Sektor Lawfirm

Timeframe: -28 days

Default Categories (75): Access Management Software, Accounting Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Appointment Software, Artificial Intelligence Software, Asset Management Software, Backup Software, Billing Software, Business Process Management Software, Calendar Software, Chat Software, Cloud Software, Communications System, Connectivity Software, Content Management System, Customer Relationship Management System, Database Administration Software, Database Software, Digital Media Player, Directory Service Software, Document Management Software, Document Processing Software, Document Reader Software, Endpoint Management Software, Enterprise Resource Planning Software, File Compression Software, File Transfer Software, Firewall Software, Groupware Software, Hardware Driver Software, Human Capital Management Software, Image Processing Software, Information Management Software, IP Phone Software, Knowledge Base Software, Log Management Software, Mail Client Software, Mail Server Software, Messaging Software, Middleware, Multimedia Player Software, Multimedia Processing Software, Network Attached Storage Software, Network Authentication Software, Network Encryption Software, Network Management Software, Network Routing Software, Office Suite Software, Operating System, Photo Gallery Software, Policy Management Software, Presentation Software, Printing Software, Project Management Software, Remote Access Software, Reporting Software, Risk Management System, Router Operating System, Server Management Software, Service Management Software, Smartphone Operating System, Software Management Software, Solution Stack Software, Spreadsheet Software, SSH Server Software, Tablet Operating System, Ticket Tracking Software, Unified Communication Software, Virtualization Software, Web Browser, Web Server, Wireless LAN Software, Word Processing Software

Zeitverlauf

Hersteller

Linux310
Microsoft116
Not Defined88
Foxit58
Google56

Produkt

Linux Kernel310
Microsoft Windows72
Foxit PDF Reader58
Google Chrome26
Google Android26

Massnahmen

Official Fix788
Temporary Fix0
Workaround4
Unavailable0
Not Defined182

Ausnutzbarkeit

High6
Functional2
Proof-of-Concept58
Unproven100
Not Defined808

Zugriffsart

Not Defined0
Physical2
Local130
Adjacent342
Network500

Authentisierung

Not Defined0
High86
Low552
None336

Benutzeraktivität

Not Defined0
Required278
None696

C3BM Index

CVSSv3 Base

≤10
≤20
≤332
≤492
≤5224
≤6296
≤7160
≤8126
≤940
≤104

CVSSv3 Temp

≤10
≤20
≤332
≤4124
≤5198
≤6410
≤7106
≤890
≤910
≤104

VulDB

≤10
≤22
≤348
≤4136
≤5196
≤6276
≤7162
≤8114
≤936
≤104

NVD

≤1974
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

CNA

≤1716
≤22
≤34
≤410
≤528
≤662
≤740
≤882
≤922
≤108

Hersteller

≤1864
≤20
≤30
≤40
≤56
≤610
≤720
≤844
≤930
≤100

Exploit 0-day

<1k44
<2k274
<5k44
<10k356
<25k140
<50k100
<100k16
≥100k0

Exploit heute

<1k378
<2k240
<5k180
<10k80
<25k92
<50k4
<100k0
≥100k0

Exploitmarktvolumen

IOB - Indicator of Behavior (1000)

Zeitverlauf

Sprache

en772
ja68
de28
fr24
ru24

Land

us114
jp80
cn70
pl52
gb48

Akteure

Mirai5
Cobalt Strike5
AsyncRAT4
RedLine Stealer4
Sandworm4

Aktivitäten

Interesse

Zeitverlauf

Typ

Operating System38
Content Management System22
Router Operating System20
Firewall Software18
Database Software8

Hersteller

Not Defined32
Microsoft24
Linux20
Juniper16
Palo Alto Networks10

Produkt

Linux Kernel20
Microsoft Windows18
Juniper Junos OS14
DedeCMS12
Palo Alto Networks PAN-OS10

