NDSW Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (72)

Zeitverlauf

Sprache

en60
ru6
de4
it2

Land

ru56
us16

Akteure

NDSW3
Locky2
Emotet (Trickbot + Zeus Panda)1
Hancitor (HelloFax Theme)1
YKCOL (Locky Variant)1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined16
Forum Software8
WordPress Plugin4
Programming Language Software4
Content Management System2

Hersteller

Not Defined16
Thomas R. Pasawicz2
Lars Ellingsen2
AlilG2
MGB2

Produkt

Add Comments Plugin2
WP Symposium2
WordPress2
Thomas R. Pasawicz HyperBook Guestbook2
PHP Link Directory2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1PHP Link Directory Administration Page index.html Cross Site Scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.260.00374CVE-2007-0529
2LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.040.00000
3Esoftpro Online Guestbook Pro ogp_show.php SQL Injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.00108CVE-2009-4935
4phpMyAdmin phpinfo.php Information Disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00142CVE-2016-9848
5DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.400.00943CVE-2010-0966
6Flat PHP Board Directory Traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00000
7Simple PHP Guestbook guestbook.php Cross Site Scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
8212cafe 212cafeboard view.php SQL Injection7.37.1$0-$5kWird berechnetHighUnavailable0.080.00064CVE-2008-4713
9Microsoft Office Object Remote Code Execution7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.97339CVE-2017-8570
10Lars Ellingsen Guestserver guestbook.cgi Cross Site Scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.060.00169CVE-2005-4222
11Huawei SmartCare Dashboard Stored Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00065CVE-2017-15312
12Flat PHP Board Directory Traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00000
13MGB OpenSource Guestbook email.php SQL Injection7.37.3$0-$5k$0-$5kHighUnavailable0.350.01302CVE-2007-0354
14Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
15jforum User erweiterte Rechte5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00289CVE-2019-7550
16Cannot PHP infoBoard erweiterte Rechte7.36.9$0-$5kWird berechnetProof-of-ConceptNot Defined0.000.01049CVE-2008-4334
17Phplinkdirectory PHP Link Directory conf_users_edit.php Cross Site Request Forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00526CVE-2011-0643
18Add Comments Plugin Setting Cross Site Scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00056CVE-2022-3909
19AlilG AliBoard File Upload usercp.php erweiterte Rechte6.36.1$0-$5k$0-$5kHighUnavailable0.000.00529CVE-2008-7029
20GetSimpleCMS index.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.050.00123CVE-2019-9915

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
1109.234.35.249v1020533.hosted-by-vdsina.ruNDSW29.07.2022verifiziertHigh
2XXX.XX.XXX.XXXxxx29.07.2022verifiziertHigh
3XXX.XXX.XXX.XXXxxxx.xxXxxx29.07.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1059CWE-94Argument InjectionprädiktivHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
7TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
9TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (39)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/forum/away.phpprädiktivHigh
2Fileadmin/conf_users_edit.phpprädiktivHigh
3Fileadmin/index.phpprädiktivHigh
4Fileblog.phpprädiktivMedium
5Filecomments/feedprädiktivHigh
6Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
7Filexxxxxxxx.xxxprädiktivMedium
8Filexxx/xxx/xxxxxprädiktivHigh
9Filexxxxx.xxxprädiktivMedium
10Filexxxxx.xxxprädiktivMedium
11Filexxxxxxxxx.xxxprädiktivHigh
12Filexxxxxxxxx.xxxprädiktivHigh
13Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxprädiktivHigh
14Filexxx/xxxxxx.xxxprädiktivHigh
15Filexxxxx.xxxxprädiktivMedium
16Filexxxxxxxx.xxxprädiktivMedium
17Filexxxx.xxxprädiktivMedium
18Filexxx_xxxx.xxxprädiktivMedium
19Filexxxxxxx.xxxprädiktivMedium
20Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxprädiktivHigh
21Filexxx.xprädiktivLow
22Filexxxxxx.xxxprädiktivMedium
23Filexxxx.xxxprädiktivMedium
24Filexxxxxx.xxxprädiktivMedium
25ArgumentxxxxxxprädiktivLow
26ArgumentxxxxxxxxprädiktivMedium
27ArgumentxxxprädiktivLow
28ArgumentxxxxxxxxxxxprädiktivMedium
29ArgumentxxxxxxxprädiktivLow
30ArgumentxxprädiktivLow
31ArgumentxxxxprädiktivLow
32ArgumentxxxprädiktivLow
33ArgumentxxxxxxxxprädiktivMedium
34ArgumentxxxxxxxxprädiktivMedium
35ArgumentxxxxxxxxprädiktivMedium
36ArgumentxxxxxxprädiktivLow
37ArgumentxxxxprädiktivLow
38ArgumentxxxxxprädiktivLow
39ArgumentxxxxxxxxprädiktivMedium

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!