Shamoon 2 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Zeitverlauf

Sprache

en44
ru10

Land

us40
ru12
cn2

Akteure

Shamoon 24
QakBot1
Meterpreter1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined18
Image Processing Software10
Groupware Software6
Testing Software6
Router Operating System2

Hersteller

Not Defined14
IBM10
Microsoft8
TP-LINK6
D-Link2

Produkt

LibTIFF10
IBM Rational Collaborative Lifecycle Management6
IBM Rational Quality Manager6
IBM Rational Team Concert6
IBM Rational DOORS Next Generation6

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1ClamAV Antivirus AutoIt Module Denial of Service7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00063CVE-2023-20212
2Microsoft SharePoint erweiterte Rechte6.15.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00471CVE-2017-8569
3Ditty Plugin Cross Site Scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00100CVE-2022-0533
4Moxa TN-4900/TN-5900 erweiterte Rechte7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-34217
5D-Link DAP-2660 GET Request adv_resource Pufferüberlauf5.55.3$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00082CVE-2023-39749
6TP-LINK TL-WR841N/TL-WR940N/TL-WR941ND WlanSecurityRpm Pufferüberlauf7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00046CVE-2023-39747
7TP-LINK TL-WR841N/TL-WR940N/TL-WR941ND GET Request AccessCtrlAccessRulesRpm Pufferüberlauf5.55.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-39745
8TP-LINK TL-WR1041N V2 GET Request NetworkCfgRpm Denial of Service5.55.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-39748
9Private Internet Access erweiterte Rechte8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00044CVE-2022-27092
10ASUS RT-AC88U Download Master Title erweiterte Rechte5.95.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00073CVE-2020-29655
11Mole Adult Portal Script profile.php SQL Injection7.37.3$0-$5k$0-$5kHighUnavailable0.020.00129CVE-2009-4673
124images categories.php Cross Site Scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00207CVE-2015-7708
134homepages 4images member.php Cross Site Scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.000.00111CVE-2009-2131
14Kentico CMS CMS Administration Dashboard install.aspx erweiterte Rechte8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.14830CVE-2017-17736
15FileZilla Server PORT erweiterte Rechte4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.150.00052CVE-2015-10003
16Microsoft SharePoint Content erweiterte Rechte6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.03414CVE-2015-1700
17Microsoft SharePoint Server Cross Site Scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01035CVE-2017-0107
18Microsoft SharePoint Server Cross Site Scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00187CVE-2017-8654
19Microsoft Excel Pufferüberlauf7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.48559CVE-2016-7236
20ownCloud scan.php Information Disclosure8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00439CVE-2016-1499

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
15.254.100.200Shamoon 215.02.2024verifiziertHigh
245.63.10.9945.63.10.99.vultrusercontent.comShamoon 215.02.2024verifiziertHigh
3XX.XX.XXX.XXxx.xx.xxx.xx.xxxxx.xxxXxxxxxx X23.12.2020verifiziertMedium
4XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxx.xxxXxxxxxx X23.12.2020verifiziertMedium
5XX.XX.XXX.XXXxxxxxx X15.02.2024verifiziertHigh
6XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxXxxxxxx X15.02.2024verifiziertHigh
7XXX.XXX.XXX.XXXxxxxxxxxxxxx.xxxxxxx.xxxxXxxxxxx X15.02.2024verifiziertHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1040CWE-294Authentication Bypass by Capture-replayprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxprädiktivHigh
7TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxprädiktivHigh
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/adv_resourceprädiktivHigh
2File/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.aspprädiktivHigh
3File/userRpm/AccessCtrlAccessRulesRpmprädiktivHigh
4File/userRpm/NetworkCfgRpmprädiktivHigh
5File/xxxxxxx/xxxxxxxxxxxxxxxprädiktivHigh
6File/xxxxxx/xx/xxxxxxxxxxx.xxxprädiktivHigh
7Filexxxxx/xxxxxxxxxx.xxxprädiktivHigh
8Filexxxxxxxx.xxxprädiktivMedium
9Filexxxxxxxxxx/xxxxxxx.xxxxprädiktivHigh
10Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxprädiktivHigh
11Filexxxxxx.xxxprädiktivMedium
12Filexxxxxxx.xxxprädiktivMedium
13Filexxx.xxx~xxxxxxxxxxxxxx!xxx/xxxxxxxxxprädiktivHigh
14Filexxx.xxx~xx~xxxx~xxx~xxxxxxx~xxxxxxxx~xxx/xxxxxxxxxxxprädiktivHigh
15Filexxx_xxxxxxxx.xprädiktivHigh
16Filexxx_xxxxxxx.xprädiktivHigh
17Filexxx_xxxxx.xprädiktivMedium
18Filexxxxx/xxxxxxxx.xprädiktivHigh
19Filexxxxx/xxxxxx.xprädiktivHigh
20Filexxxxx/xxxxxxxx.xprädiktivHigh
21Argumentxxx_xxxxxxxxxxxprädiktivHigh
22ArgumentxxxprädiktivLow
23ArgumentxxxxxprädiktivLow
24ArgumentxxxxprädiktivLow
25ArgumentxxxxxxxxxxxprädiktivMedium
26ArgumentxxxxxxxxxxxxprädiktivMedium
27Argumentxxxx_xxxxxxxxprädiktivHigh
28Argumentxxxx_xxprädiktivLow
29Input Value<xxxxxx>xxxxx(x)</xxxxxx>prädiktivHigh
30Network Portxxx/xxxxprädiktivMedium

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!