Strider Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Sprache

en	46
it	4
de	2

Land

us	16
it	12
cn	2
fr	2
de	2

Akteure

Sauron	5
Strider	3
Mirai	1

Interesse

Typ

Not Defined	10
Hardware Driver Software	4
Content Management System	4
Backup Software	2
Database Software	2

Hersteller

Not Defined	8
IBM	6
NVIDIA	4
KMS Controls	2
Coppermine	2

Produkt

NVIDIA Windows GPU Display Driver	4
KMS Controls BAC-A1616BC BACnet	2
IBM Spectrum Protect Plus	2
IBM DB2	2
IBM DB2 Connect Server	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Van Ons WP GDPR Compliance Plugin $wpdb->prepare erweiterte Rechte	8.5	8.2	$0-$5k	Wird berechnet	High	Official Fix	0.00	0.97286	CVE-2018-19207
2	IBM Cognos Controller Web UI Cross Site Scripting	4.8	4.8	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00	0.00050	CVE-2019-4136
3	lshell erweiterte Rechte	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00348	CVE-2016-6902
4	lshell erweiterte Rechte	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00352	CVE-2016-6903
5	OpenBSD OpenSSH PKCS 11 erweiterte Rechte	7.4	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.02999	CVE-2023-38408
6	Linux Kernel dr_domain.c dr_domain_init_resources erweiterte Rechte	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00043	CVE-2023-23006
7	PHPStore Wholesales track.php SQL Injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.03	0.00366	CVE-2008-5493
8	cpCommerce document.php SQL Injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.02	0.00064	CVE-2009-1345
9	e107 CMS secure_img_render.php erweiterte Rechte	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.03019	CVE-2004-2041
10	PHPOutsourcing IdeaBox include.php erweiterte Rechte	7.3	6.4	$0-$5k	$0-$5k	Unproven	Unavailable	0.05	0.17410	CVE-2008-5199
11	socialMPN article.php SQL Injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00129	CVE-2005-2031
12	Coppermine Photo Gallery init.inc.php erweiterte Rechte	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.09075	CVE-2004-1988
13	Pmachine lib.inc.php erweiterte Rechte	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.02869	CVE-2003-1086
14	Bitrix24 Web Application Firewall Cross Site Scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.07	0.00113	CVE-2020-13483
15	PrestaShop Authentication schwache Authentisierung	8.5	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00231	CVE-2020-4074
16	Trojan-Spy.Win32.WebCenter.a Service Port 80 web.exe Information Disclosure	5.3	4.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00	0.00000
17	Oracle Argus Safety Letters Information Disclosure	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00054	CVE-2021-2110
18	VMware ESXi/Workstation/Fusion XHCI USB Controller Information Disclosure	4.4	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00060	CVE-2020-3965
19	NVIDIA Windows GPU Display Driver DirectX 11 User Mode Driver x.dll Information Disclosure	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00044	CVE-2020-5965
20	Apple iOS/iPadOS WebRTC Pufferüberlauf	6.0	5.8	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00042	CVE-2019-2050

Kampagnen (1)

These are the campaigns that can be associated with the actor:

ProjectSauron

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	37.252.125.88		Strider	ProjectSauron	20.12.2020	verifiziert	High
2	54.209.129.218	ec2-54-209-129-218.compute-1.amazonaws.com	Strider	ProjectSauron	20.12.2020	verifiziert	Medium
3	66.228.52.133	li294-133.members.linode.com	Strider	ProjectSauron	20.12.2020	verifiziert	High
4	XX.X.XXX.XXX	xxxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verifiziert	High
5	XX.XXX.XX.XXX		Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verifiziert	High
6	XXX.XXX.XX.XX		Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verifiziert	High
7	XXX.X.XXX.XXX	xxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verifiziert	High
8	XXX.XX.XX.XXX	xxxxxxx-xx-xx-xxx.xxxxxx.xxxxxxx.xx	Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verifiziert	High
9	XXX.XXX.XX.XX	xxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verifiziert	High
10	XXX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verifiziert	High
11	XXX.XXX.XXX.XXX	xxxxxxxxxxxxx.xxxxxxxxxx.xxxx	Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verifiziert	High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-425	Path Traversal	prädiktiv	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	T1059	CWE-94	Argument Injection	prädiktiv	High
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
10	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	prädiktiv	High
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
12	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	.procmailrc	prädiktiv	Medium
2	File	article.php	prädiktiv	Medium
3	File	BC_Logon.swf	prädiktiv	Medium
4	File	C:\Windows\SysWOW64\webcenter\web.exe	prädiktiv	High
5	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/	prädiktiv	High
6	File	xxxxxxxx.xxx	prädiktiv	Medium
7	File	xxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxxx/xxxx/xxxxxxxx/xx_xxxxxx.x	prädiktiv	High
8	File	xxxxxxx.xxx	prädiktiv	Medium
9	File	xxxxx.xxx	prädiktiv	Medium
10	File	xxxx.xxx.xxx	prädiktiv	Medium
11	File	xxxxxxx/xxxx.x	prädiktiv	High
12	File	xxxxxxx/xxxxxxx/xxx_xxxxxxx.x	prädiktiv	High
13	File	xxxxxx_xxx_xxxxxx.xxx	prädiktiv	High
14	File	xxxxx.xxx	prädiktiv	Medium
15	File	xx-xxxxxxxx/xxxxxxxxx.xxx	prädiktiv	High
16	Library	x:\xxxxxxx\xxxxxxxx\xxxxxxxxxxx\xxxxxxxxxxxxxx\xxxxxxxx.xxx_xxxxx_xxxxxxxxxxxxxxxx\xxxxx\xxxxxxxxxxx.xxx	prädiktiv	High
17	Library	xxx/xxxx/xxxxxxxxxxxxxxxxxxx.xxxxx.xxx	prädiktiv	High
18	Library	xxxxxxxx/x.xxx	prädiktiv	High
19	Library	xx/xxx.xxx.xxx	prädiktiv	High
20	Argument	xxxxxxxx_xxxx	prädiktiv	High
21	Argument	xxx_x_xxx	prädiktiv	Medium
22	Argument	xxxxxx_xxxxx_xxx	prädiktiv	High
23	Argument	xxxxxxxx	prädiktiv	Medium
24	Argument	xx	prädiktiv	Low
25	Argument	xx_xxxxxxxx	prädiktiv	Medium
26	Argument	xxxxx[xxxxx][xx]	prädiktiv	High
27	Argument	xxxx_xxx_xxxx_xxxx	prädiktiv	High
28	Argument	xx_xxxx	prädiktiv	Low
29	Argument	xxx	prädiktiv	Low
30	Input Value	xxxxxxx	prädiktiv	Low

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you need the next level of professionalism?

Upgrade your account now!