SharpPanda Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (140)

Zeitverlauf

Sprache

en102
zh22
jp8
it6
es2

Land

us84
cn32
sg20
jp4

Akteure

SharpPanda10
Cobalt Strike4
XOR DDoS1
Meterpreter1
Pikabot1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined34
Programming Language Software14
Database Software8
Wireless LAN Software6
Firewall Software6

Hersteller

Not Defined42
Oracle12
Netgear4
Citrix4
pfSense2

Produkt

PHP10
Oracle MySQL Server6
Oracle WebLogic Server4
MantisBT4
Netgear CBR402

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2vu Mass Mailer Login Page redir.asp SQL Injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00181CVE-2007-6138
3PHP bis 5.1.2 phpinfo() Array Cross Site Scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.08985CVE-2006-0996
4vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.270.00141CVE-2018-6200
5Cisco ASA Version Information Disclosure5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.040.00288CVE-2014-3398
6Apache HTTP Server mod_ssl ap_hook_process_connection Denial of Service7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01166CVE-2017-3169
7PHP phpinfo Cross Site Scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.120.02101CVE-2007-1287
8Serendipity exit.php erweiterte Rechte6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.00000
9WoltLab Burning Book addentry.php SQL Injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.00804CVE-2006-5509
10Linux Foundation Xen EFLAGS Register SYSENTER erweiterte Rechte6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00062CVE-2013-1917
11AXIS 2110 Network Camera editcgi.cgi Directory Traversal5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01492CVE-2004-2426
12Synology DiskStation Manager SliceUpload imageSelector.cgi erweiterte Rechte6.56.2$0-$5k$0-$5kHighOfficial Fix0.050.97290CVE-2013-6955
13Hestia Control Panel Domain Name Privilege Escalation5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00139CVE-2021-27231
14Bitrix Site Manager redirect.php erweiterte Rechte5.34.7$0-$5k$0-$5kUnprovenUnavailable0.120.00113CVE-2008-2052
15PHP Link Directory Administration Page index.html Cross Site Scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.480.00374CVE-2007-0529
16Moodle erweiterte Rechte6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00061CVE-2023-35133
17Extreme Networks ExtremeWireless Aerohive HiveOS/IQ Engine NetConfig UI Administrative Interface erweiterte Rechte8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.020.85139CVE-2020-16152
18Advance B2B Script tradeshow-list-detail.php SQL Injection8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00242CVE-2017-17602
19Asus NAS-M25 Cookie erweiterte Rechte9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000.90045CVE-2022-4221
20Apache Log4j Socket Server erweiterte Rechte8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.81948CVE-2017-5645