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1Palo Alto Networks PAN-OS GlobalProtect erweiterte Rechte8.98.7$0-$5k$0-$5kHighOfficial Fix0.027345.77CVE-2024-3400
2cym1102 nginxWebUI saveCmd handlePath schwache Authentisierung7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000454.57CVE-2024-3738
3cym1102 nginxWebUI reload exec erweiterte Rechte6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000453.16CVE-2024-3740
4cym1102 nginxWebUI upload erweiterte Rechte4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000453.01CVE-2024-3736
5cym1102 nginxWebUI addOver findCountByQuery Directory Traversal6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.66CVE-2024-3737
6cym1102 nginxWebUI upload erweiterte Rechte6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.61CVE-2024-3739
7PHPGurukul Small CRM Registration Page SQL Injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.56CVE-2024-3691
8GLPI Shell Commands Plugin erweiterte Rechte6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000001.26-CVE-2024-31705
9PHPGurukul Small CRM Change Password SQL Injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.11CVE-2024-3690
10DedeCMS stepselect_main.php SQL Injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.85CVE-2024-3685
11DedeCMS update_guide.php unbekannte Schwachstelle4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.80CVE-2024-3686
12Xiamen Four-Faith RMP Router Management Platform SQL Injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.75CVE-2024-3688
13Microsoft Windows Proxy Driver erweiterte Rechte6.75.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.75CVE-2024-26234
14Linux Kernel pci1xxxx_spi_probe Denial of Service5.04.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.76-CVE-2024-24862
15Linux Kernel malidp_mw_connector_reset Denial of Service4.74.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.73-CVE-2024-24863
16Linux Kernel amdkfd kzalloc Pufferüberlauf5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.62CVE-2024-26817
17iboss Secure Web Gateway Login Portal login Cross Site Scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.35CVE-2024-3378
18Fortinet FortiOS HTTP Request Information Disclosure5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.54CVE-2024-23662
19Xen x86 HVM Hypercall Denial of Service5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.40CVE-2023-46842
20Xen BTC SRSO Mitigation Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.33CVE-2024-31142

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP-BereichAkteurTypAkzeptanz
12.57.122.0/24MiraiprädiktivHigh
223.154.177.0/24B1txor20prädiktivHigh
345.9.150.0/24TeamTNTprädiktivHigh
4XX.XX.XX.X/XXXxxxxxxxprädiktivHigh
5XX.XXX.XX.X/XXXxxxxxxxprädiktivHigh
6XX.XXX.XXX.X/XXXxxxxxx XxxxxxxprädiktivHigh
7XX.XXX.XX.X/XXXxxxxprädiktivHigh
8XX.XXX.XX.X/XXXxxxxprädiktivHigh
9XX.XX.XX.X/XXXxxxxprädiktivHigh
10XX.XX.XX.X/XXXxxxxxprädiktivHigh
11XXX.XXX.XXX.X/XXXxxxxxxprädiktivHigh
12XXX.XXX.XXX.X/XXXxxxxxxxxxxxxxxprädiktivHigh
13XXX.XX.XX.X/XXXxxxxxx Xxxxx XxxxxprädiktivHigh
14XXX.XXX.XX.X/XXXxxxxxprädiktivHigh
15XXX.XX.XXX.X/XXXxxxxx XxxxxxprädiktivHigh
16XXX.XX.XX.X/XXXxxxx XxxprädiktivHigh
17XXX.XXX.XX.X/XXXxxxxprädiktivHigh
18XXX.XXX.XXX.X/XXXxxxxxxxxxxxprädiktivHigh
19XXX.XX.XX.X/XXXxxxxxx XxxxxxprädiktivHigh
20XXX.XX.XX.X/XXXxxxxxprädiktivHigh
21XXX.XXX.XX.X/XXXxxxxxx XxxxxxprädiktivHigh
22XXX.XXX.XXX.X/XXXxxxx XxxxxxxprädiktivHigh
23XXX.XXX.XXX.X/XXXxxxxxxxprädiktivHigh
24XXX.XX.XXX.X/XXXxxxxxprädiktivHigh
25XXX.XXX.XXX.X/XXXxxxprädiktivHigh
26XXX.XX.XXX.X/XXXxxxxx XxxxxxprädiktivHigh
27XXX.XXX.X.X/XXXxxxxprädiktivHigh
28XXX.X.XX.X/XXXxxxxprädiktivHigh
29XXX.XXX.XXX.X/XXXxxxxprädiktivHigh
30XXX.XXX.XX.X/XXXxxxxxprädiktivHigh

