Farseer Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (152)

Cronología

Idioma

en108
ja14
zh12
es8
de6

País

us56
cn56
ru4
de4
es4

Actores

Farseer12
Cobalt Strike3
NjRAT2
Vicious Panda1
Purple Fox1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined46
Content Management System12
Database Administration Software10
Web Server6
Firewall Software6

Proveedor

Not Defined54
Microsoft14
Cisco6
Adobe4
Dragon Internet2

Producto

phpMyAdmin10
Microsoft Windows6
Microsoft Office4
Adobe Connect4
ImageMagick2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2OpenSSL c_rehash escalada de privilegios5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.097380.02CVE-2022-1292
3Tiki Wiki CMS Groupware tiki-jsplugin.php escalada de privilegios8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.034540.02CVE-2010-4239
4Microsoft Windows Print Spooler Privilege Escalation8.17.4$100k y más$5k-$25kUnprovenOfficial Fix0.001010.02CVE-2022-21999
5Microsoft Azure HDInsights Apache Hadoop vulnerabilidad desconocida3.93.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000510.00CVE-2023-38188
6Geddy index.js directory traversal5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.013470.03CVE-2015-5688
7Asus AsusWRT start_apply.htm escalada de privilegios8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.013500.02CVE-2018-20334
8EvoStream Media Server HTTP Request desbordamiento de búfer7.46.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.012650.04CVE-2017-6427
9DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.57CVE-2010-0966
10Zulip Server Storage Backend cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.03CVE-2018-9999
11WUZHI CMS cross site request forgery6.56.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001920.00CVE-2018-10312
12WebCalendar settings.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030930.02CVE-2005-2717
13Microsoft Windows iSCSI Target Service divulgación de información4.84.4$5k-$25k$0-$5kUnprovenOfficial Fix0.001010.00CVE-2023-24945
14Microsoft Windows Netlogon Remote Code Execution8.17.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.001060.05CVE-2023-28268
15Microsoft Windows Kernel Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.04CVE-2023-35359
16Microsoft Windows Error Reporting Service Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.001470.04CVE-2023-36874
17Flask divulgación de información6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001420.02CVE-2023-30861
18WPS Hide Login Plugin Secret Login Page options.php escalada de privilegios6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.029330.04CVE-2021-24917
19Fortinet FortiOS/FortiProxy Command Line Interpreter Format String7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.08CVE-2022-43953
20Fortinet FortiOS CLI Command directory traversal6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.067520.07CVE-2022-41328

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
143.224.33.13043.224.33.130.vultr.comFarseer2020-12-22verifiedMedio
245.32.24.3945.32.24.39.vultr.comFarseer2020-12-22verifiedMedio
345.32.25.10745.32.25.107.vultr.comFarseer2021-08-29verifiedMedio
445.32.44.5245.32.44.52.vultr.comFarseer2020-12-22verifiedMedio
5XX.XX.XX.XXxx.xx.xx.xx.xxxxx.xxxXxxxxxx2020-12-22verifiedMedio
6XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxxxxxx2020-12-22verifiedMedio
7XX.XX.XXX.XXxx.xx.xxx.xx.xxxxx.xxxXxxxxxx2021-08-29verifiedMedio
8XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxx.xxxXxxxxxx2020-12-22verifiedMedio
9XX.XX.XXX.Xxx.xx.xxx.x.xxxxx.xxxXxxxxxx2020-12-22verifiedMedio
10XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxxxxxx2020-12-22verifiedMedio
11XX.XXX.XX.XXXxxxxxx.xxxx.xxxxxxxxxxx.xxxXxxxxxx2020-12-22verifiedAlto
12XX.XXX.XXX.XXXXxxxxxx2020-12-22verifiedAlto
13XX.XXX.XXX.XXXXxxxxxx2020-12-22verifiedAlto
14XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxx.xxxXxxxxxx2021-08-29verifiedMedio
15XXX.XX.XXX.XXXXxxxxxx2020-12-22verifiedAlto
16XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxxx2020-12-22verifiedMedio
17XXX.XXX.XXX.XXXxxxxxx2021-08-29verifiedAlto

