Regin Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (113)

Sprache

en	106
de	4
zh	4

Land

us	60
gb	36
cn	6
ru	4
bd	4

Akteure

Mirai	1
Regin	1

Interesse

Typ

Not Defined	48
Operating System	10
Programming Language Software	8
Content Management System	6
Web Server	6

Hersteller

Not Defined	34
IBM	12
Microsoft	8
Oracle	6
Cisco	6

Produkt

PHP	8
Microsoft Windows	6
Cisco Small Business Switches	4
WordPress	4
Plohni Advanced Comment System	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	EPSS	CTI	CVE
1	Host Discard Service erweiterte Rechte	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.01500	0.03	CVE-1999-0636
2	PHP Filename DirectoryIterator Pufferüberlauf	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00809	0.04	CVE-2019-11045
3	nginx erweiterte Rechte	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	1.68	CVE-2020-12440
4	Sonatype Nexus Repository Manager erweiterte Rechte	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.00	CVE-2021-43961
5	HP Enterprise LaserJet Pufferüberlauf	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00197	0.02	CVE-2021-39238
6	CKeditor Dialogs Plugin erweiterte Rechte	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00148	0.00	CVE-2021-26271
7	TYPO3 User Session schwache Verschlüsselung	5.6	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00168	0.00	CVE-2021-21339
8	VMware vCenter Server Heartbeat Message erweiterte Rechte	5.3	4.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02214	0.02	CVE-2015-1047
9	SELinux unix_chkpwd erweiterte Rechte	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00042	0.00	CVE-2005-2977
10	st Module passwd Directory Traversal	6.4	6.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00672	0.00	CVE-2014-3744
11	Vastal phpVID browse_videos.php Cross Site Scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01762	0.04	CVE-2013-5312
12	GitHub Actions Runner erweiterte Rechte	8.3	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00117	0.00	CVE-2022-39321
13	Oracle Database Server RDBMS Security/SQL*Plus Information Disclosure	2.6	2.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00069	0.00	CVE-2016-3562
14	Oracle Solaris Common Desktop Environment Format String	8.3	7.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00043	0.00	CVE-2022-43752
15	Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page Cross Site Scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00053	0.06	CVE-2022-28507
16	HMS Ewon eCatcher erweiterte Rechte	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.00	CVE-2021-33214
17	Wamp Wamp64 erweiterte Rechte	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00130	0.04	CVE-2022-36565
18	NVIDIA CUDA Toolkit SDK cuobjdump Pufferüberlauf	6.6	6.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00091	0.00	CVE-2022-21821
19	Siemens SIMATIC S7-400 Session Cookie httponly Information Disclosure	5.3	5.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00096	0.03	CVE-2016-8672
20	Cisco Small Business Switches schwache Authentisierung	8.4	8.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00243	0.00	CVE-2018-15439

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	17.3.40.93		Regin	01.01.2021	verifiziert	High
2	18.159.0.1	ec2-18-159-0-1.eu-central-1.compute.amazonaws.com	Regin	01.01.2021	verifiziert	Medium
3	XX.X.X.X	x.x.x.xx.xxx.xxxx.xxx	Xxxxx	01.01.2021	verifiziert	High
4	XX.XX.XXX.XX		Xxxxx	01.01.2021	verifiziert	High
5	XXX.XXX.XXX.XXX	xxxxxxx.xxxxxx.xx	Xxxxx	01.01.2021	verifiziert	High
6	XXX.XX.XXX.XXX	xxxx.xxxxxxxx.xxxxxxxxxxxxx.xxx	Xxxxx	08.06.2021	verifiziert	High
7	XXX.XXX.XX.XX	xxxx.xxxxxxxxxx.xxx	Xxxxx	08.06.2021	verifiziert	High

