Sality Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

Zeitverlauf

Sprache

en30
de4
ru4
es2

Land

us20
pt6
ru6
gb2
es2

Akteure

Sality3
Wannacry1
SmokeLoader1
StealthWorker1
Cobalt Strike1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined12
Operating System6
Anti-Malware Software2
Content Management System2
Unified Communication Software2

Hersteller

Not Defined10
Microsoft8
Symantec2
Maianscriptworld2
b3log2

Produkt

Microsoft Windows6
phpRaid2
Symantec Endpoint Protection Manager2
Maianscriptworld Maian Recipe2
b3log Symphony2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1WordPress wp-trackback.php mb_convert_encoding schwache Verschlüsselung5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.033580.00CVE-2009-3622
2Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page Cross Site Scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000530.06CVE-2022-28507
3YaPiG view.php Cross Site Scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.013350.00CVE-2005-1886
4WordPress wp-register.php Cross Site Scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.003220.00CVE-2007-5105
5MetInfo URL Redirector login.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001070.00CVE-2017-11718
6phpRaid register.php erweiterte Rechte5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
7vu Mass Mailer Login Page redir.asp SQL Injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.00CVE-2007-6138
8DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.51CVE-2010-0966
9Symantec Endpoint Protection Manager SAP XML Parser XML External Entity7.36.6$5k-$25k$0-$5kHighOfficial Fix0.831770.00CVE-2013-5014
10Mozilla Firefox/Thunderbird/Firefox ESR NPAPI Plugin Cross Site Request Forgery6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.004190.00CVE-2019-11712
11Linux Kernel oom_kill.c __oom_reap_task_mm Pufferüberlauf4.74.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2017-18202
12Node.js HTTP Header Denial of Service6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.016470.00CVE-2018-12121
13TestLink Plugin summary.jelly Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2018-1000113
14Microsoft Windows Windows Media Player Information Disclosure2.52.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001840.03CVE-2017-11768
15W3C Jigsaw Host Header Cross Site Scripting6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010340.00CVE-2002-1053
16Microsoft Windows Subsystem for Linux erweiterte Rechte6.45.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002130.00CVE-2018-0743
17Microsoft Windows DirectX Information Disclosure5.14.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2019-0837
18WordPress wpdb->prepare SQL Injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003890.09CVE-2017-16510
19Microsoft Lync/Skype for Business Security Feature erweiterte Rechte7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.002840.03CVE-2018-8238
20Iptanus File Upload Plugin Shortcode Cross Site Scripting6.05.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001850.00CVE-2018-9172

IOC - Indicator of Compromise (31)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
15.101.0.44Sality12.04.2022verifiziertHigh
220.53.203.50Sality01.08.2022verifiziertHigh
320.72.235.82Sality01.08.2022verifiziertHigh
420.81.111.85Sality01.08.2022verifiziertHigh
520.84.181.62Sality01.08.2022verifiziertHigh
620.103.85.33Sality01.08.2022verifiziertHigh
720.109.209.108Sality01.08.2022verifiziertHigh
8XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx01.08.2022verifiziertHigh
9XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx01.08.2022verifiziertHigh
10XX.XXX.XXX.XXXxxxxx08.04.2022verifiziertHigh
11XX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxx-xxxx.xxx.xxxXxxxxx12.04.2022verifiziertHigh
12XX.XX.X.XXxxxxxxx.x.xxxxxxxxx.xxxXxxxxx12.04.2022verifiziertHigh
13XX.XXX.XXX.XXXxxxxx08.04.2022verifiziertHigh
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxx08.04.2022verifiziertHigh
15XX.XXX.XXX.XXXXxxxxx12.04.2022verifiziertHigh
16XX.XXX.XX.XXXxx-xxx-xx-xxx-xxxxxx.xxxxxxx.xxxXxxxxx29.10.2023verifiziertHigh
17XX.XXX.XXX.XXxx-xxxxx.xx.xxxxxxxxxxxxx.xxXxxxxx12.04.2022verifiziertHigh
18XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxx12.04.2022verifiziertHigh
19XXX.XX.XX.XXxxxxxxxxxxx.x.xxxxxxxxx.xxxXxxxxx12.04.2022verifiziertHigh
20XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx12.04.2022verifiziertHigh
21XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxx12.04.2022verifiziertHigh
22XXX.X.XXX.XXXXxxxxx12.04.2022verifiziertHigh
23XXX.XXX.XX.XXx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx12.04.2022verifiziertHigh
24XXX.XX.XXX.Xxx-xxxxx.xxx.xx.xxXxxxxx12.04.2022verifiziertHigh
25XXX.XX.XX.XXXXxxxxx08.04.2022verifiziertHigh
26XXX.XX.XXX.XXXXxxxxx08.04.2022verifiziertHigh
27XXX.XX.XXX.XXXXxxxxx08.04.2022verifiziertHigh
28XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx08.04.2022verifiziertHigh
29XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxx-xxxx.xxxXxxxxx08.04.2022verifiziertHigh
30XXX.XX.XX.XXxxxx.xxxxxxx.xxXxxxxx08.04.2022verifiziertHigh
31XXX.XX.XX.XXXxxx.xxxxxxx.xxXxxxxx12.04.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassifizierungSchwachstellenZugriffsartTypAkzeptanz
1T1059CAPEC-242CWE-94Argument InjectionprädiktivHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
4TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxprädiktivHigh
5TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxprädiktivHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxprädiktivHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/getcfg.phpprädiktivMedium
2File/settings/avatarprädiktivHigh
3Filebin/icingaprädiktivMedium
4Fileinc/config.phpprädiktivHigh
5Fileindex.phpprädiktivMedium
6Filexxxxxx/xxxxx.xxxprädiktivHigh
7Filexxxxxx.xxprädiktivMedium
8Filexx/xxx_xxxx.xprädiktivHigh
9Filexxx.xxxprädiktivLow
10Filexxxxx.xxxprädiktivMedium
11Filexxxxxxxx.xxxprädiktivMedium
12Filexxxxxxxxxxxxxxxxxxx/xxxxxxx.xxxxxprädiktivHigh
13Filexxxxxxxxx.xxprädiktivMedium
14Filexxxx/xxxxxxxxxxxx.xprädiktivHigh
15Filexxxx.xxxprädiktivMedium
16Filexx-xxxxxxxx.xxxprädiktivHigh
17Filexx-xxxxxxxxx.xxxprädiktivHigh
18ArgumentxxxxxxxxprädiktivMedium
19ArgumentxxxxxxxxxprädiktivMedium
20ArgumentxxxxxxxprädiktivLow
21ArgumentxxxxxxxxxxxprädiktivMedium
22ArgumentxxxxxprädiktivLow
23ArgumentxxprädiktivLow
24ArgumentxxxxxxprädiktivLow
25ArgumentxxxxxxxxprädiktivMedium
26ArgumentxxxxprädiktivLow
27Argumentxxxxxxx_xxxprädiktivMedium
28ArgumentxxxxxxxxprädiktivMedium
29ArgumentxxxxxxxxxxxxxprädiktivHigh
30Argumentxxxx_xxxxxprädiktivMedium
31Argument_xxxxxxxprädiktivMedium
32Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxprädiktivHigh
33Pattern|xx|xx|xx|prädiktivMedium
34Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)prädiktivHigh
35Network Portxxx xxxxxx xxxxprädiktivHigh

Referenzen (6)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!