CryptoPHP Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Idioma

en	44
de	22
fr	2

País

us	34
pl	12
ru	10
id	2

Actores

CryptoPHP	4
APT37	1
Grizzly Steppe	1

Interesar

Escribe

Not Defined	16
Database Administration Software	8
Content Management System	6
Programming Language Software	2
Forum Software	2

Proveedor

Not Defined	22
SourceCodester	6
RDM	2
Microsoft	2
Sixnet	2

Producto

phpMyAdmin	8
SourceCodester Online Tours & Travels Management S ...	6
RDM Intuitive 650 TDB Controller	2
MyBB	2
Microsoft .NET Framework	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	RDM Intuitive 650 TDB Controller Password escalada de privilegios	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00206	0.03	CVE-2016-4505
2	Siemens EN100 Ethernet Module Web Server Memory divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00516	0.00	CVE-2016-4785
3	Siemens EN100 Ethernet Module Web Server divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00516	0.03	CVE-2016-4784
4	RDM Intuitive 650 TDB Controller cross site request forgery	6.1	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00069	0.00	CVE-2016-4506
5	Tiki Admin Password tiki-login.php autenticación débil	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.53	CVE-2020-15906
6	Winn Winn GuestBook addPost cross site scripting	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.00336	0.02	CVE-2011-5026
7	TikiWiki tiki-register.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.28	CVE-2006-6168
8	PrestaShop blocklayered-ajax.php cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00290	0.02	CVE-2015-1175
9	PHP _php_stream_scandir desbordamiento de búfer	9.0	8.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.16300	0.05	CVE-2012-2688
10	GoAutoDial GoAdmin CE go_login.php sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.01806	0.00	CVE-2015-2843
11	PHP crypt desbordamiento de búfer	10.0	9.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01310	0.04	CVE-2011-3268
12	PHP cgi_main.c escalada de privilegios	7.3	6.6	$25k-$100k	$0-$5k	High	Official Fix	0.97363	0.03	CVE-2012-1823
13	phpMyAdmin setup.php escalada de privilegios	4.8	4.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.10058	0.03	CVE-2010-3055
14	SourceCodester Online Tours & Travels Management System s.php sql injection	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00126	0.04	CVE-2023-0561
15	SourceCodester Online Tours & Travels Management System practice_pdf.php sql injection	5.5	5.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00126	0.07	CVE-2023-0560
16	PHPGurukul Bank Locker Management System Login index.php sql injection	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02218	0.00	CVE-2023-0562
17	PHPGurukul Bank Locker Management System Assign Locker add-locker-form.php cross site scripting	3.9	3.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00299	0.09	CVE-2023-0563
18	SourceCodester Online Tours & Travels Management System booking_report.php sql injection	4.7	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00078	0.07	CVE-2023-0531
19	SourceCodester Online Tours & Travels Management System expense_report.php sql injection	4.7	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00078	0.07	CVE-2023-0533
20	SourceCodester Online Tours & Travels Management System disapprove_user.php sql injection	4.7	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00078	0.09	CVE-2023-0532

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	50.17.195.149	ec2-50-17-195-149.compute-1.amazonaws.com	CryptoPHP	2021-05-31	verified	Medio
2	78.138.118.195		CryptoPHP	2021-05-31	verified	Alto
3	78.138.118.196		CryptoPHP	2021-05-31	verified	Alto
4	78.138.118.197		CryptoPHP	2021-05-31	verified	Alto
5	78.138.118.198		CryptoPHP	2021-05-31	verified	Alto
6	78.138.118.199		CryptoPHP	2021-05-31	verified	Alto
7	78.138.118.200		CryptoPHP	2021-05-31	verified	Alto
8	78.138.118.201		CryptoPHP	2021-05-31	verified	Alto
9	78.138.118.202		CryptoPHP	2021-05-31	verified	Alto
10	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
11	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
12	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
13	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
14	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
15	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
16	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
17	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
18	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
19	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
20	XX.XXX.XXX.XX		Xxxxxxxxx	2021-05-31	verified	Alto
21	XX.XXX.XXX.XX		Xxxxxxxxx	2021-05-31	verified	Alto
22	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
23	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
24	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
25	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
26	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
27	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
28	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
29	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
30	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
31	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
32	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
33	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
34	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
35	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
36	XX.XXX.XXX.XXX		Xxxxxxxxx	2021-05-31	verified	Alto
37	XXX.XXX.XXX.XX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxxxx	2021-05-31	verified	Alto
38	XXX.XXX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxxxx	2021-05-31	verified	Alto
39	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	2021-05-31	verified	Alto
40	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	2021-05-31	verified	Alto
41	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	2021-05-31	verified	Alto
42	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	2021-05-31	verified	Alto
43	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	2021-05-31	verified	Alto
44	XXX.X.XXX.XXX	xxx-x-xxx-xxx.xxxxxx.xx	Xxxxxxxxx	2021-05-31	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1059	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CWE-79	Cross Site Scripting	predictive	Alto
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/mics/j_spring_security_check	predictive	Alto
2	File	/user/s.php	predictive	Medio
3	File	add-locker-form.php	predictive	Alto
4	File	admin/booking_report.php	predictive	Alto
5	File	admin/disapprove_user.php	predictive	Alto
6	File	xxxxx/xxxxxxx_xxxxxx.xxx	predictive	Alto
7	File	xxxxx/xxxxxxxx_xxx.xxx	predictive	Alto
8	File	xxxxxxxxxxxx-xxxx.xxx	predictive	Alto
9	File	xxxxxxxx/xxxxxx.xxx	predictive	Alto
10	File	xxxxxxxxxxx.xxx	predictive	Alto
11	File	xx_xxxxx.xxx	predictive	Medio
12	File	xxxxxx/xxxxx/xxxx_xxxxx.xxx	predictive	Alto
13	File	xxxxxxxx/xxxxxxx.xxx	predictive	Alto
14	File	xxxxx.xxx	predictive	Medio
15	File	xxxxxxxxx/xxxxxx.xxx	predictive	Alto
16	File	xxxxxx.xxx	predictive	Medio
17	File	xxxx/xxx/xxx_xxxx.x	predictive	Alto
18	File	xxxxx.xxx	predictive	Medio
19	File	xxxxxxxx-xxxx.xxx	predictive	Alto
20	File	xxxx-xxxxx.xxx	predictive	Alto
21	File	xxxx-xxxxxxxx.xxx	predictive	Alto
22	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Alto
23	Argument	$_xxxxxx['xxxxx_xxxxxx']	predictive	Alto
24	Argument	xxxxxx	predictive	Bajo
25	Argument	xxxxx	predictive	Bajo
26	Argument	xxxx_xxxx	predictive	Medio
27	Argument	xx	predictive	Bajo
28	Argument	x_xxxxxxxx	predictive	Medio
29	Argument	xxxxxxx_xxxxx_xxxxxx	predictive	Alto
30	Argument	xxxx	predictive	Bajo
31	Argument	xxxxxxxx	predictive	Medio
32	Argument	xxxx	predictive	Bajo
33	Argument	xxxxxxxx	predictive	Medio
34	Argument	xx_xxxx	predictive	Bajo
35	Argument	xxx	predictive	Bajo
36	Argument	xxxxxxxx	predictive	Medio
37	Argument	xxxx_xxxx/xxxx_xxxx	predictive	Alto
38	Input Value	-x	predictive	Bajo
39	Network Port	xxx/xx (xxxxxx)	predictive	Alto
40	Network Port	xxx/xx (xxx xxxxxxxx)	predictive	Alto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!