Big Head Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Idioma

en	68
ru	2

País

tr	70

Actores

Big Head	1

Interesar

Escribe

Not Defined	28
Content Management System	6
Programming Language Software	6
Web Server	4
Operating System	4

Proveedor

Not Defined	24
PHPGurukul	4
Microsoft	4
Ovidentia	2
Zoho ManageEngine	2

Producto

PHP	4
Ovidentia CMS	2
Gitea	2
Zoho ManageEngine Desktop Central MSP	2
GNU Bash	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Google Chrome WebRTC desbordamiento de búfer	6.3	6.0	$25k-$100k	$5k-$25k	High	Official Fix	0.01152	0.03	CVE-2022-2294
2	nginx escalada de privilegios	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	1.64	CVE-2020-12440
3	Telegram divulgación de información	4.9	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00048	0.00	CVE-2021-27205
4	Joget Workflow account_new escalada de privilegios	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00091	0.03	CVE-2019-14352
5	KLog Server authenticate.php escalada de privilegios	5.5	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.95163	0.04	CVE-2020-35729
6	Havelsan Dialogue ACL escalada de privilegios	8.3	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00087	0.00	CVE-2024-3375
7	Nagios XI monitoringwizard.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00043	0.04	CVE-2024-24401
8	Microsoft Windows escalada de privilegios	10.0	9.5	$100k y más	$0-$5k	Not Defined	Official Fix	0.82212	0.00	CVE-2009-2512
9	Python SimpleHTTPServer Module SimpleHTTPServer.py list_directory cross site scripting	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00422	0.04	CVE-2011-4940
10	CKeditor Paste cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00123	0.03	CVE-2018-17960
11	CKEditor4 Advanced Content Filter cross site scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00448	0.03	CVE-2021-41164
12	OpenSSH autenticación débil	7.3	7.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.02241	0.03	CVE-2010-4478
13	MikroTik RouterOS Web Server desbordamiento de búfer	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.04	CVE-2023-30800
14	Microsoft .NET Framework Array Copy desbordamiento de búfer	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.24098	0.04	CVE-2015-2504
15	CodeBard Patron Button and Widgets for Patreon Plugin cross site scripting	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.00	CVE-2023-30491
16	phpBB Error Message memberlist.php escalada de privilegios	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01803	0.03	CVE-2006-2219
17	WordPress REST API class-wp-rest-users-controller.php divulgación de información	5.3	5.1	$5k-$25k	$0-$5k	Functional	Official Fix	0.87410	0.04	CVE-2017-5487
18	Ovidentia CMS index.php sql injection	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00089	0.04	CVE-2021-29343
19	Zoho ManageEngine Desktop Central MSP DLL dcinventory.exe escalada de privilegios	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00102	0.00	CVE-2020-9367
20	Apple macOS Bluetooth desbordamiento de búfer	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.00	CVE-2022-42854

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	13.107.21.200		Big Head	2023-08-10	verified	Alto
2	20.99.133.109		Big Head	2023-08-10	verified	Alto
3	20.99.184.37		Big Head	2023-08-10	verified	Alto
4	23.41.86.106	a23-41-86-106.deploy.static.akamaitechnologies.com	Big Head	2023-08-10	verified	Alto
5	XX.XX.XX.XXX	xxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
6	XX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
7	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
8	XX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
9	XX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
10	XX.XXX.XX.XX	xx.xx.xxx.xx.xxx.xxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
11	XXX.XX.XXX.XX	xxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
12	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
13	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
14	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
15	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
16	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
17	XXX.XX.XXX.XXX	xx-xxx-xx-xxx-xxx-xxx.xxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto
18	XXX.XXX.X.X		Xxx Xxxx	2023-08-10	verified	Alto
19	XXX.XXX.XXX.XXX		Xxx Xxxx	2023-08-10	verified	Alto
20	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxx Xxxx	2023-08-10	verified	Alto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Clase	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Alto
4	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
10	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/alumni/admin/ajax.php?action=save_settings	predictive	Alto
2	File	/cwp_{SESSION_HASH}/admin/loader_ajax.php	predictive	Alto
3	File	actions/authenticate.php	predictive	Alto
4	File	admin/dashboard.php	predictive	Alto
5	File	college_website/admin/ajax.php?action=login	predictive	Alto
6	File	xxxxxxxxxx/xxx.xx	predictive	Alto
7	File	xxxxxxxxx/xxxxxxx/xxxx.xxx	predictive	Alto
8	File	xxxxxxxxxxx.xxx	predictive	Alto
9	File	xxxxxxxx/xxxxxxxx.x	predictive	Alto
10	File	xxx/xxxxxxx.xxx	predictive	Alto
11	File	xxxxxxx_xxxx_xxxxxx.xxx	predictive	Alto
12	File	xxxx_xxxxxxx.xxx.xxx	predictive	Alto
13	File	xxxxx.xxx	predictive	Medio
14	File	xx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxx	predictive	Alto
15	File	xxxxxxxxxx.xxx	predictive	Alto
16	File	xxxxxxx/xxxx/xxxx_xxxx.xx	predictive	Alto
17	File	xxxxxxxxxxxxxxxx.xxx	predictive	Alto
18	File	xxx/xxxxxx/xx_xxxxxx.x	predictive	Alto
19	File	xxxxxxxxxxxxxxxx.xx	predictive	Alto
20	File	xxx/xxxxxxx.x	predictive	Alto
21	File	xxxxxxxxx.x	predictive	Medio
22	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	Alto
23	File	\xxx\xxxxx_xxxxxxxxxxxx.xxx	predictive	Alto
24	Library	xxxxxxxx.xxx	predictive	Medio
25	Argument	xxxxxxx xx/xxxxxxx xxxx	predictive	Alto
26	Argument	xxxxxxxxxxx	predictive	Medio
27	Argument	xxxxxxxx	predictive	Medio
28	Argument	xx	predictive	Bajo
29	Argument	xxxxxxxxxxxxxxx	predictive	Alto
30	Argument	xxxxxxxxx	predictive	Medio
31	Argument	xxxx_xxxxxxx	predictive	Medio
32	Argument	xxxx	predictive	Bajo
33	Argument	xxxx	predictive	Bajo
34	Input Value	xxxxxxxx	predictive	Medio
35	Input Value	xxxx+x@!xxxx+	predictive	Alto
36	Pattern	() {	predictive	Bajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!