Wirte Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (241)

Zeitverlauf

Sprache

en200
fr12
de10
ja8
ru6

Land

us158
gb6
cn6
me4
ua2

Akteure

Wirte3
RedLine Stealer2
Exchange Marauder1
Miner1
Mirai_ptea1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined78
Operating System20
Content Management System12
Router Operating System6
WordPress Plugin6

Hersteller

Not Defined60
Microsoft20
Dahua10
Linux6
Apple6

Produkt

Microsoft Windows10
Dahua IPC-HDW1X2X8
Dahua IPC-HFW1X2X8
Dahua IPC-HDW2X2X8
Dahua IPC-HFW2X2X8

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DataLife Engine addnews.html Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.02CVE-2018-14777
3Dahua IP Camera erweiterte Rechte7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001010.00CVE-2017-7253
4Microsoft Windows Clipboard User Service Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.04CVE-2022-21869
5eSyndicat Directory Software suggest-listing.php Cross Site Scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.11
6nginx erweiterte Rechte6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.14CVE-2020-12440
7jforum User erweiterte Rechte5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550
8Smart Slider 3 Plugin Imported File erweiterte Rechte7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.04CVE-2022-3357
9MariaDB erweiterte Rechte6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.016620.03CVE-2021-27928
10MariaDB mysql-wsrep wsrep_sst_method erweiterte Rechte6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.008580.02CVE-2020-15180
11Yii unserialize erweiterte Rechte7.76.7$0-$5k$0-$5kNot DefinedOfficial Fix0.028220.00CVE-2020-15148
12Linux Kernel dfl-afu-region.c afu_mmio_region_get_by_offset Pufferüberlauf6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2023-26242
13AssoCIateD Postman X.509 Certificate Validation schwache Authentisierung5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.002450.03CVE-2018-17215
14WordPress Directory Traversal5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.04CVE-2023-2745
15ImageMagick erweiterte Rechte7.06.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000430.05CVE-2023-34153
16ImageMagick OpenBlob erweiterte Rechte8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.003860.03CVE-2023-34152
17Reolink RLC-410W Firmware Update Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.001490.03CVE-2021-40419
18Dahua IPC-HDBW2XXX/IPC-HFW2XXX/ASI7XXXX ONVIF schwache Authentisierung7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001350.01CVE-2022-30563
19Dahua DH-IPC-Hxxxxxxxxx Authentication schwache Authentisierung7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.031480.00CVE-2017-7927
20Dahua IPC-HDW1X2X IP Address Information Disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.02CVE-2019-9680

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • Middle East

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
145.129.96.174free.gmhost.hostingWirteMiddle East22.03.2022verifiziertHigh
245.129.97.207WirteMiddle East22.03.2022verifiziertHigh
3XX.XXX.X.XXxxxx.xxxxxx.xxxXxxxxXxxxxx Xxxx22.03.2022verifiziertHigh
4XX.XXX.XX.XXXxxxxXxxxxx Xxxx22.03.2022verifiziertHigh
5XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxxxx21.12.2020verifiziertMedium
6XXX.XX.XX.XXXxxxxxx-xxx-xxxxxxxxxx.xxxxxx.xx.xxXxxxx21.12.2020verifiziertHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassifizierungSchwachstellenZugriffsartTypAkzeptanz
1T1006CAPEC-126CWE-22Path TraversalprädiktivHigh
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replayprädiktivHigh
3T1059CAPEC-242CWE-94Argument InjectionprädiktivHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxprädiktivHigh
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxprädiktivHigh
11TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
15TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxprädiktivHigh
16TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
17TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxprädiktivHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/addnews.htmlprädiktivHigh
2File/admin.php/pic/admin/type/pl_saveprädiktivHigh
3File/churchcrm/WhyCameEditor.phpprädiktivHigh
4File/example/editorprädiktivHigh
5File/goform/aspFormprädiktivHigh
6File/index.php?page=search/rentalsprädiktivHigh
7File/members/view_member.phpprädiktivHigh
8File/xxxx/xx/xxxx/xxxxprädiktivHigh
9File/xxx_xxxx_xxxxxxx.xxxprädiktivHigh
10File/xxxx.xxxprädiktivMedium
11File/xxxxxxxx/xxxxprädiktivHigh
12File/xxx/xxx/xxxxxxx/prädiktivHigh
13Filexxxxx.xxxprädiktivMedium
14Filexxxxx.xxxprädiktivMedium
15Filexxx.xxxprädiktivLow
16Filexxxxxxx.xprädiktivMedium
17Filexxxx/xxxx/xxxxxxxxxxxxxxxx.xxxprädiktivHigh
18Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
19Filexxxxxxxxx.xxxprädiktivHigh
20Filexxxxxxx/xxxx/xxx-xxx-xxxxxx.xprädiktivHigh
21Filexxxxxxx/xxx/xxx-xxxx.xprädiktivHigh
22Filexxxx-xxxxx-xxxxxxxxx.xxxprädiktivHigh
23Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxprädiktivHigh
24Filexxx.xxx/xxx.xxxprädiktivHigh
25Filexx.xxxprädiktivLow
26Filexxxxx.xxxprädiktivMedium
27Filexxxxxxxx.xprädiktivMedium
28Filexxxxxxxx/xxxxxx/xxxxxx/_xxxxxxxxxxxx/_xxxxxxxx.xxxprädiktivHigh
29Filexxxxxxxx.xprädiktivMedium
30Filexxxxxx.xprädiktivMedium
31Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxprädiktivHigh
32Filexxx.xxxxxprädiktivMedium
33Filexxxxxx.xxprädiktivMedium
34Filexxxxxxx-xxxxxxx.xxxprädiktivHigh
35Filexxxxx.xprädiktivLow
36Filexxxxx/xxx_xxxxxx.xprädiktivHigh
37Filexxx_xxx.xxxxprädiktivMedium
38Filexxx/xxx/xxxxxxxxxx/xxxx/xxxxx/xxxxxxxx.xxxprädiktivHigh
39Filexxxxx-xxxxxx.xxxprädiktivHigh
40Libraryxxxxx.xxxprädiktivMedium
41Libraryxxxxx.xxxprädiktivMedium
42ArgumentxxxxxxxxprädiktivMedium
43Argumentxxxxxx_xxxprädiktivMedium
44Argumentxxxxxxx-xxxxprädiktivMedium
45Argumentxxxxxx/xxxxxxxxxxprädiktivHigh
46ArgumentxxxxprädiktivLow
47ArgumentxxxxxprädiktivLow
48ArgumentxxxxxxxxprädiktivMedium
49Argumentxxxx xxxxprädiktivMedium
50ArgumentxxxxxprädiktivLow
51ArgumentxxxxxxprädiktivLow
52ArgumentxxprädiktivLow
53Argumentxxx_xxxxxxxprädiktivMedium
54Argumentxxxxxxxx_xxxxxx_xxxprädiktivHigh
55ArgumentxxxxxxxxprädiktivMedium
56Argumentxxxxxxx/xxxxxprädiktivHigh
57ArgumentxxxxxxxxxxxxxxxxxxxprädiktivHigh
58ArgumentxxxxxprädiktivLow
59Input ValuexxxxxxxxprädiktivMedium
60Network Portxxxxx xxx-xxxprädiktivHigh

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!