Eye on the Nile Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Cronología

Idioma

en44
es2

País

us24
ru22

Actores

Stealth Soldier1
Eye on the Nile1
SystemBC1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined10
Router Operating System4
Operating System4
Forum Software4
Smartphone Operating System2

Proveedor

Not Defined12
TP-LINK2
DZCP2
Apple2
Google2

Producto

TP-LINK TD-W9977v12
TP-LINK TL-WA801NDv52
TP-LINK TL-WA801Nv62
TP-LINK TL-WA802Nv52
TP-LINK Archer C3150v22

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2JForum Login escalada de privilegios6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.06CVE-2012-5338
3Linux Kernel UDP Packet udp.c escalada de privilegios8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.048370.03CVE-2016-10229
4Linux Kernel desbordamiento de búfer10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.074160.02CVE-2008-1673
5vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.28CVE-2018-6200
6Linux Kernel nf_conntrack_h323_asn1.c decode_choice denegación de servicio7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.084120.00CVE-2007-3642
7Netgear GC108P NSDP Packet sccd autenticación débil6.76.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000730.00CVE-2021-40866
8Google Android xt_qtaguid.c qtaguid_untag desbordamiento de búfer6.56.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000420.04CVE-2021-0399
9TP-LINK Archer C3150v2 dhcp.htm setDefaultHostname cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.005360.03CVE-2021-3275
10Google Android ADSPRPC Heap Manager desbordamiento de búfer8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001190.05CVE-2018-3586
11Apple macOS WebKit escalada de privilegios6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002300.00CVE-2021-1801
12Linux Kernel ptrace.c escalada de privilegios7.87.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000520.02CVE-2019-13272
13Samsung Mobile Devices SEAndroid Protection Mechanism escalada de privilegios7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000660.00CVE-2020-13829
14My Link Trader out.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.16
15PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
16phpMyAdmin phpinfo.php divulgación de información5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001420.00CVE-2016-9848
17PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.12CVE-2015-4134
18MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.77CVE-2007-0354
19Google Chrome TransportDIB SkBitmap Pixel Data render_widget_snapshot_taker.cc WidgetDidReceivePaintAtSizeAck escalada de privilegios6.56.2$100k y más$0-$5kNot DefinedOfficial Fix0.006220.00CVE-2013-2836
20Pixelpost cross site request forgery7.06.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.010980.02CVE-2010-3305

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
1185.125.230.116revdns.dns.comEye on the Nile2023-06-16verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1059CWE-94Argument InjectionpredictiveAlto
2T1059.007CWE-79Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/forum/away.phppredictiveAlto
2File/out.phppredictiveMedio
3File/sqfs/bin/sccdpredictiveAlto
4Fileadmin/index.phppredictiveAlto
5Filexxxxxxx/xxxxxxxxxx/xxxxxx_xxxxxx_xxxxxxxx_xxxxx.xxpredictiveAlto
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
7Filexxxx.xxxpredictiveMedio
8Filexxxxx.xxxpredictiveMedio
9Filexxxx.xxxpredictiveMedio
10Filexxx/xxxxxx.xxxpredictiveAlto
11Filexxxxxx/xxxxxx.xpredictiveAlto
12Filexxx/xxxxxxxxx/xx_xxxxxxxxx_xxxx_xxxx.xpredictiveAlto
13Filexxxxxxx.xxxpredictiveMedio
14Filexxxx.xxxpredictiveMedio
15Filexxxxxxxxxx.xxxpredictiveAlto
16Filexxx.xpredictiveBajo
17Filexx_xxxxxxx.xpredictiveMedio
18ArgumentxxxxxxxxpredictiveMedio
19ArgumentxxpredictiveBajo
20ArgumentxxxxxxxxpredictiveMedio
21ArgumentxxxxxxxxxxpredictiveMedio
22Argumentxxxxxx_xxpredictiveMedio
23ArgumentxxxpredictiveBajo
24ArgumentxxxpredictiveBajo
25Network PortxxxpredictiveBajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!