Worok Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Zeitverlauf

Sprache

en32
zh8
ar4
it4
de2

Land

us32
cn18

Akteure

Worok3
APT411
Cobalt Strike1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined24
Operating System4
Router Operating System2
Content Management System2
Forum Software2

Hersteller

Not Defined14
Microsoft6
DZCP4
TP-LINK2
MB connect line2

Produkt

DZCP deV!L`z Clanportal4
Microsoft Windows4
TP-LINK TL-WR1043ND V22
SPIP2
Responsive Menus2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.16CVE-2010-0966
2Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit Cross Site Scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.05CVE-2018-25085
3xiaozhuai imageinfo imageinfo.hpp Pufferüberlauf5.85.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000560.05CVE-2023-1190
4finixbit elf-parser elf_parser.cpp get_segments Denial of Service3.73.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000490.05CVE-2023-1157
5DrayTek Vigor3900/Vigor2960/Vigor300B execution erweiterte Rechte8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.008920.03CVE-2020-14472
6MGB OpenSource Guestbook email.php SQL Injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.50CVE-2007-0354
7LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.01
8ISS BlackICE PC Protection Update-Informationen im Klartext übertragen3.73.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.00CVE-2003-5002
9Pligg cloud.php SQL Injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.58
10DZCP deV!L`z Clanportal browser.php Information Disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027331.45CVE-2007-1167
11SPIP spip.php Cross Site Scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001321.01CVE-2022-28959
12FusionPBX fax_send.php erweiterte Rechte7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.02CVE-2022-35153
13NoneCms App.php erweiterte Rechte8.58.5$0-$5k$0-$5kHighNot Defined0.966780.05CVE-2018-20062
14Cisco Small Business RV345 Pufferüberlauf9.99.7$5k-$25k$5k-$25kHighOfficial Fix0.962500.05CVE-2022-20699
15Git Plugin Build erweiterte Rechte6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.09CVE-2022-36883
16Fortinet FortiOS ECDSA PRNG schwache Verschlüsselung5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001690.00CVE-2019-15703
17Ivanti Pulse Connect Secure Header erweiterte Rechte5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.07CVE-2022-21826
18Jfinal CMS SQL Injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-30500
19Samba DCE/RPC erweiterte Rechte5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001000.00CVE-2021-23192
20Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.02CVE-2022-30151

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
15.183.101.9Worok05.10.2022verifiziertHigh
2XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx05.10.2022verifiziertHigh
3XXX.XXX.XX.XXXxxxx05.10.2022verifiziertHigh
4XXX.XXX.XX.XXXxxxx05.10.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassifizierungSchwachstellenZugriffsartTypAkzeptanz
1T1040CAPEC-102CWE-319Authentication Bypass by Capture-replayprädiktivHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CAPEC-242CWE-94Argument InjectionprädiktivHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
5TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxprädiktivHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxprädiktivHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
11TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxprädiktivHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/fax/fax_send.phpprädiktivHigh
2File/forum/away.phpprädiktivHigh
3File/spip.phpprädiktivMedium
4Fileadclick.phpprädiktivMedium
5Filecloud.phpprädiktivMedium
6Filexxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxxprädiktivHigh
7Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
8Filexxx_xxxxxx.xxxprädiktivHigh
9Filexxxxx.xxxprädiktivMedium
10Filexxxx-xxxxx.xprädiktivMedium
11Filexxxxxxx.xxxprädiktivMedium
12Filexxxxxxxxx.xxxprädiktivHigh
13Filexxx/xxxxxx.xxxprädiktivHigh
14Filexxx/xxxxxxxxxxx/xxxxxxx.xxxprädiktivHigh
15Filexxxxxxxxx/xxxxxxxxxprädiktivHigh
16Filexxxxxxxxx.xxx.xxxprädiktivHigh
17Filexxxxxxxx.xxxprädiktivMedium
18Filexxxxxxxxxx.xxxprädiktivHigh
19Filexxxxxxxxxx_xxxxx.xxxxxxprädiktivHigh
20Filexxxxxxxxx.xxxprädiktivHigh
21Filexxxx-xxxxxxxx.xxxprädiktivHigh
22Libraryxxxxx.xxxprädiktivMedium
23Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxprädiktivHigh
24Libraryxxxxxxxx.xxxprädiktivMedium
25ArgumentxxxxxxxxprädiktivMedium
26Argumentxxxxxx-xxxxprädiktivMedium
27ArgumentxxxxxxxxxxprädiktivMedium
28Argumentxxxxxxx-xxxxxxprädiktivHigh
29ArgumentxxxxprädiktivLow
30ArgumentxxxxprädiktivLow
31ArgumentxxxxxxprädiktivLow
32ArgumentxxprädiktivLow
33ArgumentxxxxxprädiktivLow
34ArgumentxxxxxxxxxprädiktivMedium
35ArgumentxxxprädiktivLow

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!