Bouvet Island Unknown Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

Idioma

en	14
fr	2
es	2

País

us	6
fr	4
es	4
ru	2

Actores

Chthonic	1

Interesar

Escribe

Not Defined	6
Operating System	4
File Transfer Software	2
Database Software	2
Customer Relationship Management System	2

Proveedor

Not Defined	8
Microsoft	2
Thomas R. Pasawicz	2
Oracle	2
Pivotal	2

Producto

myPHPNuke	2
Microsoft Windows	2
vsftpd	2
Thomas R. Pasawicz HyperBook Guestbook	2
Oracle MySQL Workbench	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	vsftpd deny_file vulnerabilidad desconocida	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00312	CVE-2015-1419
3	Microsoft Windows Multimedia Library winmm.dll desbordamiento de búfer	10.0	9.5	$100k y más	$0-$5k	High	Official Fix	0.04	0.97281	CVE-2012-0003
4	Smarty escalada de privilegios	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00194	CVE-2010-4727
5	Codoforum User Registration cross site scripting	5.2	4.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.47	0.00148	CVE-2020-5842
6	Pivotal RabbitMQ password escalada de privilegios	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00343	CVE-2016-9877
7	Apache ActiveMQ Web-based Administration Console queue.jsp cross site scripting	6.8	6.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.34776	CVE-2018-8006
8	Oracle MySQL Workbench autenticación débil	9.1	9.0	$25k-$100k	$0-$5k	High	Official Fix	0.00	0.15306	CVE-2018-10933
9	Intel Server Board/Compute Module Platform Sample/Silicon Reference firmware escalada de privilegios	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00062	CVE-2018-12204
10	Unix SGID escalada de privilegios	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00000
11	Studio 42 elFinder elFinder.class.php zipdl directory traversal	7.8	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00434	CVE-2018-9109
12	Pilotgroup eLMS Pro subscribe.php cross site scripting	4.3	4.3	$0-$5k	$0-$5k	High	Unavailable	0.02	0.00220	CVE-2010-2356
13	myPHPNuke print.php cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01	0.00220	CVE-2008-4089
14	WordPress Password Reset wp-login.php mail escalada de privilegios	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.02827	CVE-2017-8295
15	lighttpd Log File http_auth.c escalada de privilegios	7.5	7.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.01123	CVE-2015-3200

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	31.28.161.170		Bouvet Island Unknown	2022-11-09	verified	Alto
2	45.12.70.34	actualise.get-eye.com	Bouvet Island Unknown	2022-11-09	verified	Alto
3	XX.XX.XX.XX		Xxxxxx Xxxxxx Xxxxxxx	2022-11-09	verified	Alto
4	XX.XX.XX.X		Xxxxxx Xxxxxx Xxxxxxx	2023-02-06	verified	Alto
5	XXX.XXX.XXX.X		Xxxxxx Xxxxxx Xxxxxxx	2022-11-09	verified	Alto
6	XXX.XX.XX.XX		Xxxxxx Xxxxxx Xxxxxxx	2022-11-09	verified	Alto
7	XXX.XX.XXX.XX		Xxxxxx Xxxxxx Xxxxxxx	2022-11-09	verified	Alto
8	XXX.XXX.XXX.XXX	xxx.xxx.xxxxxx.xxx	Xxxxxx Xxxxxx Xxxxxxx	2022-11-09	verified	Alto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	data/gbconfiguration.dat	predictive	Alto
2	File	elFinder.class.php	predictive	Alto
3	File	http_auth.c	predictive	Medio
4	File	xxxxx.xxx?x=/xxxx/xxxxxxxx	predictive	Alto
5	File	xxxxx.xxx	predictive	Medio
6	File	xxxxx.xxx	predictive	Medio
7	File	xxxxxxxxx.xxx	predictive	Alto
8	File	xxxxxxxx/xxxxxxxx	predictive	Alto
9	File	xx-xxxxx.xxx	predictive	Medio
10	Library	xxxxx.xxx	predictive	Medio
11	Argument	?xxx	predictive	Bajo
12	Argument	xxxxxx_xx	predictive	Medio
13	Argument	xxxx	predictive	Bajo
14	Argument	xxxxxxxxxxx	predictive	Medio
15	Argument	xxx	predictive	Bajo

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you know our Splunk app?

Download it now for free!