AMOS Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Cronología

Idioma

en180
zh98
ru94
fr88
pl80

País

fr88
pl80
ru78
us76
es68

Actores

AMOS4
RedLine Stealer2
DCRat2
Raccoon2
Cobalt Strike2

Ocupaciones

Interesar

Cronología

Escribe

Not Defined72
WordPress Plugin40
Operating System16
Content Management System6
Web Server4

Proveedor

Not Defined34
Tenda22
Microsoft10
Campcodes10
SourceCodester8

Producto

Campcodes Complete Web-Based School Management Sys ...10
Microsoft Windows8
Tenda W15E6
MailCleaner6
Tenda i216

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.15CVE-2024-4327
2MailCleaner Email escalada de privilegios9.89.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.12CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.15CVE-2024-4348
4Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003390.67CVE-2015-5911
5MailCleaner Admin Interface cross site scripting6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.09CVE-2024-3192
6SourceCodester Pisay Online E-Learning System controller.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.27CVE-2024-4349
7MailCleaner Admin Endpoints escalada de privilegios8.88.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.03CVE-2024-3193
8BloomPixel Max Addons Pro for Bricks Plugin escalada de privilegios6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
9Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-3074
10Extend Themes Teluro Plugin cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33688
11Apache HTTP Server mod_lua Multipart Parser r:parsebody desbordamiento de búfer8.58.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.088080.03CVE-2021-44790
12Dell Wyse Proprietary OS Telemetry Dashboard divulgación de información4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-28963
13Apache Parquet Parquet-MR denegación de servicio3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2021-41561
14Foliovision FV Flowplayer Video Player Plugin escalada de privilegios5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-32955
15Dell Repository Manager API Module escalada de privilegios8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-28976
16Jegstudio Financio Plugin cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33690
17ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
18AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
19Repute Infosystems ARMember Plugin escalada de privilegios7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948
20Dell Repository Manager Logger Module escalada de privilegios3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-28977

