Specter Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

Sprache

en	82
fr	2
zh	2

Land

us	46
tr	10
cn	6
ru	6
fr	4

Akteure

Specter	3
Liberty Front Press	2
TrickBot	1
Moses Staff	1

Interesse

Typ

Not Defined	22
Operating System	12
Content Management System	8
Programming Language Software	6
Web Server	6

Hersteller

Not Defined	36
Microsoft	6
Apache	6
Linux	4
Google	4

Produkt

Microsoft Windows	4
Python	4
WordPress	4
Linux Kernel	4
FreeBSD	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Microsoft Windows cmd.exe erweiterte Rechte	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00000
2	OpenNetAdmin erweiterte Rechte	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00857	CVE-2019-25065
3	Fortinet FortiMail Webmail Login Reflected Cross Site Scripting	5.2	5.2	$0-$5k	Wird berechnet	Not Defined	Not Defined	0.00	0.00223	CVE-2017-7732
4	Drupal Session Data Remote Code Execution	8.1	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.04178	CVE-2016-3171
5	Drupal User Module user_save erweiterte Rechte	8.1	7.7	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.03	0.00472	CVE-2016-3169
6	Joomla CMS LDAP Authentication schwache Authentisierung	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00	0.00999	CVE-2014-6632
7	Redis redis-cli Pufferüberlauf	7.1	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00584	CVE-2018-12326
8	Gwolle Guestbook Plugin ajaxresponse.php erweiterte Rechte	7.2	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.84560	CVE-2015-8351
9	OpenSSH Authentication Username Information Disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.00	0.10737	CVE-2016-6210
10	Apache Tomcat Client Connection Race Condition	3.1	3.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00288	CVE-2021-43980
11	Synacor Zimbra Collaboration autoSaveDraft Cross Site Scripting	6.2	6.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.30586	CVE-2023-34192
12	DD-WRT Web Interface Cross Site Request Forgery	7.5	6.9	$0-$5k	$0-$5k	Unproven	Not Defined	0.04	0.00312	CVE-2012-6297
13	PuTTY Help File erweiterte Rechte	6.5	6.3	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00042	CVE-2019-9896
14	woocommerce-catalog-enquiry Plugin erweiterte Rechte	7.4	7.2	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00073	CVE-2017-18592
15	W3 Super Cache Plugin Incomplete Fix CVE-2013-2009 erweiterte Rechte	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.01765	CVE-2013-2011
16	SOGo Blacklist Filter erweiterte Rechte	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00240	CVE-2016-6189
17	Microsoft Windows Group Policy erweiterte Rechte	7.5	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00123	CVE-2020-1317
18	Cogentdatahub Cogent DataHub GetPermissions.asp erweiterte Rechte	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.02	0.32994	CVE-2014-3789
19	Web2py Information Disclosure	6.4	6.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01	0.00626	CVE-2016-4806
20	Web2py Password erweiterte Rechte	7.7	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00826	CVE-2016-10321

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	45.141.70.5		Specter	11.02.2022	verifiziert	High
2	47.252.19.25		Specter	08.03.2023	verifiziert	High
3	XX.XXX.XXX.XXX	xxxxx.xxxxxxx.xxx	Xxxxxxx	11.02.2022	verifiziert	High
4	XXX.XX.X.XX	xxxxx.xxxxxxx.xxx	Xxxxxxx	11.02.2022	verifiziert	High
5	XXX.XXX.XXX.XXX	xxxxx.xxxxxxx.xxx	Xxxxxxx	11.02.2022	verifiziert	High
6	XXX.XXX.XXX.XXX	xxxxx.xxxxxxx.xxx	Xxxxxxx	11.02.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1059	CWE-94	Argument Injection	prädiktiv	High
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
6	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
10	TXXXX.XXX	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxx	prädiktiv	High
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
12	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/h/autoSaveDraft	prädiktiv	High
2	File	/tmp/.pk11ipc1	prädiktiv	High
3	File	/var/log/nginx	prädiktiv	High
4	File	/webservices/api/v2.php	prädiktiv	High
5	File	adm-index.php	prädiktiv	High
6	File	base/ErrorHandler.php	prädiktiv	High
7	File	xxx.xxx	prädiktiv	Low
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
9	File	xxxxxx.xxx	prädiktiv	Medium
10	File	xxxxxxx/xxx/xx/xxxxxxxxxx.x	prädiktiv	High
11	File	xxxxxxxxx/xx/xxxxxxxxxxxx.xxx	prädiktiv	High
12	File	xxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxx	prädiktiv	High
13	File	xxxxxxxxxxxxxx.xxx	prädiktiv	High
14	File	xxx/xxxxxx.xxx	prädiktiv	High
15	File	xxxxxxxxx/xxxxxxxx.xxx	prädiktiv	High
16	File	xxxxxxxx.xx	prädiktiv	Medium
17	File	xxxxxxx.xxx	prädiktiv	Medium
18	File	xxxxxxxxxxxxxx.xxx	prädiktiv	High
19	File	xxxxxxxxxx.xxx	prädiktiv	High
20	File	xxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx.xxx	prädiktiv	High
21	File	xxxxxxx.xxx	prädiktiv	Medium
22	File	xxxxxxxxxxxxxxxx.xx	prädiktiv	High
23	File	xxx/xxxxxx.x	prädiktiv	Medium
24	File	xxxxx_xxxxx.xxx	prädiktiv	High
25	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	prädiktiv	High
26	File	xx-xxxxx/xxxx.xxx	prädiktiv	High
27	Library	xxxxxx[xxxxxx_xxxx	prädiktiv	High
28	Library	xxxxxxxxx	prädiktiv	Medium
29	Library	xxxxx.xxx	prädiktiv	Medium
30	Argument	-x	prädiktiv	Low
31	Argument	xxxxxxx	prädiktiv	Low
32	Argument	xxxxxxxx	prädiktiv	Medium
33	Argument	xxxxxx[xxxxxx_xxxx]	prädiktiv	High
34	Argument	xxxx	prädiktiv	Low
35	Argument	xxx	prädiktiv	Low
36	Argument	xx	prädiktiv	Low
37	Argument	xxxxxxxxx	prädiktiv	Medium
38	Argument	xxxxxxxxx	prädiktiv	Medium
39	Argument	xxxxx	prädiktiv	Low
40	Argument	xxxxxxxx	prädiktiv	Medium
41	Argument	xx_xxxx	prädiktiv	Low
42	Argument	xxxxxx	prädiktiv	Low
43	Argument	xxxxx	prädiktiv	Low
44	Argument	xxxx	prädiktiv	Low

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

https://bazaar.abuse.ch/sample/7b0140619c811f000bd739dbaca0ab23c5027da5a4a56ada4efa6151fde9b848/

◂ ZurückÜbersichtWeiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!