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • G20 Nations

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
113.236.189.80ec2-13-236-189-80.ap-southeast-2.compute.amazonaws.comSharpPandaG20 Nations02.06.2023verifiziertMedium
245.76.190.21045.76.190.210.vultrusercontent.comSharpPanda10.03.2023verifiziertHigh
345.91.225.139SharpPanda10.02.2022verifiziertHigh
4XX.XXX.XXX.XXxxxxxxx-xxxxxxxx.xxxxxxxx.xxxXxxxxxxxxx10.02.2022verifiziertHigh
5XX.XXX.XXX.XXXxxxxxxxxx10.03.2023verifiziertHigh
6XX.XXX.XXX.XXXxxxxxxxxx10.03.2023verifiziertHigh
7XXX.XX.XXX.XXXxxxxxxxxx10.03.2023verifiziertHigh
8XXX.XXX.XXX.XXXxxxxxxxxx10.03.2023verifiziertHigh
9XXX.XXX.XXX.XXXXxxxxxxxxx10.03.2023verifiziertHigh
10XXX.XXX.XXX.XXXxxxxxxxxx10.03.2023verifiziertHigh
11XXX.XXX.XXX.XXXxxxxx.xxxxxxx.xxxXxxxxxxxxx10.02.2022verifiziertHigh
12XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10.03.2023verifiziertHigh
13XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10.03.2023verifiziertHigh
14XXX.XX.XXX.XXXxxxxxxxxx10.03.2023verifiziertHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22, CWE-23Path TraversalprädiktivHigh
2T1040CWE-294Authentication Bypass by Capture-replayprädiktivHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
4TXXXXCWE-XX, CWE-XXXxxxxxxx XxxxxxxxxprädiktivHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxprädiktivHigh
8TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxprädiktivHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxprädiktivHigh
12TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
15TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/cgi-bin/system_mgr.cgiprädiktivHigh
2File/data/config.ftp.phpprädiktivHigh
3File/forum/away.phpprädiktivHigh
4File/modules/profile/index.phpprädiktivHigh
5File/out.phpprädiktivMedium
6File/tmpprädiktivLow
7File/uncpath/prädiktivMedium
8Filexxxxxxx.xxxprädiktivMedium
9Filexxxxxxxx.xxxprädiktivMedium
10Filexxxxx_xxxxx.xxxprädiktivHigh
11Filexxxx-xxxxxxx.xprädiktivHigh
12Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxprädiktivHigh
13Filexxx-xxx/xxxxxx.xxxprädiktivHigh
14Filexxxxxxx.xxxprädiktivMedium
15Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
16Filexxxxxxx.xxxxx.xxxprädiktivHigh
17Filexxxxxxx.xxxprädiktivMedium
18Filexxxx.xxxprädiktivMedium
19Filexxx_xxxx.xprädiktivMedium
20Filexxxx.xxxprädiktivMedium
21Filexxxx_xxxxx.xprädiktivMedium
22Filexxx/xxxxxx.xxxprädiktivHigh
23Filexxxxx.xxxxprädiktivMedium
24Filexxxxx.xxxprädiktivMedium
25Filexxx-xxx.xxxx.xxprädiktivHigh
26Filexxxxx.xxxprädiktivMedium
27Filexxxxxxxx.xxxprädiktivMedium
28Filexxxxxxxxxx.xxxprädiktivHigh
29Filexxxxxxxxx-xxxx-xxxxxx.xxxprädiktivHigh
30Filexxx.xxxprädiktivLow
31Filexxxxxx/xxxxxxxxxxxxx.xxxprädiktivHigh
32Libraryxxxxxxxx.xxxprädiktivMedium
33Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxprädiktivHigh
34Libraryxxxxxxxxxxx.xxxprädiktivHigh
35Argument--xxxxxx/--xxxxxxxxprädiktivHigh
36ArgumentxxxxxxprädiktivLow
37Argumentxxxxxx/xxxx/xxxx/xxxxx/xxxxxx/x_xxxxxxx/x_xxxxxxxx/x_xxxxxxx/x_xxxxxprädiktivHigh
38Argumentxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxprädiktivHigh
39ArgumentxxxxxxxxxxxprädiktivMedium
40Argumentxxx_xxxxx_xxxxprädiktivHigh
41ArgumentxxxxxxxxprädiktivMedium
42ArgumentxxxxxxxprädiktivLow
43ArgumentxxxxxxprädiktivLow
44ArgumentxxxxprädiktivLow
45ArgumentxxxxprädiktivLow
46ArgumentxxxxxxxxprädiktivMedium
47ArgumentxxprädiktivLow
48ArgumentxxprädiktivLow
49ArgumentxxxxxxprädiktivLow
50ArgumentxxxxxxxxprädiktivMedium
51ArgumentxxxxprädiktivLow
52ArgumentxxxxxxxprädiktivLow
53Argumentxxxx_xxprädiktivLow
54ArgumentxxxprädiktivLow
55ArgumentxxxprädiktivLow
56ArgumentxxxxxxxxprädiktivMedium
57Argumentxxxxxxxx/xxxxxxxxprädiktivHigh
58Input Value../prädiktivLow
59Input Valuex' xx x=x--prädiktivMedium
60Network Portxxx xxxxxx xxxxprädiktivHigh

Referenzen (4)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!