Squirrelwaffle Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (316)

Zeitverlauf

Sprache

en248
es60
fr6
de2

Land

us204
es58
br22
mx6
fr4

Akteure

Qakbot6
Squirrelwaffle5
QBot2
Meterpreter1
Razy1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined106
Web Server20
Content Management System16
Operating System16
Application Server Software12

Hersteller

Not Defined82
Microsoft20
Apache18
IBM6
Oracle6

Produkt

Apache HTTP Server10
OpenSSH8
Microsoft Windows8
Apache Tomcat6
Mozilla Firefox4

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2OpenSSH Authentication Username Information Disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
3Microsoft Windows IGMP Header erweiterte Rechte7.56.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.00425CVE-1999-0918
4Microsoft IIS Cross Site Scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
5Microsoft Office Excel Pufferüberlauf7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.08322CVE-2018-8574
6nginx erweiterte Rechte6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.270.00241CVE-2020-12440
7Apple macOS Kernel Coldtro Pufferüberlauf7.87.6$5k-$25k$0-$5kHighOfficial Fix0.000.00149CVE-2022-32894
8Dahua DHI-HCVR7216A-S3 DVR Protocol schwache Verschlüsselung6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00159CVE-2017-6432
9Joomla CMS User Registration erweiterte Rechte7.77.5$5k-$25k$0-$5kHighOfficial Fix0.000.91424CVE-2016-8870
10Moment.js Directory Traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00330CVE-2022-24785
11ASRock RGB Driver AsrDrv103.sys unbekannte Schwachstelle5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00044CVE-2020-15368
12IBM AIX erweiterte Rechte7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00044CVE-2017-1692
13SourceCodester Library Management System index.php SQL Injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00114CVE-2022-2492
14Apache HTTP Server mod_reqtimeout Denial of Service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.01696CVE-2007-6750
15Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k und mehr$5k-$25kUnprovenOfficial Fix0.000.00121CVE-2022-21857
16Discourse Messaging Bus Directory Traversal3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00071CVE-2021-43840
17Microsoft Windows MS-EFSRPC EfsRpcOpenFileRaw PetitPotam erweiterte Rechte7.36.7$25k-$100k$0-$5kProof-of-ConceptWorkaround0.020.00000
18WordPress class-wp-object-cache.php stats Cross Site Scripting4.94.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00877CVE-2020-11029
19DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.990.00943CVE-2010-0966
20Grandstream GXP16xx VoIP SSH Configuration Interface erweiterte Rechte9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00270CVE-2018-17565

