Sofacy Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (159)

Zeitverlauf

Sprache

en140
de8
zh4
es4
ru2

Land

ch52
us40
ar6
tr6
ru4

Akteure

Sofacy7
APT283
Raccoon2
Vidar2
RedLine Stealer2

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined52
Content Management System10
Operating System8
Database Administration Software6
Web Server6

Hersteller

Not Defined52
Microsoft12
SourceCodester6
Linux4
DragonByte4

Produkt

phpMyAdmin6
Linux Kernel4
Microsoft Windows4
WordPress4
Microsoft IIS4

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Backdoor.Win32.Tiny.c Service Port 7778 erweiterte Rechte7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.040.00000
2Linux Kernel NILFS File System inode.c security_inode_alloc Pufferüberlauf8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2022-2978
3SourceCodester Simple and Nice Shopping Cart Script profile.php erweiterte Rechte6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00098CVE-2022-2909
4Crow HTTP Pipelining Pufferüberlauf8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00416CVE-2022-38667
5mySCADA myPRO erweiterte Rechte9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00105CVE-2022-2234
6GNU Bash Environment Variable variables.c Shellshock erweiterte Rechte9.89.3$100k und mehr$0-$5kHighOfficial Fix0.030.97564CVE-2014-6271
7WordPress Editor Information Disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00463CVE-2021-29450
8AnyMacro AnyMacro Mail System Directory Traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00179CVE-2011-2468
9phpMyAdmin Configuration File setup.php erweiterte Rechte7.37.0$5k-$25k$0-$5kHighOfficial Fix0.060.79256CVE-2009-1151
10WordPress class-wp-customize-widgets.php erweiterte Rechte7.36.4$5k-$25k$0-$5kUnprovenOfficial Fix0.030.07158CVE-2014-5203
11Zeus Zeus Web Server Pufferüberlauf10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.11877CVE-2010-0359
12OpenSSL c_rehash erweiterte Rechte5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.09738CVE-2022-1292
13Tenda AX1803 getIptvInfo Pufferüberlauf7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00087CVE-2023-51969
14ownCloud graphapi GetPhpInfo.php Information Disclosure7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.080.86982CVE-2023-49103
15Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5kWird berechnetNot DefinedOfficial Fix0.150.00668CVE-2022-27228
16Git Plugin Build erweiterte Rechte6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.050.01156CVE-2022-36883
17Cisco RV340/RV340W/RV345/RV345P erweiterte Rechte7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.38542CVE-2023-20073
18Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.45352CVE-2023-21716
19ampache SQL Injection5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00072CVE-2023-0771
20x-text Language Tag Information Disclosure5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00092CVE-2021-38561

