TunnelVision Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Sprache

en	42
pl	2
fr	2

Land

us	32
mx	10
gb	2
br	2

Akteure

TunnelVision	5
Mint Sandstorm	2

Interesse

Typ

Not Defined	10
Content Management System	4
Groupware Software	4
E-Commerce Management Software	2
Firewall Software	2

Hersteller

Not Defined	12
Microsoft	6
YITH	2
Umbraco	2
FtrainSoft	2

Produkt

YITH WooCommerce Gift Cards Premium Plugin	2
Umbraco CMS	2
FtrainSoft Fast Click	2
F5 BIG-IP	2
Cacti	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	Wird berechnet	High	Workaround	0.02016	0.02	CVE-2007-1192
2	SAP NetWeaver MigrationService erweiterte Rechte	9.2	9.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00077	0.00	CVE-2021-21481
3	WordPress Cross Site Scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00364	0.02	CVE-2022-21662
4	WordPress WP_Query SQL Injection	6.3	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.93536	0.05	CVE-2022-21661
5	Microsoft Windows RDP erweiterte Rechte	8.8	7.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00121	0.00	CVE-2021-1669
6	DZCP deV!L`z Clanportal config.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.85	CVE-2010-0966
7	SourceCodester Petrol Pump Management Software service_crud.php erweiterte Rechte	4.7	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00045	0.00	CVE-2024-2059
8	Cacti Request Parameter remote_agent.php erweiterte Rechte	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96528	0.00	CVE-2022-46169
9	All in One SEO Plugin REST API Endpoint erweiterte Rechte	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02407	0.00	CVE-2021-25036
10	YITH WooCommerce Gift Cards Premium Plugin Shopping Cart php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.17866	0.00	CVE-2021-3120
11	WordPress wp-publications Plugin Archive bibtexbrowser.php Directory Traversal	7.8	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00529	0.03	CVE-2021-38360
12	WP Import Export Plugin class-wpie-general.php wpie_process_file_download erweiterte Rechte	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00161	0.00	CVE-2022-0236
13	Cisco Small Business RV345 Pufferüberlauf	9.9	9.7	$5k-$25k	$5k-$25k	High	Official Fix	0.96250	0.05	CVE-2022-20699
14	WordPress Object erweiterte Rechte	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00432	0.04	CVE-2022-21663
15	Oracle GlassFish Open Source Edition Demo Feature schwache Authentisierung	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00187	0.03	CVE-2018-14324
16	Microsoft Exchange Server Privilege Escalation	8.8	8.3	$25k-$100k	$0-$5k	High	Official Fix	0.96537	0.04	CVE-2021-42321
17	F5 BIG-IP TMUI Privilege Escalation	8.8	8.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00159	0.00	CVE-2021-22988
18	Microsoft SharePoint Server Privilege Escalation	8.8	7.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.28292	0.00	CVE-2021-31181
19	Umbraco CMS Installation Directory Traversal	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00371	0.06	CVE-2020-5811
20	Dnsmasq helper.c create_helper Information Disclosure	3.7	3.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00347	0.00	CVE-2019-14834

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	51.89.135.142	ip142.ip-51-89-135.eu	TunnelVision	25.02.2022	verifiziert	High
2	51.89.169.198	ip198.ip-51-89-169.eu	TunnelVision	25.02.2022	verifiziert	High
3	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xx	Xxxxxxxxxxxx	25.02.2022	verifiziert	High
4	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xx	Xxxxxxxxxxxx	25.02.2022	verifiziert	High
5	XXX.XX.XXX.XX	xxxx.xx-xxx-xx-xxx.xxx	Xxxxxxxxxxxx	25.02.2022	verifiziert	High
6	XXX.XX.XXX.XX	xxxx.xx-xxx-xx-xxx.xxx	Xxxxxxxxxxxx	25.02.2022	verifiziert	High
7	XXX.XX.XXX.X		Xxxxxxxxxxxx	25.02.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klassifizierung	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CAPEC-126	CWE-22	Path Traversal	prädiktiv	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	prädiktiv	High
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
8	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	prädiktiv	High
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/admin/app/service_crud.php	prädiktiv	High
2	File	/cgi-bin/user/Config.cgi	prädiktiv	High
3	File	/etc/sudoers	prädiktiv	Medium
4	File	/src/helper.c	prädiktiv	High
5	File	xxxxx.xxx/xxxx/xxx/xxxxx/	prädiktiv	High
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
7	File	xxxxxx.xxx	prädiktiv	Medium
8	File	xxx/xxxxxx.xxx	prädiktiv	High
9	File	xxxxx_xxx.xxx	prädiktiv	High
10	File	xxx	prädiktiv	Low
11	File	xxxx.xxx	prädiktiv	Medium
12	File	xxxxxxxxx.xxx	prädiktiv	High
13	File	xxxxxx_xxxxx.xxx	prädiktiv	High
14	File	xxxx.xxx	prädiktiv	Medium
15	File	xxxxxx/xxxxx.xxx/xxxx/xxxx	prädiktiv	High
16	File	xxxxxxxxx.xxx	prädiktiv	High
17	File	xxxxxx/xxxxx/xxxx_xxx.xxx	prädiktiv	High
18	File	~/xxxxxxxxxxxxx.xxx	prädiktiv	High
19	File	~/xxxxxxxx/xxxxxxx/xxxxx-xxxx-xxxxxxx.xxx	prädiktiv	High
20	Argument	xxxxxxxx	prädiktiv	Medium
21	Argument	xxx	prädiktiv	Low
22	Argument	xxxx/xxxxxxx	prädiktiv	Medium
23	Argument	xxxx_xx	prädiktiv	Low
24	Argument	xxxxxxxx	prädiktiv	Medium
25	Argument	xxxx	prädiktiv	Low
26	Argument	xxxxx	prädiktiv	Low
27	Argument	xxxxxxx	prädiktiv	Low
28	Argument	x_xxxx	prädiktiv	Low
29	Argument	xxxxx_xx	prädiktiv	Medium
30	Argument	xxxxxxxx	prädiktiv	Medium
31	Input Value	xxxxxx=xxx&xxxxxxxx=xxxxxxx.*	prädiktiv	High
32	Input Value	xxxxx	prädiktiv	Low
33	Input Value	xxxxxxxxx xxxxx	prädiktiv	High

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!