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • ProxyShell/ProxyLogon

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
123.111.163.24223-111-163-242.static.hvvc.usSquirrelwaffleProxyShell/ProxyLogon22.02.2022verifiziertHigh
224.55.112.61dynamic.libertypr.netSquirrelwaffle12.06.2022verifiziertHigh
324.229.150.5424.229.150.54.cmts-static.sm.ptd.netSquirrelwaffleProxyShell/ProxyLogon22.02.2022verifiziertHigh
445.46.53.140cpe-45-46-53-140.maine.res.rr.comSquirrelwaffle12.06.2022verifiziertHigh
547.22.148.6ool-2f169406.static.optonline.netSquirrelwaffle12.06.2022verifiziertHigh
6XX.XX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
7XX.XXX.XXX.XXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
8XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx22.02.2022verifiziertHigh
9XX.XX.XX.XXxxx-xx-xx-xx-xx.xx.xxx.xx.xxxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
10XX.XXX.XXX.XXx-xx-xxx-xxx-xx.xxxx.xx.xxxxxxx.xxxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
11XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxx.xx.xxxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
12XX.XX.XXX.XXXx-xx-xx-xxx-xxx.xxxx.xx.xxxxxxx.xxxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
13XX.XXX.XXX.XXXxxxxxxxxxxx-xxx-x-xx-xxx.xxx-xxx.xxx.xxxxxxx.xxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
14XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxxxx.xxxxxx.xxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
15XX.XX.XX.XXXxxx.xxxxxx-xx-xx.xxxxxxx.xxxxxx.xxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
16XXX.XXX.XXX.XXXxxxxxxxxxxxxx12.06.2022verifiziertHigh
17XXX.XXX.XXX.XXxxxxx-xxxx.xxxxxxxxx.xxx.xxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx22.02.2022verifiziertHigh
18XXX.XXX.XXX.XXxxx.xxxxxx.xxxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx22.02.2022verifiziertHigh
19XXX.XX.XXX.XXxx.xxx.xx.xxx.xxx.xxx.xxxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
20XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxx.xxx.xxxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
21XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxx.xxxxx.xxxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
22XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxx.xxx.xxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
23XXX.XXX.XX.XXxxx-xxx-xx-xx.xxx.xxxxxxxx.xxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
24XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxxxxxxx-xxxxxxxx.xxx.xxXxxxxxxxxxxxxx12.06.2022verifiziertHigh
25XXX.XXX.XXX.XXXxxxxxxxxxxxxx22.02.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-21, CWE-22, CWE-23Path TraversalprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CWE-94Argument InjectionprädiktivHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
8TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxprädiktivHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
10TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
12TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxprädiktivHigh
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxprädiktivHigh
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
16TXXXX.XXXCWE-XXXxxxxxxxxxxxxprädiktivHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (134)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File.procmailrcprädiktivMedium
2File/cgi-bin/ExportALLSettings.shprädiktivHigh
3File/cgi-bin/ExportAllSettings.shprädiktivHigh
4File/config/getuserprädiktivHigh
5File/etc/passwdprädiktivMedium
6File/include/chart_generator.phpprädiktivHigh
7File/index.phpprädiktivMedium
8File/product_list.phpprädiktivHigh
9File/qsr_server/device/rebootprädiktivHigh
10File/resource/file/api/save?auto=1prädiktivHigh
11File/snmpGetprädiktivMedium
12File/tmpprädiktivLow
13File/uncpath/prädiktivMedium
14File/wp-admin/admin-ajax.phpprädiktivHigh
15Fileadministrator/components/com_media/helpers/media.phpprädiktivHigh
16Fileadm_program/modules/dates/dates_function.phpprädiktivHigh
17Filexxxx/xxxxxxxx.xxxprädiktivHigh
18Filexxxxxxxxx/xxxxxxxxxxxxxprädiktivHigh
19Filexxxx-xxxx.xprädiktivMedium
20Filexxxx.xxxprädiktivMedium
21Filexxxxx/xxx.xprädiktivMedium
22Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxxxxxxx\xxxxxx.xxxprädiktivHigh
23Filexxxxx-xx-xxxxxx-xxxxx.xxxprädiktivHigh
24Filexxxxxxx.xxxprädiktivMedium
25Filexxxxxxx_xx.xxxprädiktivHigh
26Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
27Filexxxx/xxxxxxxxxx/xxxxxxx/xxxxxxx.xxxxprädiktivHigh
28Filexxxxxxx.xxxprädiktivMedium
29Filexxxxxxx/xxx/xxxxx/xxxxxxxxxxxxprädiktivHigh
30Filexxxx.xxxprädiktivMedium
31Filexxxxxxxx.xxxprädiktivMedium
32Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxprädiktivHigh
33Filexxxxxxx.xxxprädiktivMedium
34Filexxxxxxxx/xxxx/xxxx.xxprädiktivHigh
35Filexxxx-xxxx.xxprädiktivMedium
36Filexxxxxx.xxxprädiktivMedium
37Filexxx/xxxxxx.xxxprädiktivHigh
38Filexxxxxxx.xxxprädiktivMedium
39Filexxxxxxxx/xxxxxxx/xxxxxxxx_xxxx.xxxprädiktivHigh
40Filexxxxx.xxxprädiktivMedium
41Filexxxxx.xxxprädiktivMedium
42Filexxxxxxx.xxxprädiktivMedium
43Filexxx.x/xxxxxx.xprädiktivHigh
44Filexxxxxxxxx/xxxxxx.xxx.xxxprädiktivHigh
45Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxx.xxxxx.xxxprädiktivHigh
46Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xprädiktivHigh
47Filexxxxxxx/xxxx_xxx_xxxxx.xxxprädiktivHigh
48Filexxxxx.xxxxprädiktivMedium
49Filexxx.xxxprädiktivLow
50Filexxxxxxxx_xxxxxx.xxxprädiktivHigh
51Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxprädiktivHigh
52Filexxxxx_xxxxxx_xxx.xxxprädiktivHigh
53Filexxxxx.xxxprädiktivMedium
54Filexxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxxprädiktivHigh
55Filexxxxxxxxxxxxxxxx.xxprädiktivHigh
56Filexxxxxxx.xxxprädiktivMedium
57Filexxxxx.xxxxprädiktivMedium
58Filexxx-xxxx.xprädiktivMedium
59Filexxxxxxxxx.xxxprädiktivHigh
60Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxprädiktivHigh
61Filexxxx-xxxxxxxx.xxxprädiktivHigh
62Filexxxxx-xx-xxxxxx="xxxxxxxxx"/prädiktivHigh
63Filexxxx_xxxxxxxx.xxxprädiktivHigh
64Filexxxx/xxxxxxxx/xxxxxxxx.xxxxprädiktivHigh
65Filexx/xxxxxx/xxxxxprädiktivHigh
66Filexxxxxxxx.xxxprädiktivMedium
67Filexxxxxx.xxxprädiktivMedium
68Filexxxxxxxxxx.xxxprädiktivHigh
69Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxx_xxxxxx_xxxxxxprädiktivHigh
70Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxprädiktivHigh
71File\xxxxxxx\xxxxxxxxx\xxxxxxxxxxxxxxxxxxprädiktivHigh
72File~/xxxxx.xxxprädiktivMedium
73Libraryxx/xxx/xxxx_xxxxxx.xxxprädiktivHigh
74Libraryxxxxxxxxx.xxxprädiktivHigh
75Libraryxxxxxxxxxxxxx.xxxprädiktivHigh
76Libraryxxxxxx.xxxprädiktivMedium
77Libraryxxxxxxxx.xxxprädiktivMedium
78Libraryxxxxxxxxx.xxxprädiktivHigh
79Libraryxxxxxxxxxxxxxxxxx.xxxprädiktivHigh
80Argument--xxxxxxxprädiktivMedium
81Argument-xprädiktivLow
82Argumentx@xxxxprädiktivLow
83Argumentxxxxxxxx_xxxxprädiktivHigh
84ArgumentxxxxxprädiktivLow
85ArgumentxxxxxxxxprädiktivMedium
86ArgumentxxxxxxxxxxprädiktivMedium
87ArgumentxxxprädiktivLow
88Argumentxxx_xxx_xxprädiktivMedium
89ArgumentxxxxxxxxxxxxxxxprädiktivHigh
90ArgumentxxxprädiktivLow
91ArgumentxxxxprädiktivLow
92Argumentxxxx_xxxxprädiktivMedium
93ArgumentxxxxxprädiktivLow
94Argumentxxxx_xxxxxxxprädiktivMedium
95ArgumentxxprädiktivLow
96ArgumentxxxxxxxxxxxprädiktivMedium
97Argumentxxx_xxxprädiktivLow
98Argumentxxxxxxx_xxxprädiktivMedium
99ArgumentxxprädiktivLow
100ArgumentxxxxprädiktivLow
101ArgumentxxxxprädiktivLow
102ArgumentxxxxxxxxprädiktivMedium
103ArgumentxxxxxxxxprädiktivMedium
104Argumentxxxx[xxxxxxx]prädiktivHigh
105ArgumentxxxxxxxprädiktivLow
106ArgumentxxxxxxprädiktivLow
107ArgumentxxxxxprädiktivLow
108Argumentxx_xxxxprädiktivLow
109ArgumentxxxxxxxprädiktivLow
110Argumentxxxxx_xxxxxxprädiktivMedium
111ArgumentxxxxxxxxprädiktivMedium
112ArgumentxxxxxxxxxxprädiktivMedium
113ArgumentxxxxxxprädiktivLow
114Argumentxxxx_xxxprädiktivMedium
115ArgumentxxxxxxprädiktivLow
116Argumentxxxxxxx_xxprädiktivMedium
117Argumentxxxxx/xxxxxprädiktivMedium
118ArgumentxxxprädiktivLow
119ArgumentxxxxxxprädiktivLow
120ArgumentxxxxxxxxprädiktivMedium
121Argumentxxxxxxxx/xxxxprädiktivHigh
122Argumentxxxxxxxx:xxxxxxxxprädiktivHigh
123Argument_xxx_xxxxxxxxxxx_prädiktivHigh
124Input Value..%xxprädiktivLow
125Input Valuex</xx><xxxxxx>xxxxx(x)</xxxxxx>prädiktivHigh
126Input Value::$xxxxx_xxxxxxxxxxprädiktivHigh
127Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxprädiktivHigh
128Input ValuexxxxxxxxprädiktivMedium
129Input Valuexxxxxxxxx:xxxxxxxxprädiktivHigh
130Input Valuexxx.xxx[xxxxx]prädiktivHigh
131Network PortxxxprädiktivLow
132Network Portxxx/xx (xxx)prädiktivMedium
133Network Portxxx/xxxx (xxx)prädiktivHigh
134Network Portxxx xxxxxx xxxxprädiktivHigh

Referenzen (4)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!