Kampagnen (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
11.6.3.8Sofacy22.12.2020verifiziertHigh
223.0.0.185a23-0-0-185.deploy.static.akamaitechnologies.comSofacy23.12.2020verifiziertHigh
340.112.210.240Sofacy23.12.2020verifiziertHigh
4XX.XXX.XXX.XXXxxxxx.xxxxxxxxxxx.xxxXxxxxxXxxxxxx29.08.2021verifiziertHigh
5XX.XX.XX.XXXxxxxx23.12.2020verifiziertHigh
6XX.XX.XX.XXXXxxxxx23.12.2020verifiziertHigh
7XX.XXX.XX.XXXxxxxxxxxxxxxxxxx.xxxXxxxxxXxxxxxx29.08.2021verifiziertHigh
8XX.XXX.XXX.XXXXxxxxxXxxxxxx29.08.2021verifiziertHigh
9XX.XXX.XX.XXxxxxxx-xx.xxxxxxxx.xxXxxxxxXxxxxxxxxxxxx23.12.2020verifiziertHigh
10XXX.XX.XX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxxx22.12.2020verifiziertHigh
11XXX.XX.XX.XXXxxxx-xxxxx.xxxxxxx.xxxxXxxxxx22.12.2020verifiziertHigh
12XXX.XXX.XX.XXXxxxxxxx.xxxx-xxxxxx.xxxXxxxxx22.12.2020verifiziertHigh
13XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxXxxxxx22.12.2020verifiziertHigh
14XXX.XXX.XXX.XXXXxxxxx22.12.2020verifiziertHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1040CWE-294Authentication Bypass by Capture-replayprädiktivHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
4T1059CWE-94Argument InjectionprädiktivHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxprädiktivHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxprädiktivHigh
13TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxprädiktivHigh
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxprädiktivHigh
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
16TXXXX.XXXCWE-XXXXxxxxxxxprädiktivHigh
17TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
19TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (80)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File.procmailrcprädiktivMedium
2File/dashboard/updatelogo.phpprädiktivHigh
3File/etc/openshift/server_priv.pemprädiktivHigh
4File/files.md5prädiktivMedium
5File/index.phpprädiktivMedium
6File/info/headersprädiktivHigh
7File/mkshop/Men/profile.phpprädiktivHigh
8File/Noxen-master/users.phpprädiktivHigh
9File/uncpath/prädiktivMedium
10Filexxxxxxx/xxxxxxxx.xxxprädiktivHigh
11Filexxxxxxx/xxxx.xxxprädiktivHigh
12Filexxxxxxx/xxxxxxxxxxxxx.xxxprädiktivHigh
13Filexxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxxprädiktivHigh
14Filexx/xxxxxx_xxx.xxxprädiktivHigh
15Filexxxx/xxxxxxxxxxxx.xxxprädiktivHigh
16Filexxx.xxx?xxx=xxxxx_xxxxprädiktivHigh
17Filexxxxxxxx/xxxxprädiktivHigh
18Filex_xxxxxxprädiktivMedium
19Filexx.xprädiktivLow
20Filexxxxx.xxxprädiktivMedium
21Filexxxxxxxxxx.xxxprädiktivHigh
22Filexxxxxx.xprädiktivMedium
23Filexxxxxxxx.xxxprädiktivMedium
24Filexxxxxxxxxx.xxxprädiktivHigh
25Filexxxx_xxxx.xprädiktivMedium
26Filexxxxx.xxxprädiktivMedium
27Filexxxxxx.xxxprädiktivMedium
28Filexxxxx.xprädiktivLow
29Filexxxxxxxxxx.xxxprädiktivHigh
30Filexxxxx_xxxxxxx.xxxprädiktivHigh
31Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxprädiktivHigh
32Filexxxx.xxxprädiktivMedium
33Filexxxxx.xxxprädiktivMedium
34Filexxxxx/xxxxx-xxxx-xxxxxxxx.xxxprädiktivHigh
35Filexxxx.xxx.xxxxxxxxxxprädiktivHigh
36Filexxxxxxxxx/xxxxx/xxxxxx.xxxxprädiktivHigh
37Filexxxxxx/xxxx.xxxprädiktivHigh
38Filexxxxxxxxxxxxxxxxx.xxxprädiktivHigh
39Filexxxx/xxx/xxxx-xxxxx.xxxprädiktivHigh
40Filexxxxxxxxx.xprädiktivMedium
41Filexxxxxxx.xxxprädiktivMedium
42Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxprädiktivHigh
43Filexx-xxxxxxxx/xxxxxxxxx.xxxprädiktivHigh
44Filexxxxxx.xxxprädiktivMedium
45Filexx_xxxxxxx.xprädiktivMedium
46Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxprädiktivHigh
47Libraryxxxxx.xxxprädiktivMedium
48ArgumentxxxxprädiktivLow
49ArgumentxxxxxxxxxprädiktivMedium
50Argumentxxxx/xxxxprädiktivMedium
51Argumentxxxxxx_xxxx_xxxxxxxxprädiktivHigh
52ArgumentxxxxprädiktivLow
53Argumentxxx_xxxx/xxx_xxxxxxxprädiktivHigh
54ArgumentxxxxxxprädiktivLow
55ArgumentxxxxxxxxxxxprädiktivMedium
56Argumentxxxx_xxprädiktivLow
57ArgumentxxxxprädiktivLow
58Argumentxxx_xxprädiktivLow
59ArgumentxxxxxxxxprädiktivMedium
60Argumentxxxxxxx[xxxxx]/xxxxxxx[xxxxxxxxxxx]prädiktivHigh
61Argumentxxxx_xxxxprädiktivMedium
62ArgumentxxxxxxprädiktivLow
63ArgumentxxxxxxxxxxxxprädiktivMedium
64ArgumentxxxxxxprädiktivLow
65Argumentxxxxxx_xxprädiktivMedium
66ArgumentxxxxxprädiktivLow
67ArgumentxxxxprädiktivLow
68Argumentxxxxxx_xxprädiktivMedium
69ArgumentxxxprädiktivLow
70ArgumentxxxxxxxxprädiktivMedium
71ArgumentxxxxxxxprädiktivLow
72ArgumentxxxxprädiktivLow
73Argumentxxxxx/xxxxxprädiktivMedium
74Argument_xxxxprädiktivLow
75Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>prädiktivHigh
76Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxprädiktivHigh
77Input Valuexxx=/&xxxprädiktivMedium
78Pattern() {prädiktivLow
79Network Portxxx/xxxx (xxx)prädiktivHigh
80Network Portxxx/xxxxprädiktivMedium

Referenzen (6)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!