Python Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Sprache

en	34
zh	10
pl	2

Land

us	10
pl	2

Akteure

Python	4
Beapy	1
Tsunami	1
FickerStealer	1

Interesse

Typ

Not Defined	18
Continuous Integration Software	6
Database Software	2
Database Administration Software	2
Programming Language Software	2

Hersteller

Not Defined	16
Oracle	2
Artica	2
Unisoc	2
HTC	2

Produkt

Jenkins	6
Unisoc T610	4
Unisoc T606	4
Unisoc T760	4
SHIRASAGI	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	EPSS	CTI	CVE
1	PHP Link Directory Administration Page index.html Cross Site Scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00374	0.47	CVE-2007-0529
2	VMware vSphere Replication erweiterte Rechte	6.7	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00182	0.05	CVE-2021-21976
3	Oracle MySQL Server InnoDB erweiterte Rechte	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00098	0.00	CVE-2018-3185
4	Jenkins Queue erweiterte Rechte	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.04	CVE-2021-21670
5	NAS4Free exec.php erweiterte Rechte	6.3	6.3	$0-$5k	$0-$5k	High	Not Defined	0.47373	0.04	CVE-2013-3631
6	Acer Quick Access QAAdminAgent.exe erweiterte Rechte	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00096	0.04	CVE-2019-18670
7	Advanced SystemCare Ultimate Driver Monitor_win7_x64.sys erweiterte Rechte	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.02	CVE-2018-9006
8	PeaZip Library dragdropfilesdll.dll erweiterte Rechte	6.1	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.09	CVE-2023-6891
9	Microsoft Windows Pragmatic General Multicast Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00945	0.05	CVE-2023-36397
10	Vmware Spring for GraphQL Information Disclosure	3.5	3.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00063	0.00	CVE-2023-34047
11	Jenkins Caption Parameter ExpandableDetailsNote Cross Site Scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00090	0.00	CVE-2023-43495
12	Jenkins Temporary Directory erweiterte Rechte	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.03	CVE-2023-43496
13	Jenkins Stapler Web Framework erweiterte Rechte	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00050	0.00	CVE-2023-43497
14	Jenkins MultipartFormDataParser erweiterte Rechte	6.8	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00050	0.02	CVE-2023-43498
15	Jenkins Build Variable erweiterte Rechte	3.9	3.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.02	CVE-2023-43494
16	SHIRASAGI Directory Traversal	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2023-39448
17	Artica Pandora FMS File Manager .htaccess erweiterte Rechte	5.5	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00091	0.00	CVE-2021-36697
18	INEX IPX-Manager list.foil.php Cross Site Scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00063	0.26	CVE-2022-4559
19	OTFCC otfccdump+0x6c08a6 Pufferüberlauf	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00092	0.00	CVE-2022-35043
20	Unisoc S8000 Sensor Driver Pufferüberlauf	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2022-39126

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	23.21.126.66	ec2-23-21-126-66.compute-1.amazonaws.com	Python	24.07.2021	verifiziert	Medium
2	45.79.77.20	li1176-20.members.linode.com	Python	13.04.2022	verifiziert	High
3	54.221.253.252	ec2-54-221-253-252.compute-1.amazonaws.com	Python	24.07.2021	verifiziert	Medium
4	54.225.66.103	ec2-54-225-66-103.compute-1.amazonaws.com	Python	24.07.2021	verifiziert	Medium
5	54.225.220.115	ec2-54-225-220-115.compute-1.amazonaws.com	Python	24.07.2021	verifiziert	Medium
6	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24.07.2021	verifiziert	Medium
7	XX.XXX.XX.XXX	xxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24.07.2021	verifiziert	Medium
8	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24.07.2021	verifiziert	Medium
9	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24.07.2021	verifiziert	Medium
10	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24.07.2021	verifiziert	Medium
11	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24.07.2021	verifiziert	Medium
12	XX.XX.XXX.XX	xx.xx	Xxxxxx	13.04.2022	verifiziert	High
13	XXX.XX.X.XX		Xxxxxx	13.04.2022	verifiziert	High
14	XXX.XXX.XXX.XXX		Xxxxxx	24.07.2021	verifiziert	High
15	XXX.XXX.XXX.XXX		Xxxxxx	24.07.2021	verifiziert	High
16	XXX.XXX.XXX.XXX		Xxxxxx	24.07.2021	verifiziert	High
17	XXX.XXX.XXX.XXX		Xxxxxx	24.07.2021	verifiziert	High
18	XXX.XXX.XXX.XXX		Xxxxxx	24.07.2021	verifiziert	High
19	XXX.XXX.XXX.XXX		Xxxxxx	24.07.2021	verifiziert	High
20	XXX.XXX.XXX.XXX		Xxxxxx	24.07.2021	verifiziert	High
21	XXX.XX.XXX.XX		Xxxxxx	31.10.2022	verifiziert	High
22	XXX.XXX.XXX.X	xxx.xxxx.xxx	Xxxxxx	31.10.2022	verifiziert	High
23	XXX.XXX.XXX.XX	xxx.xxxx.xxx	Xxxxxx	31.10.2022	verifiziert	High
24	XXX.XXX.XXX.XX	xxx.xxxx.xxx	Xxxxxx	31.10.2022	verifiziert	High
25	XXX.XXX.XXX.XXX	xxx.xxxx.xxx	Xxxxxx	31.10.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klassifizierung	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CAPEC-126	CWE-22	Path Traversal	prädiktiv	High
2	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	prädiktiv	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	prädiktiv	High
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	prädiktiv	High
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
10	TXXXX	CAPEC-38	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	prädiktiv	High
11	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
13	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	.htaccess	prädiktiv	Medium
2	File	/api/v1/bait/set	prädiktiv	High
3	File	/release-x64/otfccdump+0x6b0b2c	prädiktiv	High
4	File	/xxxxxxx-xxx/xxxxxxxxx+xxxxxxxx	prädiktiv	High
5	File	xxxx.xxx	prädiktiv	Medium
6	File	xxxxx.xxxx	prädiktiv	Medium
7	File	xxxxxxxxxxxx.xxx	prädiktiv	High
8	File	xxxxxxx.xx	prädiktiv	Medium
9	File	xxxxxxxxx/xxxxx/xxxxxxxx/xxxx.xxxx.xxx	prädiktiv	High
10	Library	xxxxxxxxxxxxxxxx.xxx	prädiktiv	High
11	Library	xxxxx.xxx	prädiktiv	Medium
12	Library	xxxxxxx_xxxx_xxx.xxx	prädiktiv	High
13	Library	xxxxx.xxx	prädiktiv	Medium
14	Argument	xxxx	prädiktiv	Low
15	Argument	xxxxxxx	prädiktiv	Low

Referenzen (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!