943CVE-2010-0966
4Webwizguide Web Wiz Forums Filters functions_filters.asp formatSQLInput SQL Injection7.36.6$0-$5kWird berechnetProof-of-ConceptOfficial Fix0.040.00369CVE-2007-1548
5Orange Livebox Service Port 8080 get_getnetworkconf.cgi erweiterte Rechte8.58.3$0-$5k$0-$5kNot DefinedWorkaround0.000.02105CVE-2018-20377
6FreeBSD sendmsg(2) erweiterte Rechte7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00070CVE-2016-1887
7FreeBSD portsnap erweiterte Rechte7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00000
8FreeBSD setgroups Syscall erweiterte Rechte7.87.3$5k-$25kWird berechnetUnprovenOfficial Fix0.020.00042CVE-2016-1881
9FineCMS Redirector Weixin.php6.26.2$0-$5kWird berechnetNot DefinedNot Defined0.070.00121CVE-2017-11586
10Oracle WebLogic Server unbekannte Schwachstelle5.34.6$25k-$100k$0-$5kUnprovenOfficial Fix0.020.01156CVE-2014-4241
11CodeIgniter Sendmail Email.php erweiterte Rechte8.58.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.04920CVE-2016-10131

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
123.27.127.200MsAttacker24.12.2020verifiziertHigh
2XXX.XX.XXX.XXxxxxxxxxx24.12.2020verifiziertHigh
3XXX.XX.XXX.XXXxxxxxxxxx24.12.2020verifiziertHigh
4XXX.XX.XXX.XXXXxxxxxxxxx24.12.2020verifiziertHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
2T1059CWE-94Argument InjectionprädiktivHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
6TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/get_getnetworkconf.cgiprädiktivHigh
2Filecontrollers/Weixin.phpprädiktivHigh
3Filexxxxxxxxx/xxxxxxxxx_xxxxxxx.xxxprädiktivHigh
4Filexxx/xxxxxx.xxxprädiktivHigh
5Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxprädiktivHigh
6ArgumentxxxxxxxxprädiktivMedium
7Argumentxxxxx->xxxxprädiktivMedium
8Argumentxxxxx xxxx/xxxx xxxx/xxxxxxx xxxxxprädiktivHigh
9ArgumentxxxxprädiktivLow
10ArgumentxxxprädiktivLow
11Network Portxxx/xxxxprädiktivMedium

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!