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-21, CWE-22, CWE-36Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (87)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/.vnc/sesman_${username}_passwdpredictiveAlto
2File/admin/users.php?source=edit_user&id=1predictiveAlto
3File/forum/away.phppredictiveAlto
4File/icingaweb2/navigation/addpredictiveAlto
5File/phppath/phppredictiveMedio
6File/rest/collectors/1.0/template/custompredictiveAlto
7File/start_apply.htmpredictiveAlto
8File/uncpath/predictiveMedio
9File/WEB-INF/web.xmlpredictiveAlto
10File/wp-admin/options.phppredictiveAlto
11Filexxxxx_xxxxxxxx.xxxpredictiveAlto
12Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveAlto
13Filexxxxx.xxxpredictiveMedio
14Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
15Filexxxxxxxx.xxxpredictiveMedio
16Filexxx_xxxxxxx.xxxpredictiveAlto
17Filexxx-xxx/xxxxxx.xxxpredictiveAlto
18Filexxxxxx/xx.xpredictiveMedio
19Filex_xxxxxxpredictiveMedio
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
21Filexxxxxxxxxx.xpredictiveMedio
22Filexxxxx_xxxxxxxxxxxx.xxxpredictiveAlto
23Filexxxx.xxxpredictiveMedio
24Filexxxx_xxxxxxx.xxx.xxxpredictiveAlto
25Filexxxx_xxxx.xpredictiveMedio
26Filexxxxxxxx.xxxpredictiveMedio
27Filexxx/xxxxxx.xxxpredictiveAlto
28Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
29Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveAlto
30Filexxxxx.xxx?x=xxxxxx&x=xx_xxxxxpredictiveAlto
31Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveAlto
32Filexxx/xxx/xxxxx.xxpredictiveAlto
33Filexxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
34Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveAlto
35Filexxxxx.xxxxpredictiveMedio
36Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveAlto
37Filexxxxxxxxxxx-xxxx.xxpredictiveAlto
38Filexxxxx/xxxxxxx.xpredictiveAlto
39Filexxxxx.xxxpredictiveMedio
40Filexxxxxx.xpredictiveMedio
41Filexxxxxxxx_xxxxxx.xxxpredictiveAlto
42Filexxxxxxxxxxx.xxpredictiveAlto
43Filexxxxx.xxxpredictiveMedio
44Filexxxxxx_xxxxxx.xxpredictiveAlto
45Filexxxx/xxx/xxx_xxxx.xpredictiveAlto
46Filexxxxxxxxx/xxxxxx.xpredictiveAlto
47Filexxxxxxxx.xxxpredictiveMedio
48Filexxxxx.xxxpredictiveMedio
49Filexxxx-xxxxxxxx.xxxpredictiveAlto
50Filexxxxxx/xxxxxxxxxxxxpredictiveAlto
51Filexxx.xxxpredictiveBajo
52Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxxpredictiveAlto
53Filexx-xx-xxxxxx.xxxpredictiveAlto
54Libraryxxx/xxx/xxxxx.xxpredictiveAlto
55Libraryxxx/xxxx.xpredictiveMedio
56Argument$_xxxxxx['xxxxx_xxxxxx']predictiveAlto
57Argument${xxx}predictiveBajo
58Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveAlto
59Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveAlto
60ArgumentxxxxxxpredictiveBajo
61ArgumentxxxxxxxxpredictiveMedio
62ArgumentxxxxxxpredictiveBajo
63ArgumentxxxpredictiveBajo
64Argumentxxx_xxxxpredictiveMedio
65Argumentxxxx/xxxxpredictiveMedio
66Argumentxx_xxxxxpredictiveMedio
67ArgumentxxxxpredictiveBajo
68ArgumentxxxxxpredictiveBajo
69ArgumentxxpredictiveBajo
70ArgumentxxxxxxxxpredictiveMedio
71Argumentxxxxxx_xxxxxpredictiveMedio
72ArgumentxxxxpredictiveBajo
73Argumentxxxxx_xxpredictiveMedio
74ArgumentxxxxxxxxpredictiveMedio
75Argumentxxxx_xxxxpredictiveMedio
76Argumentxxxx_xxpredictiveBajo
77Argumentxxxxxx_xxxxxxxx_xxpredictiveAlto
78ArgumentxxxpredictiveBajo
79ArgumentxxxxxxxxpredictiveMedio
80ArgumentxxxpredictiveBajo
81Argumentxxxx-xxxxxpredictiveMedio
82ArgumentxxxxxxxxpredictiveMedio
83Input Value-xpredictiveBajo
84Input Value.%xx.../.%xx.../predictiveAlto
85Input Value..%xxpredictiveBajo
86Network Portxxx/xx (xxxxxx)predictiveAlto
87Network Portxxx/xx (xxx xxxxxxxx)predictiveAlto

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!