South Asia Unknown Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (114)

Sprache

en	96
de	8
ja	4
ru	2
es	2

Land

us	72
ru	10
tr	4
ir	4
de	4

Akteure

Patchwork	6
Hackers-for-Hire	4
Cobalt Strike	3
Remcos	3
Meterpreter	3

Interesse

Typ

Not Defined	36
Content Management System	16
Web Server	8
Router Operating System	6
Operating System	4

Hersteller

Not Defined	42
Microsoft	6
D-Link	6
Alan Ward	4
Apache	4

Produkt

WordPress	10
Alan Ward A-CART	4
Apache HTTP Server	4
Host	2
Microsoft IIS	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Secomea GateManager erweiterte Rechte	5.9	5.7	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.02	0.00054	CVE-2022-25782
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	Alt-N MDaemon Worldclient erweiterte Rechte	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	0.00090	CVE-2021-27182
4	TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose Pufferüberlauf	7.5	7.5	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.02	0.05451	CVE-2019-6989
5	Microsoft IIS Cross Site Scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00548	CVE-2017-0055
6	GPAC mpd.c gf_mpd_parse_string Denial of Service	4.5	4.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00044	CVE-2023-48039
7	Trellix ePolicy Orchestrator URL Parameter Redirect	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00048	CVE-2023-5445
8	ethyca Fides schwache Verschlüsselung	7.9	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00088	CVE-2023-48224
9	Totolink X6000R sub_4155DC erweiterte Rechte	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00200	CVE-2023-46413
10	Oracle Siebel CRM EAI Open UI Denial of Service	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00094	CVE-2023-1370
11	D-Link DIR-820L erweiterte Rechte	7.6	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00671	CVE-2023-44809
12	Apache Airflow DAG Information Disclosure	5.0	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00059	CVE-2023-42663
13	MediaTek MT6885 Video Pufferüberlauf	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2023-32821
14	Tiki Admin Password tiki-login.php schwache Authentisierung	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	3.20	0.00936	CVE-2020-15906
15	Joomla CMS gmail.php Information Disclosure	3.3	3.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.02	0.00000
16	Joomla CMS GMail Authentication erweiterte Rechte	5.3	4.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00370	CVE-2014-7984
17	TikiWiki tiki-register.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	8.44	0.01009	CVE-2006-6168
18	PHP PHAR phar_dir_read Pufferüberlauf	8.2	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00126	CVE-2023-3824
19	Zammad Information Disclosure	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00201	CVE-2022-35490
20	Debian Linux smokeping smokeping_cgi Remote Code Execution	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.00863	CVE-2015-0859

