Shlayer Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Zeitverlauf

Sprache

en18
fr2

Land

us10
rs2
fr2
ir2
nl2

Akteure

Shlayer1
Remcos1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined6
Web Server4
Content Management System2
Social Network Software2
Hardware Driver Software2

Hersteller

LogicBoard2
Apache2
Facebook2
Forescout2
Plohni2

Produkt

LogicBoard CMS2
Apache HTTP Server2
Facebook WhatsApp2
Facebook WhatsApp Business2
Facebook WhatsApp Desktop2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.880.00000
2lighttpd mod_evhost/mod_simple_vhost Directory Traversal5.34.6$0-$5kWird berechnetProof-of-ConceptOfficial Fix0.000.14448CVE-2013-2324
3Samsung DSP Driver ELF Library erweiterte Rechte6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00078CVE-2021-25371
4Seowon Intech SLC-130/SLR-120S system_log.cgi erweiterte Rechte8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.96263CVE-2020-17456
5Cisco Unified Communications Manager Database User Privilege Information Disclosure5.85.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00093CVE-2022-20791
6Neato Botvac Connected USB Serial Port erweiterte Rechte4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00109CVE-2018-20785
7Neato Botvac Connected/Botvac 85 Black Box Log rc4_crypt RC4 schwache Verschlüsselung3.43.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00060CVE-2018-17177
8Facebook WhatsApp/WhatsApp Business/WhatsApp Desktop RTCP Flag Parser Information Disclosure6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00138CVE-2021-24043
9Qualcomm Snapdragon Wired Infrastructure and Networking TrustZone BSP Pufferüberlauf5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2020-11259
10Qualcomm Snapdragon Wired Infrastructure and Networking TrustZone BSP Pufferüberlauf5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2020-11258
11Python Software Foundation BaseHTTPServer HTTP Request Denial of Service7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.040.00000
12Dell SupportAssist Client erweiterte Rechte7.17.0$5k-$25kWird berechnetNot DefinedOfficial Fix0.000.00248CVE-2019-3719
13Acunetix Web Vulnerability Scanner Denial of Service3.73.5$0-$5k$0-$5kProof-of-ConceptUnavailable0.020.00000
14Plohni Advanced Comment System Installation index.php erweiterte Rechte7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00997CVE-2009-4623
15OpenSSH Authentication Username Information Disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
16Forescout CounterACT erweiterte Rechte5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00452CVE-2012-4985
17ForeScout CounterACT Cross Site Scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00195CVE-2012-1825
18Apache HTTP Server Limit Directive ap_limit_section Pufferüberlauf6.46.3$5k-$25k$0-$5kHighOfficial Fix0.030.97305CVE-2017-9798
19Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
134.225.46.51ec2-34-225-46-51.compute-1.amazonaws.comShlayer28.08.2022verifiziertMedium
2XX.XX.XX.XXXxxxxxx28.08.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22, CWE-36Path TraversalprädiktivHigh
2T1059CWE-94Argument InjectionprädiktivHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
6TXXXX.XXXCWE-XXXXxxxxxxxprädiktivHigh
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
8TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/bin/rc4_cryptprädiktivHigh
2File/forum/away.phpprädiktivHigh
3Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
4Filexxxxx.xxxprädiktivMedium
5Filexxxxxx_xxx.xxxprädiktivHigh
6Argumentxxx_xxxxprädiktivMedium
7ArgumentxxxxxxxxprädiktivMedium
8ArgumentxxxxxxprädiktivLow
9ArgumentxxxxxxxxprädiktivMedium
10ArgumentxxxxxxxprädiktivLow
11ArgumentxxxxxxxxprädiktivMedium
12Input Value*^xxxxx!xprädiktivMedium
13Input Value../prädiktivLow
14Network Portxxx xxxxxx xxxxprädiktivHigh

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!