IOC - Indicator of Compromise (49)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
15.42.64.45AMOS2024-01-31verifiedAlto
25.42.64.83AMOS2024-04-15verifiedAlto
35.42.65.55AMOS2023-12-07verifiedAlto
45.42.65.102AMOS2024-04-15verifiedAlto
55.42.65.106AMOS2024-04-15verifiedAlto
65.42.65.107AMOS2024-02-04verifiedAlto
75.42.65.108AMOS2024-01-17verifiedAlto
85.42.66.22AMOS2024-04-15verifiedAlto
95.42.67.1AMOS2024-04-15verifiedAlto
105.42.96.124AMOS2024-05-19verifiedAlto
11X.XX.XX.XXXXxxx2024-05-19verifiedAlto
12X.XXX.XX.Xxxxxxxxx-xxxxxx.xxxx.xxxxxxxXxxx2023-12-23verifiedAlto
13X.XXX.XX.XXxxxxx-xxxx.xxxx.xxxxxxxXxxx2024-05-25verifiedAlto
14X.XXX.XXX.XXXXxxx2024-05-12verifiedAlto
15XX.XX.XXX.XXXxxxxxxxxx.xxxxxxx.xxx.xxXxxx2024-04-15verifiedAlto
16XX.XX.XXX.XXXxxxxxxxxx.xxxxxxx.xxx.xxXxxx2024-04-15verifiedAlto
17XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xxxxx-xxxx.xxXxxx2023-08-15verifiedAlto
18XX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxx2024-05-25verifiedAlto
19XX.XX.XX.XXXxxx2024-05-30verifiedAlto
20XX.XXX.XXX.XXXxxx2024-05-07verifiedAlto
21XX.XXX.XXX.XXXxxx2024-05-19verifiedAlto
22XX.XXX.XXX.XXXxxx2024-05-27verifiedAlto
23XX.XXX.XXX.X.Xxxx2024-04-10verifiedAlto
24XX.XXX.XXX.XXXxxx-xxxxxx.xxxx.xxxxxxxXxxx2024-01-08verifiedAlto
25XX.XXX.XXX.XXXxxx2024-04-15verifiedAlto
26XX.XXX.XXX.XXXxxxxxxx.xxx.xxxxxx-xxxxxx.xxxxXxxx2024-04-15verifiedAlto
27XX.XXX.XXX.XXXxxxxxxxxxx-xxxx-xxxxxx.xxxx.xxxxxxxXxxx2024-01-18verifiedAlto
28XXX.XX.XX.XXXXxxx2023-10-29verifiedAlto
29XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx2024-04-15verifiedAlto
30XXX.XX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxx2023-10-15verifiedAlto
31XXX.XX.XXX.XXXXxxx2023-10-29verifiedAlto
32XXX.XXX.XX.XXXXxxx2023-09-18verifiedAlto
33XXX.XXX.XXX.XXXxxx2023-12-17verifiedAlto
34XXX.XXX.XXX.XXXXxxx2024-03-10verifiedAlto
35XXX.XXX.XXX.XXXXxxx2023-12-07verifiedAlto
36XXX.XXX.XXX.XXXxxx2023-12-15verifiedAlto
37XXX.XXX.XXX.XXXXxxx2023-09-29verifiedAlto
38XXX.XXX.XXX.Xxxxxxxxxxxxxx.xxxx.xxXxxx2024-05-14verifiedAlto
39XXX.XXX.XXX.XXXXxxx2024-05-14verifiedAlto
40XXX.XXX.X.XXXxxxxxxx.xxx.xxxxxx-xxxxxx.xxxxXxxx2024-04-15verifiedAlto
41XXX.XXX.XXX.XXXxxx2024-05-13verifiedAlto
42XXX.XXX.XXX.XXXXxxx2024-05-01verifiedAlto
43XXX.XXX.XXX.XXXXxxx2024-05-07verifiedAlto
44XXX.XXX.XXX.XXXXxxx2024-03-19verifiedAlto
45XXX.XXX.XXX.XXXXxxx2024-03-19verifiedAlto
46XXX.XXX.XXX.XXXXxxx2024-04-17verifiedAlto
47XXX.XXX.XXX.XXXXxxx2024-03-19verifiedAlto
48XXX.XX.XX.XXXxxx2023-11-16verifiedAlto
49XXX.XXX.XXX.XXXXxxx2023-10-21verifiedAlto