TTP - Tactics, Techniques, Procedures (27)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22, CWE-23, CWE-24, CWE-25, CWE-35Path TraversalprädiktivHigh
2T1040CWE-319Authentication Bypass by Capture-replayprädiktivHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
4T1059CWE-94, CWE-1321Argument InjectionprädiktivHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
6T1068CWE-250, CWE-269, CWE-274, CWE-284Execution with Unnecessary PrivilegesprädiktivHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxprädiktivHigh
8TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxprädiktivHigh
9TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
10TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
11TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
12TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
13TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxprädiktivHigh
14TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxprädiktivHigh
16TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
17TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
18TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxprädiktivHigh
19TXXXX.XXXCWE-XXXXxxxxxxxxxxxprädiktivHigh
20TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxprädiktivHigh
22TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
23TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
24TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
25TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxprädiktivHigh
26TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh
27TXXXXCWE-XXXXxxxxxxxxxx XxxxxxprädiktivHigh

IOA - Indicator of Attack (152)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/admin/adminHome.phpprädiktivHigh
2File/adminPage/conf/reloadprädiktivHigh
3File/adminPage/conf/saveCmdprädiktivHigh
4File/adminPage/main/uploadprädiktivHigh
5File/adminPage/www/addOverprädiktivHigh
6File/anchor/admin/categories/delete/2prädiktivHigh
7File/anchor/admin/users/delete/2prädiktivHigh
8File/api/runs/search/run/prädiktivHigh
9File/cart.phpprädiktivMedium
10File/description.phpprädiktivHigh
11File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=prädiktivHigh
12File/endpoint/add-image.phpprädiktivHigh
13File/etc/passwdprädiktivMedium
14File/index.phpprädiktivMedium
15File/loginprädiktivLow
16File/Product.phpprädiktivMedium
17File/src/dede/baidunews.phpprädiktivHigh
18File/src/dede/co_do.phpprädiktivHigh
19File/src/dede/friendlink_edit.phpprädiktivHigh
20File/src/dede/makehtml_homepage.phpprädiktivHigh
