BEAR Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (87)

Cronología

Idioma

en76
ru6
de4
es2

País

ee36
us24
ru12
ua8
tr2

Actores

BEAR2
RedLine Stealer2
Grizzly Steppe1
QakBot1
SideWinder1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined22
Operating System8
WordPress Plugin8
Automation Software6
Content Management System6

Proveedor

Not Defined28
Microsoft8
Oracle6
GNU4
eSST2

Producto

GNU wget4
Microsoft Windows4
eSST Monitoring2
APC UPS Network Management Card 2 AOS2
OpenVMS2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Huawei SmartCare Dashboard Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2017-15312
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055
4IBM Security AppScan Enterprise Enterprise Source Database cifrado débil9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.000820.00CVE-2013-3989
5raspap-webgui activate_ovpncfg.php escalada de privilegios8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.899660.00CVE-2022-39986
6PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.02CVE-2022-24663
7Forumer / IPB Board Show Topic index.php sql injection7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
8WordPress Metadata escalada de privilegios8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015780.00CVE-2018-20148
9Add Link to Facebook Plugin profile.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000570.03CVE-2018-5214
10SeedProd Website Builder Plugin seedprod_lite_new_lpage escalada de privilegios7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000570.00CVE-2024-1072
11Patreon Plugin cross site request forgery5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2023-41129
12Database Administrator Plugin sql injection4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.005300.02CVE-2023-3211
13Telegram Web cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000750.03CVE-2022-43363
14User Post Gallery Plugin escalada de privilegios8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.042520.00CVE-2022-4060
15eSST Monitoring escalada de privilegios7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2023-41631
16Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.001330.04CVE-2023-36434
17Boa Web Server HEAD Method escalada de privilegios6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.001120.03CVE-2022-45956
18GitLab Privilege Escalation5.15.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001180.04CVE-2021-22263
19ThinkPHP escalada de privilegios7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2022-44289
20Microsoft Lync Server/Skype for Business Server vulnerabilidad desconocida6.55.9$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.000740.02CVE-2021-24073

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
15.149.248.67mx1-mail.comBEAR2020-12-23verifiedAlto
25.149.248.193BEAR2020-12-23verifiedAlto
3X.XXX.XXX.XXXXxxx2020-12-23verifiedAlto
4X.XXX.XXX.XXXxxxxx.xxxxxxxxxxxxxxxx.xxxxXxxx2020-12-23verifiedAlto
5XX.XXX.XX.XXxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxx2020-12-23verifiedAlto
6XXX.XXX.XX.XXXXxxx2020-12-23verifiedAlto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/ajax/openvpn/activate_ovpncfg.phppredictiveAlto
2File/cgi-bin/wlogin.cgipredictiveAlto
3File/index.phppredictiveMedio
4File/uncpath/predictiveMedio
5Filexxx_xxxxxxx.xxxpredictiveAlto
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
7Filexxxxxxxx.xxxpredictiveMedio
8Filexxxxxx.xxxxpredictiveMedio
9Filexxxxxx.xxxpredictiveMedio
10Filexxxxx.xxxpredictiveMedio
11Filexxxxxxx.xxxpredictiveMedio
12Filexxxxx-xxxxxxx.xxxpredictiveAlto
13Filexxxxxxxx.xxpredictiveMedio
14Filexxxxx.xxxxxxx.xxpredictiveAlto
15Filexxxxxxxxx/xxxxx/xxxxxx.xxxxpredictiveAlto
16Filexx-xxxxx/xxxxxxx.xxxpredictiveAlto
17Libraryxxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxx.xxxpredictiveAlto
18Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictiveAlto
19Argument-xpredictiveBajo
20Argumentxx/xxpredictiveBajo
21Argumentxxxxx_xxxxxxxx/xxxxx_xxxxxxxxpredictiveAlto
22Argumentxxxxx_xxxxxxxx_xxpredictiveAlto
23ArgumentxxxxxpredictiveBajo
24Argumentxxx_xxpredictiveBajo
25ArgumentxxpredictiveBajo
26ArgumentxxxxxpredictiveBajo
27ArgumentxxxxxxxxxpredictiveMedio
28Argumentx[]predictiveBajo
29Argumentxxx_xxpredictiveBajo
30Argumentxxxxx_xxxpredictiveMedio
31ArgumentxxxxpredictiveBajo
32Argumentxxxxxxxx/xxxxpredictiveAlto
33Argument_xxxxpredictiveBajo
34Input ValuexxxpredictiveBajo

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!