FakeCrack Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (259)

Cronología

Idioma

en240
ru10
zh6
fr2
ar2

País

us64
tr24
cn16
ru4

Actores

FTP Info Stealer6
Cobalt Strike5
RedLine Stealer3
RedLine2
BazarBackdoor2

Ocupaciones

Interesar

Cronología

Escribe

Not Defined116
Content Management System24
Operating System22
WordPress Plugin18
Smartphone Operating System8

Proveedor

Not Defined104
Microsoft14
Google10
Apache8
Adobe6

Producto

Microsoft Windows10
Google Android6
Cacti6
Google Chrome4
DeDeCMS4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1DeDeCMS Backend file_class.php escalada de privilegios6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.03CVE-2023-7212
2Microsoft Office Word Remote Code Execution7.06.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.013500.02CVE-2023-28311
3Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.973190.00CVE-2021-34473
4ThinkPHP escalada de privilegios8.58.4$0-$5k$0-$5kHighOfficial Fix0.974550.00CVE-2019-9082
5SmarterTools SmarterMail directory traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.04CVE-2019-7213
6cumin Server Certificate Validator autenticación débil7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000900.04CVE-2013-0264
7kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.08CVE-2021-4438
8Campcodes House Rental Management System ajax.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-3719
9Linux Kernel BlueZ jlink.c jlink_init denegación de servicio3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2022-3637
10Huawei HG8245H URL divulgación de información7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001670.06CVE-2017-15328
11DeDeCMS co_do.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001900.02CVE-2018-19061
12DedeCMS selectimages.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000460.03CVE-2023-49493
13DeDeCMS select_images_post.php escalada de privilegios7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.019580.00CVE-2018-20129
14DedeCMS article_allowurl_edit.php escalada de privilegios6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000940.08CVE-2023-2928
15DeDeCMS downmix.inc.php Path divulgación de información5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.024220.02CVE-2018-6910
16Plesk Obsidian Login Page escalada de privilegios5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.001740.03CVE-2023-24044
17Tenda AC10U fromAddressNat desbordamiento de búfer6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.24CVE-2024-0927
18Xen Orchestra escalada de privilegios6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2021-36383
19Tiki Admin Password tiki-login.php autenticación débil8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.80CVE-2020-15906
20Unisoc T760/T770/T820/S8000 Sim Service escalada de privilegios5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2023-42655

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
137.221.67.219FakeCrack2022-07-30verifiedAlto
245.135.134.211mail.hhllk.cnFakeCrack2022-07-30verifiedAlto
3XX.XXX.XXX.XXXXxxxxxxxx2022-07-30verifiedAlto
4XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx2022-07-30verifiedAlto
5XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxx2022-07-30verifiedMedio
6XXX.XXX.XXX.XXxxxxxxxxx.xx.xxXxxxxxxxx2022-07-30verifiedAlto
7XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxx2022-07-30verifiedAlto