21File/xxx/xxxx/xxxxxxxx_xx_xxxxxx.xxxprädiktivHigh
22File/xxx/xxxx/xxxxxxxx_xxx.xxxprädiktivHigh
23File/xxx/xxxx/xxxxxxxx_xxx_xxxxxx.xxxprädiktivHigh
24File/xxx/xxxx/xxxxxxxx_xxxx.xxxprädiktivHigh
25File/xxx/xxxx/xxx_xxxx.xxxprädiktivHigh
26File/xxx/xxxx/xxxxxx_xxxx.xxxprädiktivHigh
27File/xxx/xxxx/xxxxxx_xxxxxx.xxxprädiktivHigh
28File/xxx/xxxx/xxxx_xxxx.xxxprädiktivHigh
29File/xxx/xxxxxx/xxxxxprädiktivHigh
30Filexxxxxxxx_xxx_xxxxxxx_xxxx_xxxxxxx.xxxprädiktivHigh
31Filexxx-xxxxxxx.xxxprädiktivHigh
32Filexxxxx/xxxxxx_xxxx.xxxprädiktivHigh
33Filexx_xxxxxxxxxxxxxx.xprädiktivHigh
34Filexxxxxxxxxxxxxxx.xxxprädiktivHigh
35Filexxxxxxx.xxxprädiktivMedium
36Filexxxxxxxxxxxxx.xxxprädiktivHigh
37Filexxxxxxxxxxx.xxxprädiktivHigh
38Filexxxxxxxxxxx.xxxprädiktivHigh
39Filexxxxxxxxx.xprädiktivMedium
40Filexxxxxxxxxxx.xxxprädiktivHigh
41Filexxxxxxxx.xxxprädiktivMedium
42Filexxxx/xxx/xxxxxx/xxx/xxxx.xprädiktivHigh
43Filexxxx_xxxxxx.xprädiktivHigh
44Filexxxxx/xxx-xxxxxx.xprädiktivHigh
45Filexxxxx/xxx-xx-xxx.xprädiktivHigh
46Filexxx_xxx.xxxxprädiktivMedium
47Filexxxx_xxxxxxx.xxprädiktivHigh
48Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxprädiktivHigh
49Filexxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxx.xxxxprädiktivHigh
50Filexxxxxxxxxxxxxx.xxxprädiktivHigh
51Filexxxxxxxxx.xxxprädiktivHigh
52Filexxxx/xxxxxxxx_xxxxxxxx_xxxxxx.xxxprädiktivHigh
53Filexxxxxxx.xxxprädiktivMedium
54Filexxxxxxx/xxxxx/xxxxxxx/xx_xxxxxxxxx.xprädiktivHigh
55Filexxxxxxx/xxxx/xxx/xxxxxx.xprädiktivHigh
56Filexxxx.xprädiktivLow
57Filexx/xxxxx/xxxx-xx.xprädiktivHigh
58Filexx/xxxxx/xxxxxxxxxxx.xprädiktivHigh
59Filexx/xxxxx/xxxx-xxx.xprädiktivHigh
60Filexx/xxxx/xxxx.xprädiktivHigh
61FilexxxxxprädiktivLow
62Filexxxxx_xxxxxxprädiktivMedium
63Filexx/xxx/xxx_xx_xxx.xprädiktivHigh
64Filexxxxxxx/xxxxx/xxxxxx.xprädiktivHigh
65Filexxxxx.xxxprädiktivMedium
66Filexxxxx.xprädiktivLow
67Filexxxxxx/xxx/xxxxxxx.xprädiktivHigh
68Filexxxxxx/xxx/xxxxx.xprädiktivHigh
69Filexxxxxx/xxx/xxxx.x:prädiktivHigh
70Filexxx.xprädiktivLow
71Filexxxxxxxxx.xxprädiktivMedium
72Filexxx.xprädiktivLow
73Filexxxxxxx/xxxxxx.xxxprädiktivHigh
74Filexx/xxxx_xxxxx.xprädiktivHigh
75Filexx/xxxxxxxx.xprädiktivHigh
76Filexxxxxxx/xxxxx/xxxxxxx/xxxxxxx.xxxprädiktivHigh
77Filexxx/xxxx/xxx.xprädiktivHigh
78Filexxx/xxxx/xxxxxx.xprädiktivHigh
79Filexxx/xxx/xxx_xxxxxx.xprädiktivHigh
80Filexxx/xxxxxxxxxxx/xxxx.xprädiktivHigh
81Filexxx/xxxxxx/xxxxxxxxxxxxx.xprädiktivHigh
82Filexxxxx.xprädiktivLow
83Filexxxxx.xprädiktivLow
