Sugar Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (355)

Zeitverlauf

Sprache

en352
es2
de2

Land

es22
us22
it2
ru2

Akteure

Sugar2
FIN71
Wizard Spider1
APT281
TrickBot1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined160
Operating System18
Content Management System16
Web Browser16
Smartphone Operating System14

Hersteller

Not Defined106
Apple18
Cisco14
Microsoft14
Google12

Produkt

Microsoft Windows8
Mozilla Firefox8
Google Android6
Google Chrome6
WordPress6

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2thecodingmachine Gotenberg html erweiterte Rechte5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00092CVE-2021-23345
3ALEOS API Pufferüberlauf4.13.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00114CVE-2019-11848
4VMware Tools VM3DMP Driver Denial of Service6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2021-21997
5Synology Download Station erweiterte Rechte4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00054CVE-2021-34811
6Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.000.00258CVE-2020-1927
7Cisco Jabber Denial of Service6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00107CVE-2021-1570
8Wibu CodeMeter Runtime Runtime Server Denial of Service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02268CVE-2021-20094
9LaikeTui ZIP Archive erweiterte Rechte6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00320CVE-2021-34128
10IBM Resilient SOAR schwache Verschlüsselung2.72.6$0-$5kWird berechnetNot DefinedOfficial Fix0.000.00042CVE-2021-20567
11Tianocore EDK2 Private Key IpSecDxe.efi Privilege Escalation5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00168CVE-2021-28213
12Samsung Account SettingWebView erweiterte Rechte3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2021-25403
13Samsung Smart Phone SecSettings erweiterte Rechte5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2021-25393
14Huawei Smart Phone App erweiterte Rechte5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00058CVE-2021-22334
15Chiyu BF-430/BF-431/BF-450M man.cgi Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.97079CVE-2021-31250
16Linux Kernel UDP Port Denial of Service4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2001-1400
17Huawei Smart Phone schwache Authentisierung4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00070CVE-2021-22316
18Nextcloud Server Lookup erweiterte Rechte2.72.6$0-$5kWird berechnetNot DefinedOfficial Fix0.000.00063CVE-2021-32653
19RebornCore ObjectInputStream.readObject erweiterte Rechte6.36.0$0-$5kWird berechnetNot DefinedOfficial Fix0.030.02926CVE-2021-33790
20Red Hat Ansible Tower OAuth2 Authentication schwache Authentisierung6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00044CVE-2020-10709

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
182.146.53.237docker-05.yarperspektiva.ruSugar05.02.2022verifiziertHigh
2XXX.XX.XXX.XXXXxxxx05.02.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-21, CWE-22Path TraversalprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CWE-94Argument InjectionprädiktivHigh
4T1059.007CWE-79, CWE-80, CWE-83Cross Site ScriptingprädiktivHigh
5T1068CWE-264, CWE-266, CWE-269, CWE-270, CWE-284Execution with Unnecessary PrivilegesprädiktivHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxprädiktivHigh
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
8TXXXX.XXXCWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxprädiktivHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxprädiktivHigh
12TXXXXCWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
13TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxprädiktivHigh
14TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxprädiktivHigh
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxprädiktivHigh
16TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
17TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
19TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
20TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
21TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
22TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh
23TXXXXCWE-XXXXxxxxxxxxxx XxxxxxprädiktivHigh

