DeadBolt Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

Cronología

Idioma

en14

País

sg12
cn2

Actores

DeadBolt1

Ocupaciones

Interesar

Cronología

Escribe

Operating System4
Wireless LAN Software2
Not Defined2
Web Browser2
Chip Software2

Proveedor

Microsoft4
Netgear2
Synology2
Apple2
Intel2

Producto

Netgear DGN10002
Netgear DGN22002
Microsoft Windows2
Synology Note Station Client2
Microsoft Edge2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Netgear AC1200 R6220 Path String Remote Code Execution8.78.7$5k-$25k$5k-$25kNot DefinedNot Defined0.006780.00CVE-2019-17137
2Synology Note Station Client Authentication Management cifrado débil3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2022-27619
3Netgear DGN1000/DGN2200 setup.cgi desbordamiento de búfer10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.03
4Apple macOS Kernel Coldtro desbordamiento de búfer7.87.6$5k-$25k$0-$5kHighOfficial Fix0.001490.00CVE-2022-32894
5AMD Ryzen/Athlon/EPYC Branch Predictor divulgación de información4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000490.00CVE-2022-23825
6Microsoft Windows AMD CPU Branch escalada de privilegios5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000490.00CVE-2022-23825
7Netgear R7450 mini_httpd autenticación débil8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.001240.00CVE-2021-34865
8Netgear R6220/R6230 escalada de privilegios6.76.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2020-26929
9Intel Core/Xeon Local Privilege Escalation6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2020-12357
10cPanel cPHulkd autenticación débil5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2016-10835
11Microsoft Edge divulgación de información4.34.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.016390.03CVE-2017-0009

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
1132.147.73.87fnet87-f73-access.vqbn.com.sgDeadBolt2022-07-29verifiedAlto

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1040CWE-319Authentication Bypass by Capture-replaypredictiveAlto
2TXXXXCWE-XXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx XxxxxxxxxxxpredictiveAlto
3TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1Filesetup.cgipredictiveMedio
2Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!