84Filexxxxxxxxx.xxxprädiktivHigh
85Filexxxxx/xxx/xxxx/xxxxx-xxx-xxx.xprädiktivHigh
86Filexxxxxxx:xxxxxxxxxxxxxxxxprädiktivHigh
87Filexxxxxxxxxx_xxxx.xxxprädiktivHigh
88Filexxxx_xxxxxx.xxprädiktivHigh
89Filexxx.xprädiktivLow
90Filexxxxxx_xxxxx.xxxprädiktivHigh
91Filexxxxxxx/xx/xxxx/xxx/xxxxxx/xxxxxxxxx.xxprädiktivHigh
92Libraryxxxx/xxx/xxxxxxx/xxx/xxxx.xprädiktivHigh
93Libraryxxxx.xxxprädiktivMedium
94Libraryxxxxxxx/xxxxx/xxxx.xprädiktivHigh
95Libraryxxxxxxx/xxx/xxxx_xxx.xprädiktivHigh
96Libraryxxx/xxx_xxxx.xprädiktivHigh
97Libraryxxx/xxxxxxxxxxxx.xprädiktivHigh
98Libraryxxx/xxxx_xxxxx.xprädiktivHigh
99Libraryxxx/xxx_xxxx.xprädiktivHigh
100Libraryxxx/xxxprädiktivLow
101Libraryxxx/xxxxxxxxxxx.xprädiktivHigh
102Libraryxxxxxxxx.xxxprädiktivMedium
103Libraryxxxx.xprädiktivLow
104ArgumentxxxxxxprädiktivLow
105ArgumentxxxprädiktivLow
106ArgumentxxxxxxxxxxxprädiktivMedium
107ArgumentxxxxprädiktivLow
108ArgumentxxxxxxxxxxxxxxxxprädiktivHigh
109Argumentxx-xxxxxxprädiktivMedium
110ArgumentxxxxxxxxprädiktivMedium
111Argumentxxxxxxx-xxxx/xxxxprädiktivHigh
112ArgumentxxxxxxxxxxxprädiktivMedium
113Argumentxx_xxxx_xxxprädiktivMedium
114ArgumentxxxprädiktivLow
115ArgumentxxxxxprädiktivLow
116Argumentxxxxxxx_xxxxprädiktivMedium
117ArgumentxxxxprädiktivLow
118ArgumentxxxxxxxxprädiktivMedium
119ArgumentxxxxxprädiktivLow
120Argumentxxxxxx_xxxxprädiktivMedium
121ArgumentxxxxprädiktivLow
122ArgumentxxxxxxxprädiktivLow
123Argumentx_xxxxprädiktivLow
124ArgumentxxprädiktivLow
125ArgumentxxprädiktivLow
126ArgumentxxxprädiktivLow
127Argumentxxxxx_xxxxprädiktivMedium
128ArgumentxxxxxprädiktivLow
129Argumentxxx_xxprädiktivLow
130Argumentxxxxx_xxxprädiktivMedium
131ArgumentxxxxxxxprädiktivLow
132ArgumentxxxxprädiktivLow
133ArgumentxxxxxxxxprädiktivMedium
134ArgumentxxxxxxxxxprädiktivMedium
135Argumentxxx_xxxxxxprädiktivMedium
136ArgumentxxxxxxprädiktivLow
137Argumentxxx_xxxxxxprädiktivMedium
138Argumentxx_xxxxx_xxxxxxxprädiktivHigh
139Argumentxxxx_xxxxxx_xxxxxprädiktivHigh
140ArgumentxxxxxxxprädiktivLow
141ArgumentxxxxxxxprädiktivLow
142Argumentxxxxxxxx/xxxxxxprädiktivHigh
143ArgumentxxxxxxxxxxxprädiktivMedium
144ArgumentxxxxxxxxxprädiktivMedium
145Argumentxxxx_xxxxxxx_xxxxprädiktivHigh
146ArgumentxxxxprädiktivLow
147Argumentxxxx/xxxxxxxxprädiktivHigh
148ArgumentxxxxxprädiktivLow
149Argumentxxxxxx xxxxxprädiktivMedium
150Argumentxxxxxxxx/xxxxxxxx/xxxxx_xxxxxxxx/xxxxx_xxxxxxxxprädiktivHigh
151ArgumentxxxxxprädiktivLow
152Argumentx-xxxxxxxxx-xxxprädiktivHigh
ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!