Dfni Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

Idioma

en	28
es	2
ru	2

País

ua	14
us	14
ru	2
de	2

Actores

Dfni	2
BEAR	1
GreyEnergy	1
Dridex	1
Clop	1

Interesar

Escribe

Not Defined	14
Photo Gallery Software	4
Social Network Software	2
Content Management System	2
SSH Server Software	2

Proveedor

Not Defined	12
APC	4
Web-Dorado	2
eSST	2
IBM	2

Producto

Add Link to Facebook Plugin	2
Drupal	2
Web-Dorado Photo Gallery by WD - Responsive Photo ...	2
eSST Monitoring	2
IBM Security AppScan Enterprise	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	IBM Security AppScan Enterprise Enterprise Source Database cifrado débil	9.8	8.5	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00082	0.00	CVE-2013-3989
2	raspap-webgui activate_ovpncfg.php escalada de privilegios	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.89966	0.00	CVE-2022-39986
3	PHP Everywhere Plugin Shortcode Privilege Escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00108	0.02	CVE-2022-24663
4	Add Link to Facebook Plugin profile.php cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00057	0.03	CVE-2018-5214
5	openmosix libmosix.c this desbordamiento de búfer	4.0	4.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2008-1865
6	User Post Gallery Plugin escalada de privilegios	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04252	0.00	CVE-2022-4060
7	eSST Monitoring escalada de privilegios	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00116	0.00	CVE-2023-41631
8	Boa Web Server HEAD Method escalada de privilegios	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00112	0.02	CVE-2022-45956
9	GitLab Privilege Escalation	5.1	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00118	0.04	CVE-2021-22263
10	ThinkPHP escalada de privilegios	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.08	CVE-2022-44289
11	SuiteCRM Accounts/Contacts/Opportunities/Leads escalada de privilegios	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00063	0.00	CVE-2020-15301
12	cocoapods-downloader escalada de privilegios	6.8	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00131	0.00	CVE-2022-21223
13	PHP Everywhere Plugin Metabox Privilege Escalation	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00108	0.00	CVE-2022-24664
14	APC UPS Network Management Card 2 AOS Remote Monitoring Credentials divulgación de información	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00222	0.00	CVE-2018-7820
15	APC Switched Rack Pdu autenticación débil	7.5	6.6	$0-$5k	$0-$5k	Unproven	Unavailable	0.01263	0.00	CVE-2007-6226
16	Dropbear SSH dropbearconvert escalada de privilegios	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00956	0.02	CVE-2016-7407
17	Dropbear SSH escalada de privilegios	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02911	0.04	CVE-2016-7406
18	Supermicro H8dgu-f Intelligent Platform Management Interface PrivilegeCallBack escalada de privilegios	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01615	0.00	CVE-2013-3609
19	Drupal escalada de privilegios	5.8	5.7	$0-$5k	Calculador	Not Defined	Official Fix	0.00088	0.00	CVE-2017-6928
20	D-Link DCS-930L/DCS-932L Authentication divulgación de información	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.02

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	5.149.248.134		Dfni		2022-04-08	verified	Alto
2	XXX.XXX.XXX.XX	xxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx		2022-04-08	verified	Alto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1059	CWE-88	Argument Injection	predictive	Alto
2	T1059.007	CWE-79	Cross Site Scripting	predictive	Alto
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
10	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/ajax/openvpn/activate_ovpncfg.php	predictive	Alto
2	File	FlexCell.ocx	predictive	Medio
3	File	xxxxxxxx.x	predictive	Medio
4	File	xxxxx-xxxxxxx.xxx	predictive	Alto
5	File	xx-xxxxx/xxxxxxx.xxx	predictive	Alto
6	Library	xxx/xxxxxxx-xxxxxxxxx-x.x.x.xxx	predictive	Alto
7	Argument	xxxxx_xxxxxxxx_xx	predictive	Alto
8	Argument	xxx_xx	predictive	Bajo
9	Argument	xx	predictive	Bajo
10	Argument	xxxx	predictive	Bajo
11	Argument	xxx_xx	predictive	Bajo
12	Argument	xxxx	predictive	Bajo
13	Argument	xxxxxxxx/xxxx	predictive	Alto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!