TA428 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (150)

Zeitverlauf

Sprache

en122
zh18
ja2
ar2
fr2

Land

us44
cn42
es2
ir2
gb2

Akteure

TA4288
TA5051
Mirai1
KingMiner1
RedLine Stealer1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined54
Content Management System12
Web Server8
Automation Software6
WordPress Plugin6

Hersteller

Not Defined60
Microsoft14
Google6
Sun4
Samsung4

Produkt

Microsoft IIS4
Samsung Tizen4
Microsoft Windows4
Redmine4
openITCOCKPIT4

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Microsoft IIS Cross Site Scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00548CVE-2017-0055
3Sir GNUboard SQL Injection6.36.3$0-$5kWird berechnetNot DefinedNot Defined0.000.00112CVE-2014-2339
4Devilz Clanportal SQL Injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000.00684CVE-2006-6339
5WordPress WP_Query class-wp-query.php SQL Injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611
6Cisco ASA WebVPN Login Page logon.html Cross Site Scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00192CVE-2014-2120
7Microsoft Windows Registry Password Information Disclosure3.73.6$25k-$100k$0-$5kNot DefinedWorkaround0.020.00000
8Brocade Fabric OS CLI Local Privilege Escalation7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00042CVE-2022-33182
9WordPress Password Reset wp-login.php mail erweiterte Rechte6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.02827CVE-2017-8295
10PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00108CVE-2022-24663
11Microsoft Windows ICMP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.02758CVE-2023-23415
12Microsoft Windows Win32k Local Privilege Escalation7.87.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.00264CVE-2023-29336
13Google WebP libwebp Pufferüberlauf7.57.4$5k-$25k$0-$5kHighOfficial Fix0.030.49095CVE-2023-4863
14RARLabs WinRAR ZIP Archive Remote Code Execution6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.060.40418CVE-2023-38831
15SourceCodester Doctors Appointment System login.php SQL Injection7.47.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00064CVE-2023-4219
16Microsoft Excel Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00113CVE-2023-33158
17Microsoft Visual Studio unbekannte Schwachstelle5.14.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00078CVE-2023-28299
18Microsoft Office Local Privilege Escalation7.06.4$0-$5k$0-$5kUnprovenOfficial Fix0.020.00411CVE-2023-33146
19Th3-822 Rapidleech zip.php zip_go Cross Site Scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00063CVE-2021-4312
20Google Chrome Blink erweiterte Rechte6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00133CVE-2022-3315

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
15.180.174.10TA42816.08.2022verifiziertHigh
245.63.27.16245.63.27.162.vultrusercontent.comTA42816.08.2022verifiziertHigh
3XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx16.02.2024verifiziertHigh
4XX.XXX.XXX.XXXXxxxx16.08.2022verifiziertHigh
5XX.XX.XXX.XXXxxx-xxxxxxxx.xxx.xxx.xxxXxxxx16.08.2022verifiziertHigh
6XX.XXX.XXX.XXxxxxxxxxxx.xxXxxxx16.02.2024verifiziertHigh
7XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx16.02.2024verifiziertHigh
8XXX.XXX.XXX.XXXxxxxxxxxx.xxxxx.xxxXxxxx16.08.2022verifiziertHigh
9XXX.XXX.XX.XXxxx-xxx-xx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxx16.02.2024verifiziertHigh
10XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx16.08.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1040CWE-319Authentication Bypass by Capture-replayprädiktivHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
4T1059CWE-94Argument InjectionprädiktivHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
10TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxprädiktivHigh
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxprädiktivHigh
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
16TXXXX.XXXCWE-XXXXxxxxxxxprädiktivHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
18TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxprädiktivHigh

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/+CSCOE+/logon.htmlprädiktivHigh
2File/api/addusersprädiktivHigh
3File/debug/pprofprädiktivMedium
4File/forum/away.phpprädiktivHigh
5File/uncpath/prädiktivMedium
6Fileadclick.phpprädiktivMedium
7Fileadmin.cgi?action=%sprädiktivHigh
8Filexxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxx.xxxprädiktivHigh
9Filexxxxx.xxxprädiktivMedium
10Filexxxxxxxx.xxxprädiktivMedium
11Filexxxxx/xxxxxxx.xxxprädiktivHigh
12Filexxxxxxx/xxxxxxx/xxx.xxxprädiktivHigh
13Filexxxxxx.xxxprädiktivMedium
14Filexxxxxxxxxxx/xxxxxx/xxx.xxxprädiktivHigh
15Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
16Filexxxxxx.xxxprädiktivMedium
17Filexxxx_xxx.xxxprädiktivMedium
18Filexxx/xxxxxx.xxxprädiktivHigh
19Filexxx/xxxxxxxxxxx/xxxxxxx.xxxprädiktivHigh
20Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxprädiktivHigh
21Filexxxxxxxxxxx/xx_xxxx.xprädiktivHigh
22Filexxx\xxxxxxx\xxxxxxxx\xxxxx.xxxxxxxxxxxxxxx.xxxprädiktivHigh
23Filexxxxx.xxxprädiktivMedium
24Filexxx_xxxxxx_xxxxxx.xxprädiktivHigh
25Filexxxxxx/xxxxxxxxxxx.xxx?xxxx=xx&x=xxxxxxxprädiktivHigh
26Filexxx/xxxxx_xxxx.xprädiktivHigh
27Filexxxxxx/xxxxxxxxxx.xxxprädiktivHigh
28Filexxxxxxxxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxx.xxxxprädiktivHigh
29Filexxxxxxxx_xxxx.xxxprädiktivHigh
30Filexxxxxxx.xxx/xxxxx.xxxprädiktivHigh
31Filexxxxxxxxxxx.xxxprädiktivHigh
32Filexxxxx.xxxprädiktivMedium
33Filexxxxxxxxxxxxxxx.xxxprädiktivHigh
34Filexxx/xxx/xxx_xxxx/xxxx.xprädiktivHigh
35Filexxx/xxxxxxx.xprädiktivHigh
36Filexxxxxxxxxx.xxxprädiktivHigh
37Filexxxxxxxxxx.xxxxprädiktivHigh
38Filexx-xxxxx-xxxxxx.xxxprädiktivHigh
39Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxprädiktivHigh
40Filexx-xxxxx.xxxprädiktivMedium
41Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxprädiktivHigh
42Libraryxxx_xxxx.xxxprädiktivMedium
43Libraryxxxxxxxxxxxxxxx.xxxprädiktivHigh
44ArgumentxxxxxxxprädiktivLow
45ArgumentxxxxxxxxprädiktivMedium
46Argumentxxxxx_xxxxprädiktivMedium
47Argumentxxxxx_xxxx/xx_xxxxx_xxxxx_xx/xx_xxxxx_xxxxx_xxxxx_xxxx_xxxx/xxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxx_xxxxxprädiktivHigh
48ArgumentxxxxxxxprädiktivLow
49ArgumentxxxxxxxxxxxxprädiktivMedium
50Argumentxxxx_xxxprädiktivMedium
51ArgumentxxxxprädiktivLow
52ArgumentxxxxprädiktivLow
53ArgumentxxprädiktivLow
54ArgumentxxxxxprädiktivLow
55Argumentxxxxxxx_xxxxprädiktivMedium
56ArgumentxxxxxxprädiktivLow
57ArgumentxxxxprädiktivLow
58ArgumentxxxxxxxxxprädiktivMedium
59Argumentxxxx->xxxxxxxprädiktivHigh
60Input Value..prädiktivLow
61Input Value/../prädiktivLow

Referenzen (4)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!