Scar Analyse

IOB - Indicator of Behavior (16)

Zeitverlauf

Sprache

en12
ru2
it2

Land

us10
ru4
it2

Akteure

Aktivitäten

Interesse

Zeitverlauf

Typ

Hersteller

Produkt

Linux Kernel4
systemd2
Genymotion Desktop2
Cisco ASA2
Cisco Firepower Threat Defense2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1nginx HTTP/2 Denial of Service6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.13197CVE-2018-16843
2Microsoft Windows Runtime Remote Code Execution8.17.4$100k und mehr$5k-$25kUnprovenOfficial Fix0.000.40206CVE-2022-21971
3Joomla Usergroup Table erweiterte Rechte4.64.6$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00103CVE-2021-26036
4Bitrix24 Web Application Firewall Cross Site Scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.070.00113CVE-2020-13483
5Linux Kernel Netfilter x_tables.c Pufferüberlauf8.88.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.00256CVE-2021-22555
6Linux Kernel ptrace.c erweiterte Rechte7.87.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00052CVE-2019-13272
7HelpSystems Cobalt Strike Server Screenshot readCountedBytes Hotcobalt Denial of Service3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00246CVE-2021-36798
8Cisco ASA/Firepower Threat Defense Network Address Translation erweiterte Rechte5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00111CVE-2021-34790
9systemd unit-name.c alloca Denial of Service6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00044CVE-2021-33910
10Hikvision Product Message erweiterte Rechte5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020.97493CVE-2021-36260
11RARLAB WinRAR Pufferüberlauf10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00469CVE-2008-7144
12TP-LINK TL-WR740N Firmware Local Privilege Escalation5.35.1$5k-$25kWird berechnetNot DefinedOfficial Fix0.020.00000
13TP-LINK TL-WR841N Web Service Pufferüberlauf8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000.02223CVE-2019-17147
14Genymotion Desktop Clipboard Information Disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00419CVE-2021-27549
15Oracle Database Server OJVM erweiterte Rechte9.99.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00165CVE-2017-10202

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
135.186.232.167167.232.186.35.bc.googleusercontent.comScar06.05.2022verifiziertMedium
252.85.151.4server-52-85-151-4.iad89.r.cloudfront.netScar17.07.2021verifiziertHigh
352.85.151.59server-52-85-151-59.iad89.r.cloudfront.netScar17.07.2021verifiziertHigh
464.186.131.47Scar12.04.2022verifiziertHigh
567.228.31.225e1.1f.e443.ip4.static.sl-reverse.comScar12.04.2022verifiziertHigh
672.21.81.240Scar05.05.2022verifiziertHigh
7XX.XXX.XXX.XXxxxxxx.xx-xxx-xxx-xx.xxxxxxx.xxxx-xxxxxx.xxXxxx17.07.2021verifiziertHigh
8XX.XXX.XXX.XXXXxxx17.07.2021verifiziertHigh
9XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxx17.07.2021verifiziertHigh
10XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxx17.07.2021verifiziertHigh
11XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxx05.05.2022verifiziertHigh
12XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx06.05.2022verifiziertHigh
13XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxx06.05.2022verifiziertHigh
14XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxx05.05.2022verifiziertHigh
15XXX.XXX.XX.XXxx-xx-xxx.xxxxx.xxxXxxx06.05.2022verifiziertHigh
16XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxx06.05.2022verifiziertHigh
17XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxx06.05.2022verifiziertHigh
18XXX.XXX.X.XXXxxx17.07.2021verifiziertHigh
19XXX.XXX.X.XXxxxxxx.xxxxxxxxxxx.xxxXxxx17.07.2021verifiziertHigh
20XXX.XXX.XXX.XXXXxxx12.04.2022verifiziertHigh
21XXX.XX.XX.XXXxx-xx.xxxxxxxxxx.xxxXxxx06.05.2022verifiziertHigh
22XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxx06.05.2022verifiziertHigh
23XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxx05.05.2022verifiziertHigh
24XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxx05.05.2022verifiziertHigh
25XXX.XX.XXX.XXXxxx.xxxxx.xxx.xxXxxx05.05.2022verifiziertHigh
26XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx06.05.2022verifiziertHigh
27XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx06.05.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1Filebasic/unit-name.cprädiktivHigh
2Filecomponents/bitrix/mobileapp.list/ajax.php/prädiktivHigh
3Filexxxxxx/xxxxxx.xprädiktivHigh
4Filexxx/xxxxxxxxx/x_xxxxxx.xprädiktivHigh
5Argumentxxxxx[xxxxx][xx]prädiktivHigh

Referenzen (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!