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClaseVulnerabilidadVector de accesoEscribeConfianza
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (88)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/admin/user/manage_user.phppredictiveAlto
2File/catalog/all-productspredictiveAlto
3File/changePasswordpredictiveAlto
4File/Employee/changepassword.phppredictiveAlto
5File/forum/away.phppredictiveAlto
6File/goform/addIpMacBindpredictiveAlto
7File/goform/DelDhcpRulepredictiveAlto
8File/goform/delIpMacBindpredictiveAlto
9File/goform/DelPortMappingpredictiveAlto
10File/goform/modifyDhcpRulepredictiveAlto
11File/goform/modifyIpMacBindpredictiveAlto
12File/goform/setBlackRulepredictiveAlto
13File/xxxxxx/xxxxxxxxxxpredictiveAlto
14File/xxxxxx/xxxxxxxxxpredictiveAlto
15File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveAlto
16File/xxxxxx/xxxxxxxxxxxxxxpredictiveAlto
17File/xxxxxx/xxxxxxxxxxxxxpredictiveAlto
18File/xxxxxx/xxxxxxxxxxxpredictiveAlto
19File/xxxxxx/xxxxxxxxxx.xxxpredictiveAlto
20File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveAlto
21File/xxxxxx_xx.xxxpredictiveAlto
22File/xxxxxxxxx.xxxpredictiveAlto
23File/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveAlto
24File/xxxxxxxx.xxxpredictiveAlto
25File/xxx/xxxxxxx/xxxpredictiveAlto
26File/xxxxxx-xxxxxx-xxxxxxx-xxxxxx/xxxxx/xxxxx.xxx?xxxx=xxxxxx_xxxxpredictiveAlto
27File/xxxx/xxxxxx_xxxxx_xxxxx_xxxxxx_xxxx.xxxpredictiveAlto
28File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveAlto
29File/xxxx/xxxx_xxxxxxxx.xxxpredictiveAlto
30File/xxxx/xxxxxxx_xxxxxxxxxx_xxxxxxxx.xxxpredictiveAlto
31File/xxxx/xxxxxxx_xxxx_xxxx_xxxxxx_xxxxx.xxxpredictiveAlto
32File/xxxx/xxxxxx_xxx.xxxpredictiveAlto
33Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveAlto
34Filexxxx_xxxxxxxxxxxxxx_xxxxxxxxxx.xxxpredictiveAlto
35Filexxxxxxxxxxxx.xxxpredictiveAlto
36Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
37Filexxx/xxxxxx.xxxpredictiveAlto
38Filexxxxx.xxxpredictiveMedio
39Filexxxxxxx/xxxxxxxx.xxxpredictiveAlto
40Filexx/xxxxxx/xxxxxxxxxxpredictiveAlto
41Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveAlto
42Filexxxxx.xxxpredictiveMedio
43Filexxxxxx_xxxx.xxxpredictiveAlto
44Filexxxxxxxx.xxxpredictiveMedio
45Filexxx.xxpredictiveBajo
46Filexxxxxxxx.xxxpredictiveMedio
47Filexxxxxxxx.xxxpredictiveMedio
48Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
49Filexxxxxxx_xxxxxxxx.xxxpredictiveAlto
50Argumentxxxxx_xxxxxpredictiveMedio
51ArgumentxxxxxxxxpredictiveMedio
52ArgumentxxxxxxxxxxxxxpredictiveAlto
53ArgumentxxxpredictiveBajo
54ArgumentxxxxxxxxxpredictiveMedio
55ArgumentxxxxxxxxxxxxpredictiveMedio
56ArgumentxxxxxxxxxxpredictiveMedio
57ArgumentxxxxxxxpredictiveBajo
58Argumentxxxxx_xxxpredictiveMedio
59ArgumentxxxxpredictiveBajo
60ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
61Argumentxx/xxxxpredictiveBajo
62ArgumentxxxxxpredictiveBajo
63ArgumentxxxxxxxpredictiveBajo
64ArgumentxxpredictiveBajo
65ArgumentxxpredictiveBajo
66ArgumentxxxxxxxxxxxxxxpredictiveAlto
67ArgumentxxxxxxxxxxxxxpredictiveAlto
68Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveAlto
69ArgumentxxxxxxxxxxpredictiveMedio
70ArgumentxxxxxxxxxxxxpredictiveMedio
71Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveAlto
72Argumentxx_xxxxxpredictiveMedio
73ArgumentxxxxpredictiveBajo
74Argumentxxxx/xxxxxx/xxxxxxxpredictiveAlto
75ArgumentxxxxpredictiveBajo
76ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
77Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveAlto
78ArgumentxxxxxxpredictiveBajo
79ArgumentxxxxxxxxpredictiveMedio
80ArgumentxxxxxxxxxxxxxxxxxxpredictiveAlto
81Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveAlto
82ArgumentxxxxxxxxxpredictiveMedio
83ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
84ArgumentxxxxpredictiveBajo
85ArgumentxxxxxxxxxxpredictiveMedio
86Argumentxxxxxx_xxxxxxxx/xxxxxx_xxxxxxxx/xxxxxxxxxx_xxxxxxxxpredictiveAlto
87ArgumentxxxxpredictiveBajo
88Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveAlto

Referencias (14)

The following list contains external sources which discuss the actor and the associated activities:

Samples (18)

The following list contains associated samples:

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!