WindShift Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (83)

Sprache

en	76
pt	8

Land

us	50
ru	4
nl	2
tr	2

Akteure

Mirai	3
BitRAT	3
AsyncRAT	3
RedLine Stealer	3
Nanocore RAT	3

Interesse

Typ

Not Defined	26
Operating System	12
Web Server	10
Remote Access Software	6
E-Commerce Management Software	2

Hersteller

Not Defined	26
Microsoft	16
Apache	6
Cisco	4
Apple	4

Produkt

Microsoft Windows	10
Apache HTTP Server	4
Microsoft IIS	4
Multivendor Marketplace Solution for WooCommerce	2
phpThumb	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	EPSS	CTI	CVE
1	Cisco SD-WAN CLI Privilege Escalation	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2022-20818
2	Cisco IOS XE Self-Healing erweiterte Rechte	7.3	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00042	0.06	CVE-2022-20855
3	Apple iOS ImageIO Denial of Service	6.4	6.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03533	0.00	CVE-2016-1811
4	Acme Mini HTTPd Terminal erweiterte Rechte	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00303	0.04	CVE-2009-4490
5	Cisco SD-WAN CLI Privilege Escalation	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-20775
6	Apple iOS CommonCrypto Information Disclosure	5.4	5.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2016-1802
7	Microsoft IIS Cross Site Scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.24	CVE-2017-0055
8	Microsoft Word wwlib Remote Code Execution	8.0	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.45352	0.00	CVE-2023-21716
9	Linux Kernel TPM Device Pufferüberlauf	7.6	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-2977
10	D-Link Go-RT-AC750 gena.php erweiterte Rechte	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00121	0.03	CVE-2022-36523
11	Multivendor Marketplace Solution for WooCommerce Order Status Cross Site Request Forgery	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.00	CVE-2022-2657
12	taviso Lotus 1-2-3 Worksheet process_fmt Pufferüberlauf	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.00	CVE-2022-39843
13	image-tiler erweiterte Rechte	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00194	0.00	CVE-2020-28451
14	Apple macOS Kernel Information Disclosure	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.00	CVE-2022-32817
15	Irfan Skiljan IrfanView ShowPlugInSaveOptions_W Pufferüberlauf	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00057	0.00	CVE-2020-23561
16	Microsoft Windows Defender Credential Guard Privilege Escalation	8.3	7.3	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2022-34711
17	Microsoft Windows Kerberos Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00121	0.00	CVE-2022-30165
18	Microsoft Windows Kerberos AppContainer Privilege Escalation	8.9	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2022-30164
19	Microsoft Windows Network File System Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.88909	0.04	CVE-2022-30136
20	Vmware Workspace ONE Access schwache Authentisierung	9.8	9.1	$25k-$100k	$0-$5k	Functional	Official Fix	0.58483	0.00	CVE-2022-22972

Kampagnen (1)

These are the campaigns that can be associated with the actor:

WindShift

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	37.46.150.102		Hangover	WindShift	29.08.2021	verifiziert	High
2	45.133.1.133		Hangover	WindShift	29.08.2021	verifiziert	High
3	XXX.XXX.XX.XXX	xxx.xxxxxxxxxxx.xxx.xx	Xxxxxxxx	Xxxxxxxxx	29.08.2021	verifiziert	High
4	XXX.XXX.XX.XXX	xxxx.xx.xxxxxxxxxx.xxx	Xxxxxxxx	Xxxxxxxxx	29.08.2021	verifiziert	High
5	XXX.XX.XX.XXX	xxxx-xxxxx.xxxxxxx.xxxx	Xxxxxxxxx	Xxxxxxxxx	22.12.2020	verifiziert	High
6	XXX.XXX.XXX.XX	xxx-xxxx.xxxxx--xxxxxxx.xxx	Xxxxxxxx	Xxxxxxxxx	29.08.2021	verifiziert	High
7	XXX.XXX.XX.XXX		Xxxxxxxx	Xxxxxxxxx	29.08.2021	verifiziert	High

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klassifizierung	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1		CAPEC-10	CWE-20, CWE-59, CWE-119, CWE-120, CWE-121, CWE-125, CWE-287, CWE-352, CWE-404, CWE-416, CWE-476, CWE-693, CWE-787, CWE-862, CWE-863, CWE-918	Unknown Vulnerability	prädiktiv	High
2	T1006	CAPEC-126	CWE-22, CWE-23, CWE-25	Path Traversal	prädiktiv	High
3	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
4	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CAPEC-191	CWE-XXX, CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
9	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	prädiktiv	High
10	TXXXX	CAPEC-466	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx	prädiktiv	High
11	TXXXX.XXX	CAPEC-38	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	prädiktiv	High
12	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
13	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	.procmailrc	prädiktiv	Medium
2	File	/cgi-bin/wapopen	prädiktiv	High
3	File	/htdocs/upnpinc/gena.php	prädiktiv	High
4	File	/it-IT/splunkd/__raw/services/get_snapshot	prädiktiv	High
5	File	/xxxxxxx/xxxxx/xxxxx.xxx	prädiktiv	High
6	File	/xxxxxxx/	prädiktiv	Medium
7	File	xxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.x	prädiktiv	High
8	File	xxxx/xxxxxxxxxxxx.xxx	prädiktiv	High
9	File	xxxxxxxx.xxx	prädiktiv	Medium
10	File	xxx.xxx?xxx=xxxxx_xxxx	prädiktiv	High
11	File	xxxxxxxxxxxxxx/xxxxxxx.xxx	prädiktiv	High
12	File	xxxxxxxx.xxx	prädiktiv	Medium
13	File	xx-xxxxxxxxxxx.xxx	prädiktiv	High
14	File	~/xx-xxxxxxxx.xxx	prädiktiv	High
15	Argument	$_xxxxxx['xxx_xxxx']	prädiktiv	High
16	Argument	--xxxx=xxx	prädiktiv	Medium
17	Argument	xxxxxxxx	prädiktiv	Medium
18	Argument	xxx	prädiktiv	Low
19	Argument	xxxxxxxxxx	prädiktiv	Medium
20	Argument	xxxxxxxx	prädiktiv	Medium
21	Argument	xxxxx	prädiktiv	Low
22	Argument	xxxxxx_xx	prädiktiv	Medium
23	Argument	xxxx_xxxx	prädiktiv	Medium
24	Argument	xxx	prädiktiv	Low
25	Argument	xxx	prädiktiv	Low
26	Argument	xxxxxxxx/xxxx	prädiktiv	High
27	Input Value	../..	prädiktiv	Low

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!