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klassifizierung	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CAPEC-126	CWE-22	Path Traversal	prädiktiv	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	prädiktiv	High
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
9	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
10	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
11	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
13	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	prädiktiv	High
14	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High
15	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/etc/passwd	prädiktiv	Medium
2	File	/etc/sudoers	prädiktiv	Medium
3	File	/exponent_constants.php	prädiktiv	High
4	File	actions.php	prädiktiv	Medium
5	File	adclick.php	prädiktiv	Medium
6	File	add_comment.php	prädiktiv	High
7	File	adminer.php	prädiktiv	Medium
8	File	xxxxxxx.xxx/xxxxxxxxxxxx.xxx	prädiktiv	High
9	File	xxxxxx_xxxxxx.xxx	prädiktiv	High
10	File	xxxxxxx.xxx	prädiktiv	Medium
11	File	x:\xxxxxx	prädiktiv	Medium
12	File	xxxxxx.xxx	prädiktiv	Medium
13	File	xxxxxx/xxx/x_xxx_xxx_xxxx_xxxx.x	prädiktiv	High
14	File	xxxxxxxxxx.x	prädiktiv	Medium
15	File	xxx/xxxx/xxx_xxxx.x	prädiktiv	High
16	File	xxx/xxxx/xxxx.x	prädiktiv	High
17	File	xxxxx.xxx	prädiktiv	Medium
18	File	xxxxxxxxx.xxxxxxxx.xxxxx.xxx.xxx	prädiktiv	High
19	File	xx_xxx_xx.x	prädiktiv	Medium
20	File	xxxxx.xxx	prädiktiv	Medium
21	File	xxxxx.xxx	prädiktiv	Medium
22	File	xxxxxxx.xxx	prädiktiv	Medium
23	File	xxx_xxx_xxxxxx.x	prädiktiv	High
24	File	xxx/xxxx/xxxxxx.x	prädiktiv	High
25	File	xxx_xxx.x	prädiktiv	Medium
26	File	xxxx/xxx/xxx_xxxx.x	prädiktiv	High
27	File	xxxx-xxxxxx.x	prädiktiv	High
28	File	xxxxx/xxxx/xxxxxxxx.xxx	prädiktiv	High
29	File	xxxx_xxxxxx	prädiktiv	Medium
30	File	xx-xxxxxxx/xxxxxxx	prädiktiv	High
31	File	_xxxxxx.xxx	prädiktiv	Medium
32	Library	/_xxx_xxx/xxxxx.xxx	prädiktiv	High
33	Argument	$_xxxxxx['xxxxx_xxxxxx']	prädiktiv	High
34	Argument	xxx_xxxx	prädiktiv	Medium
35	Argument	xxxx_xxx	prädiktiv	Medium
36	Argument	xxx	prädiktiv	Low
37	Argument	xxxx_xxx	prädiktiv	Medium
38	Argument	xxxx	prädiktiv	Low
39	Argument	xxxxx	prädiktiv	Low
40	Argument	xxxx	prädiktiv	Low
41	Argument	xx	prädiktiv	Low
42	Argument	xxxxxxx	prädiktiv	Low
43	Argument	xxx_xxxxxxx	prädiktiv	Medium
44	Argument	xxxxxxxxxxxxx	prädiktiv	High
45	Argument	xxxxxxx	prädiktiv	Low
46	Argument	x_xx_x_x	prädiktiv	Medium
47	Argument	xxxxxxx_xx_xxxxxxx	prädiktiv	High
48	Argument	xxxx	prädiktiv	Low
49	Argument	xx_xxxx_xxxxxx_xxxxxxxxxx	prädiktiv	High
50	Input Value	%xx%xx	prädiktiv	Low
51	Input Value	%x/%x	prädiktiv	Low
52	Input Value	-x	prädiktiv	Low
53	Input Value	/../	prädiktiv	Low
54	Input Value	xxxxxxxx/xxxxxxxx/xxxxxxxxx	prädiktiv	High
55	Input Value	xxxxxx	prädiktiv	Low
56	Network Port	xxx/xx (xxx xxxxxxxx)	prädiktiv	High
57	Network Port	xxx/xxxxx	prädiktiv	Medium

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Interested in the pricing of exploits?

See the underground prices here!