IOA - Indicator of Attack (110)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/$({curlprädiktivMedium
2File/+CSCOE+/logon.htmlprädiktivHigh
3File/bfd/pef.cprädiktivMedium
4File/cms/print.phpprädiktivHigh
5File/convert/htmlprädiktivHigh
6File/device/device=140/tab=wifi/viewprädiktivHigh
7File/doorgets/app/requests/user/emailingRequest.phpprädiktivHigh
8File/etc/passwdprädiktivMedium
9File/one/getpassword.phpprädiktivHigh
10File/oscommerce/admin/administrators.phpprädiktivHigh
11File/public/admin.phpprädiktivHigh
12File/restapi/v1/certificates/FFM-SSLInspectprädiktivHigh
13File/xxx/xxxxx-xxxxxxxx/xxxxx-xxxxxxx-xxxxprädiktivHigh
14File/xxx/xxxx/xxprädiktivMedium
15File/xxx/xxxx.xxxprädiktivHigh
16File/_xxxx/xxxxxxx/prädiktivHigh
17Filexxxxx/xxxxxx-xxxxxxxx.xxxprädiktivHigh
18Filexxxxxxx/xxxxxx.xxx?xx=xxxxxxxxprädiktivHigh
19Filexxxxxx.xxxprädiktivMedium
20Filexxxxxx_xxxxxxxx.xxxprädiktivHigh
21Filexxxxxxxx.xxxprädiktivMedium
22Filexxx-xxx/xxxxxxxxxprädiktivHigh
23Filexxxxx-xx-xxxxxx-xxxxx.xxxprädiktivHigh
24Filexxx.xxxxprädiktivMedium
25Filexxx.xxxprädiktivLow
26Filexxxxxxxxxx/xxxxxxxxxx-xxxxxxxx.xxxprädiktivHigh
27Filexxxx/xxxxx-xxxxxx.xxxprädiktivHigh
28Filexxxx/xxxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
29Filexxxxx_xxxxxxx.xprädiktivHigh
30Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
31Filexxx/xxxxxx/xxxxxx/xxxxxxxxxxx/xxx.xxxprädiktivHigh
32Filexxxxxxxx?xxxx=xxxxxprädiktivHigh
33Filexxxxxxxxxx.xxxprädiktivHigh
34Filexxxxxx\xxxxx.xxxxxxx_xxxxxxx.xxxprädiktivHigh
35Filexxxx-xxxxx.xprädiktivMedium
36Filexxxxxxxxxxx.xxxprädiktivHigh
37Filexxxxxxx_xxx.xprädiktivHigh
38Filexxx_xxxx.xxxprädiktivMedium
39Filexxxx/xxx_xxx_xxxxx.xprädiktivHigh
40Filexxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxx/xxxxx/xxxxx-xxxxxxx.xxxprädiktivHigh
41Filexxxxx.xxprädiktivMedium
42Filexxxxx.xxxprädiktivMedium
43Filexxxxx.xxx/xxxxx/xxxxxprädiktivHigh
44Filexxxxx.xxx?xxxxxx=xxxxxx&xxxxxx=xxxprädiktivHigh
45Filexxxxxxxx.xxxprädiktivMedium
46Filexxxx-xxxxxx-xxxxxxxxx.xxxprädiktivHigh
47Filexxxx/xxxxxxx/xxxxxxxx.xxxx.xxxprädiktivHigh
48Filexxxxx.xxxprädiktivMedium
49Filexxxxx.xxxprädiktivMedium
50Filexxx.xxxprädiktivLow
51Filexx-xxxxx/xxxx.xxxprädiktivHigh
52Filexxxxxxx_xxxxx.xxxprädiktivHigh
53Filexx/xxx.xprädiktivMedium
54Filexxx/xxx_xxxxx/xx_xxxxx.xprädiktivHigh
55Filexxxx_xxxx.xprädiktivMedium
56Filexxxxxxxxxxxxx.xxxprädiktivHigh
57Filexxxxxxx.xxxprädiktivMedium
58Filexxxxxxxxxxxxx.xprädiktivHigh
59Filexxxxxxxxxxxxx.xxxprädiktivHigh
60Filexxxxxxxxxxxxx.xxxprädiktivHigh
61Filexxxxxxxxxxxxx.xxxprädiktivHigh
62Filexxxxxx/xxxxxx.xxxprädiktivHigh
63Filexxxx_xxxxxxx_xxxxxxxx.xxxprädiktivHigh
64Filexxxx.xprädiktivLow
65Filexxxx_xxx.xxxprädiktivMedium
66Filexxxxxx.xxprädiktivMedium
67Filexxxxx_xxx_xxxxxxx.xprädiktivHigh
68Filexxxxxxxxxxxxxxxxxxxx.xxxprädiktivHigh
69Filexxxxxx.xxxprädiktivMedium
70Filexxxx/xxxxxxxxxxxxxx.xxxprädiktivHigh
71Filexxx_xxxxxx.xprädiktivMedium
72Filexx-xxxxx/xxxxx-xxxxxx.xxxprädiktivHigh
73Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxprädiktivHigh
74Libraryxxxxxxxxxx.xxxprädiktivHigh
75Argument.xxxxxprädiktivLow
76Argumentxxxxxx[xxxx]prädiktivMedium
77ArgumentxxxxxxxprädiktivLow
78Argumentxxxx_xxprädiktivLow
79Argumentxxx_xxprädiktivLow
80Argumentxxxxxx xxxxprädiktivMedium
81ArgumentxxxprädiktivLow
82Argumentxxxxxx['xxxx']prädiktivHigh
83ArgumentxxxxxxxxprädiktivMedium
84ArgumentxxxxxxprädiktivLow
85ArgumentxxxxxxprädiktivLow
86Argumentxxxx_xxxxprädiktivMedium
87ArgumentxxxxxprädiktivLow
88ArgumentxxprädiktivLow
89ArgumentxxxxxxxxxxxxxxxxprädiktivHigh
90ArgumentxxxprädiktivLow
91ArgumentxxxxprädiktivLow
92ArgumentxxxxxxxprädiktivLow
93ArgumentxxxxxxxxprädiktivMedium
94Argumentxxxx_xxprädiktivLow
95Argumentxxx_xxxxxx_xxx_xxxxxx_xxxxxxxprädiktivHigh
96Argumentxxxxxx_xxxprädiktivMedium
97ArgumentxxxprädiktivLow
98ArgumentxxxprädiktivLow
99ArgumentxxxxxxprädiktivLow
100ArgumentxxxxxxxxxprädiktivMedium
101ArgumentxxxxprädiktivLow
102ArgumentxxxxxxxxprädiktivMedium
103ArgumentxxxxprädiktivLow
104Argument_xxx_xxxxxxx_xxxxx_xxxxxxxxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxprädiktivHigh
105Input Value%x/%xprädiktivLow
106Input Value../xxxxx.xxxxprädiktivHigh
107Input ValuexxxxprädiktivLow
108Input Value===prädiktivLow
109Network PortxxxxprädiktivLow
110Network Portxxx/xxxxprädiktivMedium

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!