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-21, CWE-22Path TraversalpredictiveAlto
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-88, CWE-94Argument InjectionpredictiveAlto
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
13TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveAlto
18TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
19TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveAlto
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
21TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
22TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
23TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
24TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/acms/classes/Master.php?f=delete_cargopredictiveAlto
2File/admin.php/news/admin/topic/savepredictiveAlto
3File/admin/comn/service/update.jsonpredictiveAlto
4File/api/files/predictiveMedio
5File/cgi-bin/touchlist_sync.cgipredictiveAlto
6File/dev/shmpredictiveMedio
7File/dl/dl_print.phppredictiveAlto
8File/getcfg.phppredictiveMedio
9File/ofcms/company-c-47predictiveAlto
10File/usr/sbin/httpdpredictiveAlto
11File/util/print.cpredictiveAlto
12File/web/MCmsAction.javapredictiveAlto
13Fileabc-pcie.cpredictiveMedio
14Fileaccounts/payment_history.phppredictiveAlto
15Filexxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxxpredictiveAlto
16Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveAlto
17Filexxxx.xxxpredictiveMedio
18Filexxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxpredictiveAlto
19Filexxxxxxxx.xxxpredictiveMedio
20Filexxx-xxxx.xxxpredictiveMedio
21Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveAlto
22Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
23Filexxxx_xxxxx.xxxpredictiveAlto
24Filexxxxxxxxx.xpredictiveMedio
25Filexxxx\xx_xx.xxxpredictiveAlto
26Filexxxxxxx.xxxpredictiveMedio
27Filexxxxxxx/xxx/xxx-xxx.xpredictiveAlto
28Filexxxxxxx/xxx/xx/xxxxxxxxxx.xpredictiveAlto
29Filexxxxxxxx.xxxpredictiveMedio
30Filexxxx_xxxxx.xxxpredictiveAlto
31Filexxxxxxx_x.xpredictiveMedio
32Filexxxxx_xxxxxxxx.xxxpredictiveAlto
33Filexxxxxx_xx.xpredictiveMedio
34Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
35Filexxxxxxx/xxxxxxx.xxx.xxxpredictiveAlto
36Filexxxxx.xxxpredictiveMedio
37Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveAlto
38Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveAlto
39Filexxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxxpredictiveAlto
40Filexxxxxxxx/xxxx_xxxx.xpredictiveAlto
41Filexxx_xxxxxx_xxxxxx.xxpredictiveAlto
42Filexxxx_xxxxxxxx_xxxxxxx.xxxpredictiveAlto
43Filexxxxxx/xxxxxxxx/xxx.xxxpredictiveAlto
44Filexxx_xxxxx.xpredictiveMedio
45Filexxxxxxx/xxxxx.xpredictiveAlto
46Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveAlto
47Filexxxxxxxxxxxxxxxx.xxxpredictiveAlto
48Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
49Filexxx_xxxxxxx.xpredictiveAlto
50Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveAlto
51Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictiveAlto
52Filexxxxxxx.xxxpredictiveMedio
53Filexxxxx.xxxpredictiveMedio
54Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveAlto
55Filexxxxxxx.xxxpredictiveMedio
56Filexxxxxxxxxxxx.xxxpredictiveAlto
57Filexxxx.xxxpredictiveMedio
58Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
59Filexx_xxxx/xx_xxxxxx.xpredictiveAlto
60Filexxx_xxxxxxxx.xpredictiveAlto
61Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
62Filexxxxxx/xxx/xx/xxx.xpredictiveAlto
63Filexxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
64Filexxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxxpredictiveAlto
65Filexxxx-xxxxx.xxxpredictiveAlto
66Filexxxxxxx/xxxxx.xxxpredictiveAlto
67Filexxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxxpredictiveAlto
68Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveAlto
69Filexxxxxx.xxxpredictiveMedio
70Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictiveAlto
71Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveAlto
72Filexxxxxxxx/xxxxxxxxpredictiveAlto
73Filexxxxx/xxxxx.xxpredictiveAlto
74Filexxxxx.xxxpredictiveMedio
75Filexxxxxx/xx/xxxx.xxxpredictiveAlto
76Filexxxxxxxxx.xxxpredictiveAlto
77Libraryxxxxx.xxxpredictiveMedio
78Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveAlto
79Argument$_xxxxxxx["xxx"]predictiveAlto
80Argumentxx_xxxxx_xxx_xxxxpredictiveAlto
81ArgumentxxxxxxxpredictiveBajo
82Argumentxxx_xxxxxxxxxxpredictiveAlto
83Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveAlto
84Argumentxxxxxx_xxxxpredictiveMedio
85ArgumentxxxxxxxxxpredictiveMedio
86ArgumentxxxpredictiveBajo
87ArgumentxxxxxxxxxxxxxxxpredictiveAlto
88ArgumentxxxxxxxxxpredictiveMedio
89ArgumentxxxxxxxxxpredictiveMedio
90Argumentxxxxxx x xxx xxxxxxxxxxpredictiveAlto
91Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveAlto
92Argumentxxxxx/xxxxxxxxpredictiveAlto
93Argumentxxxxxx_xxxx_xxxxxxxxpredictiveAlto
94Argumentxxxxxx/xxxxxxxxxxxx/xxxxpredictiveAlto
95ArgumentxxxxxxxxxpredictiveMedio
96ArgumentxxxxpredictiveBajo
97ArgumentxxxxpredictiveBajo
98ArgumentxxpredictiveBajo
99ArgumentxxxxxxxxxpredictiveMedio
100ArgumentxxxpredictiveBajo
101ArgumentxxxpredictiveBajo
102ArgumentxxxxxxxxxpredictiveMedio
103ArgumentxxpredictiveBajo
104ArgumentxxxxpredictiveBajo
105ArgumentxxxxxxpredictiveBajo
106ArgumentxxxxxxxpredictiveBajo
107ArgumentxxxxxxxxpredictiveMedio
108ArgumentxxxxxpredictiveBajo
109Argumentx_xxpredictiveBajo
110Argumentxxxxxx xxxxpredictiveMedio
111ArgumentxxxxpredictiveBajo
112Argumentxxxx_xxpredictiveBajo
113ArgumentxxxxpredictiveBajo
114ArgumentxxxxxxxxxpredictiveMedio
115ArgumentxxxxxxxxpredictiveMedio
116ArgumentxxxxxxxxpredictiveMedio
117ArgumentxxxxxxxxpredictiveMedio
118ArgumentxxxxxpredictiveBajo
119ArgumentxxxxxpredictiveBajo
120Input Value../predictiveBajo
121Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveAlto
122Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveAlto
123Network Portxxx/xxxpredictiveBajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!