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	23.82.19.250		South Asia Unknown	10.08.2022	verifiziert	High
2	45.89.175.206		South Asia Unknown	10.08.2022	verifiziert	High
3	45.138.172.54		South Asia Unknown	10.08.2022	verifiziert	High
4	69.175.35.98	98.35.175.69.unassigned.ord.singlehop.net	South Asia Unknown	10.08.2022	verifiziert	High
5	XX.XX.XXX.XXX	xxxx.xxxxxx.xx	Xxxxx Xxxx Xxxxxxx	01.06.2021	verifiziert	High
6	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxxxxxx-xxx	Xxxxx Xxxx Xxxxxxx	01.06.2021	verifiziert	High
7	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxxxxxx-xxx	Xxxxx Xxxx Xxxxxxx	01.06.2021	verifiziert	High
8	XXX.XXX.XX.XXX	xxxxx.xx-xxx-xxx-xx.xxx	Xxxxx Xxxx Xxxxxxx	10.08.2022	verifiziert	High
9	XXX.XX.XX.XX		Xxxxx Xxxx Xxxxxxx	10.08.2022	verifiziert	High
10	XXX.XXX.XX.XX		Xxxxx Xxxx Xxxxxxx	01.06.2021	verifiziert	High
11	XXX.XXX.XXX.XX	xxxxxxx.xxxxxxxxxx.xxx	Xxxxx Xxxx Xxxxxxx	10.08.2022	verifiziert	High
12	XXX.XX.XX.XX	xx-xx-xx.xxxxxxxx.xx	Xxxxx Xxxx Xxxxxxx	01.06.2021	verifiziert	High
13	XXX.XXX.XXX.X		Xxxxx Xxxx Xxxxxxx	01.06.2021	verifiziert	High
14	XXX.XXX.XXX.X	xxx.xxx.xxx.x.xxxxxxxxx-xxx	Xxxxx Xxxx Xxxxxxx	01.06.2021	verifiziert	High
15	XXX.XX.XX.XX	xxx.xx.xx.xx.xxxxxxxxx-xxx	Xxxxx Xxxx Xxxxxxx	01.06.2021	verifiziert	High
16	XXX.XX.XX.XXX		Xxxxx Xxxx Xxxxxxx	10.08.2022	verifiziert	High
17	XXX.XXX.XX.XX		Xxxxx Xxxx Xxxxxxx	10.08.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
5	TXXXX.XXX	CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
11	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	prädiktiv	High
12	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
13	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High
14	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	prädiktiv	High
15	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/EXCU_SHELL	prädiktiv	Medium
2	File	/my_photo_gallery/image.php	prädiktiv	High
3	File	/phppath/php	prädiktiv	Medium
4	File	/real-estate-script/search_property.php	prädiktiv	High
5	File	/reps/classes/Users.php?f=delete_agent	prädiktiv	High
6	File	/uncpath/	prädiktiv	Medium
7	File	Admin/edit-admin.php	prädiktiv	High
8	File	app/topic/action/admin/topic.php	prädiktiv	High
9	File	category.asp	prädiktiv	Medium
10	File	xxxxxxxx.xxx	prädiktiv	Medium
11	File	xxxxxxxxxx_xxxxx.xxx	prädiktiv	High
12	File	xxxxxxx/xxxx@/xxxxx/xxxxxxxxxx/xxxxxxxx.xxxx	prädiktiv	High
13	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
14	File	xxxxxxx.xxx	prädiktiv	Medium
15	File	xxxxxxx.xxxxx.xxx	prädiktiv	High
16	File	xxxxxxxxx/xxxxxxxxx.xxx	prädiktiv	High
17	File	xxxxx_xxx_xxxxx.xxx	prädiktiv	High
18	File	xxxxxxxxx.xxx	prädiktiv	High
19	File	xxxxxxx.xxx	prädiktiv	Medium
20	File	xxxxx.xxx	prädiktiv	Medium
21	File	xxxx/xxxx/xxxxxxx/xxx/xxxxxxxxxxxxxx.xxxx.xxx	prädiktiv	High
22	File	xxxx/xxxxxxx.xxx	prädiktiv	High
23	File	xxxxxxxx/xxxxx-xx-xxxxxxxxx.xxx	prädiktiv	High
24	File	xxxxx.xxx	prädiktiv	Medium
25	File	xxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx	prädiktiv	High
26	File	xxxx_xxxx.xxx	prädiktiv	High
27	File	xxxxx_xxxxx/xxx.x	prädiktiv	High
28	File	xxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxxx.x	prädiktiv	High
29	File	xxx_xxxx_xxxxx.x	prädiktiv	High
30	File	xxxxxxx.xxx	prädiktiv	Medium
31	File	xxxxxxxxxxxxx.xxx	prädiktiv	High
32	File	xxxxxxxxxxxxxx.xxx	prädiktiv	High
33	File	xxxxxxxxxx.xxx	prädiktiv	High
34	File	xxxx.xxx	prädiktiv	Medium
35	File	xxxxxxxxx.xxx	prädiktiv	High
36	File	xxxxxxxxx_xxx	prädiktiv	High
37	File	xxxx-xxxxx.xxx	prädiktiv	High
38	File	xxxx-xxxxxxxx.xxx	prädiktiv	High
39	File	xxxx_xxxxxx.xxx	prädiktiv	High
40	File	xxxxx.x	prädiktiv	Low
41	File	xxxxx/xxxxx.xx	prädiktiv	High
42	File	xxxxxxx/xxxxxx/xxxxxxxxxxx.xxx	prädiktiv	High
43	File	xx-xxxxxxxx/xxxxxxxxx.xxx	prädiktiv	High
44	Argument	xxxxxxx	prädiktiv	Low
45	Argument	xxx_xxxxx_xxxx	prädiktiv	High
46	Argument	xxxxxxx	prädiktiv	Low
47	Argument	xxx_xx	prädiktiv	Low
48	Argument	xxxx_xx	prädiktiv	Low
49	Argument	xxxxx	prädiktiv	Low
50	Argument	xx	prädiktiv	Low
51	Argument	xxx	prädiktiv	Low
52	Argument	xxxxx	prädiktiv	Low
53	Argument	xxxxxxxxx	prädiktiv	Medium
54	Argument	xxxxxxxx_xxx	prädiktiv	Medium
55	Argument	xxxxxxxx	prädiktiv	Medium
56	Argument	xxx	prädiktiv	Low
57	Argument	xxxxxxxx_xxx	prädiktiv	Medium
58	Argument	xxx_xxxx	prädiktiv	Medium
59	Argument	xxxx	prädiktiv	Low
60	Argument	xxxxxxx	prädiktiv	Low
61	Argument	xxxxxx	prädiktiv	Low
62	Argument	xxxxx_xxx	prädiktiv	Medium
63	Argument	xxxxx_xxxx	prädiktiv	Medium
64	Argument	xxxxx	prädiktiv	Low
65	Argument	xxxxxxxx	prädiktiv	Medium
66	Argument	xxxx->xxxxxxx	prädiktiv	High
67	Argument	_xxxx	prädiktiv	Low
68	Input Value	%xx	prädiktiv	Low
69	Input Value	.%xx.../.%xx.../	prädiktiv	High
70	Input Value	../	prädiktiv	Low
71	Input Value	xxx xxxxxxxx	prädiktiv	Medium
72	Input Value	x xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--	prädiktiv	High
73	Network Port	xxx/xx (xxxxxx)	prädiktiv	High

Referenzen (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Interested in the pricing of exploits?

See the underground prices here!