SessionManager Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Zeitverlauf

Sprache

en12
zh10
ja2
pt2

Land

cn20
us2
jp2
ir2

Akteure

Gelsemium2
Cobalt Strike2

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined12
WordPress Plugin4
Content Management System2
Operating System2
Hosting Control Software2

Hersteller

Not Defined8
Hikvision2
Jfinal2
Michael Leithold2
Microsoft2

Produkt

Hikvision NVR DS-76xxNI-E12
Hikvision NVR DS-76xxNI-E22
Hikvision NVR DS-77xxxNI-E42
Jfinal CMS2
ThinkPHP2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1ZCMS ThinkPHP SQL Injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.002030.05CVE-2020-19705
2sentry-sdk Session Information Disclosure5.65.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.02CVE-2023-28117
3IBM CTSS Text Editor Password Information Disclosure3.33.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.08
4Permalink Manager Lite Plugin Cross Site Scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-2738
5Michael Leithold DSGVO All in One for WP Plugin Cross Site Request Forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-27967
6Google Chrome V8 Remote Code Execution7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000560.04CVE-2024-2625
7Huawei SXXXX XML Parser erweiterte Rechte3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000560.03CVE-2017-15346
8prototypejs Prototype JavaScript framework Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004060.04CVE-2008-7220
9NVIDIA GeForce Experience nvcontainer.exe erweiterte Rechte7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2020-5978
10Microsoft Windows Runtime Remote Code Execution8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.382670.04CVE-2022-21971
11Parallels Plesk Panel index.htm Cross Site Scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001120.02CVE-2019-18793
12Discuz! admin.php Cross Site Scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.06CVE-2018-19464
13ZCMS SQL Injection8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.003860.00CVE-2015-7346
14ZCMS Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.02CVE-2019-9078
15Microsoft Windows Print Spooler Local Privilege Escalation7.56.9$25k-$100k$0-$5kHighOfficial Fix0.968250.00CVE-2021-1675
16Jfinal CMS FileManagerController.java FileManager.rename erweiterte Rechte6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.002020.00CVE-2020-19155
17Redis BIT Command Information Disclosure7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.017130.00CVE-2021-32761
18OpenLiteSpeed WebAdmin Console erweiterte Rechte9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002440.04CVE-2020-5519
19FileZilla Server PORT erweiterte Rechte4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.17CVE-2015-10003
20ThinkPHP index.php SQL Injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001790.02CVE-2018-10225

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
1202.182.123.185202.182.123.185.vultrusercontent.comSessionManager05.07.2022verifiziertHigh
2XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxx05.07.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassifizierungSchwachstellenZugriffsartTypAkzeptanz
1T1059.007CAPEC-209CWE-79Cross Site ScriptingprädiktivHigh
2TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
3TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxprädiktivHigh
4TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1Fileadmin.phpprädiktivMedium
2Fileindex.phpprädiktivMedium
3Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxprädiktivHigh
4Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxprädiktivHigh
5Filexxxxxxxxxxx.xxxprädiktivHigh
6Filexxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxxprädiktivHigh
7Filexxxx/xxx.xxx?xx=xxxxxxprädiktivHigh
8ArgumentxxxxxxxxprädiktivMedium
9ArgumentxxxxxxxxprädiktivMedium
10Input ValuexxxxxxprädiktivLow

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!