TEMP.Heretic Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (43)

Zeitverlauf

Sprache

en26
ru10
zh6
ar2

Land

us26
ru8
cn8
gb2

Akteure

TEMP.Heretic3
RecordBreaker2
FIN72
IcedID2
Cobalt Strike2

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined14
Content Management System6
Programming Language Software4
Router Operating System4
WordPress Plugin2

Hersteller

Not Defined16
Apache6
Microstrategy2
Adobe2
Zoho ManageEngine2

Produkt

Microstrategy Web2
FusionPBX2
Apache Syncope EndUser2
Apache Flume2
Adobe ColdFusion2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1jforum User erweiterte Rechte5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00289CVE-2019-7550
2TuziCMS BannerController.class.php SQL Injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00172CVE-2022-23882
3FusionPBX fax_send.php erweiterte Rechte7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00121CVE-2022-35153
4WordPress WP_Query SQL Injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.93536CVE-2022-21661
5Apple macOS Shortcuts erweiterte Rechte4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00054CVE-2023-23522
6Adobe ColdFusion erweiterte Rechte8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.96357CVE-2023-26360
7CloudPanel 2 File Manager schwache Authentisierung8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.50914CVE-2023-35885
8Chamilo LMS wsConvertPpt erweiterte Rechte7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.020.93541CVE-2023-34960
9PHP File Upload form-data Remote Code Execution8.87.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.93753CVE-2005-3390
10VMware vCenter Server/Cloud Foundation DCERPC Protocol Remote Code Execution8.78.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00110CVE-2023-20892
11Huawei E5186 4G LTE Router DNS Query Packet erweiterte Rechte7.06.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00325CVE-2015-8265
12PaperCut MF/NG libsmb2 erweiterte Rechte9.89.7$0-$5k$0-$5kNot DefinedOfficial Fix0.040.97204CVE-2023-27350
13PHP mysqli_real_escape_string Pufferüberlauf8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00932CVE-2017-9120
14Juniper Web Device Manager Authentication schwache Authentisierung9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000.00000
15WordPress Pingback erweiterte Rechte5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00120CVE-2022-3590
16FusionPBX login.php Cross Site Scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00147CVE-2021-37524
17Object First Management Protocol erweiterte Rechte8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00174CVE-2022-44794
18MODX Revolution erweiterte Rechte4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.040.01346CVE-2022-26149
19Apache Flume JMS Source erweiterte Rechte8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00264CVE-2022-34916
20Apache log4j JNDI LDAP Server Lookup Log4Shell/LogJam erweiterte Rechte8.68.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.97562CVE-2021-44228

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • EmailThief

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
1108.160.133.32108.160.133.32.vultr.comTEMP.HereticEmailThief05.02.2022verifiziertMedium
2XXX.XX.XX.XXXXxxx.xxxxxxxXxxxxxxxxx05.02.2022verifiziertHigh
3XXX.XXX.XXX.XXXXxxx.xxxxxxxXxxxxxxxxx05.02.2022verifiziertHigh
4XXX.XXX.XXX.XXXXxxx.xxxxxxxXxxxxxxxxx05.02.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CWE-94Argument InjectionprädiktivHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
10TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
12TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxprädiktivHigh
13TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/fax/fax_send.phpprädiktivHigh
2File/tmp/csman/0prädiktivMedium
3File/WebMstr7/servlet/mstrWebprädiktivHigh
4Filexxx/xxxxxx.xxxprädiktivHigh
5Filex_xxxxxxxx_xxxxxprädiktivHigh
6Filexxxxxxxxxxxx.xxxprädiktivHigh
7Filexxxxxxxxx/xxxx-xxxxprädiktivHigh
8Filexxxxxxxxxx.xxxprädiktivHigh
9Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxprädiktivHigh
10Filexxxxxxxxx/xxxxx.xxxprädiktivHigh
11File\xxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxxx.xxxprädiktivHigh
12ArgumentxxxxxxxxprädiktivMedium
13Argumentx_xxxxxxxxprädiktivMedium
14ArgumentxxxxprädiktivLow
15ArgumentxxxxxxxprädiktivLow
16ArgumentxxxxxxxxxxxxxxprädiktivHigh
17ArgumentxxxprädiktivLow
18Input Value../..prädiktivLow

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!