KillSomeOne Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (378)

Cronología

Idioma

en302
de70
es4
it2

País

us152
ru2

Actores

Lazarus1
KillSomeOne1
Dridex1
IcedID1
Bumblebee1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined16
Content Management System6
Operating System6
Forum Software2
Programming Language Software2

Proveedor

Not Defined12
Microsoft6
DZCP4
ZyXEL2
PHPGurukul2

Producto

Microsoft Windows6
DZCP deV!L`z Clanportal4
Tiki2
ZenPhoto2
ZyXEL NAS 3262

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.980.00943CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3jforum User escalada de privilegios5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.100.00289CVE-2019-7550
4MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable1.520.01302CVE-2007-0354
5Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.000.00784CVE-2006-3347
6DZCP deV!L`z Clanportal browser.php divulgación de información5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined3.250.02733CVE-2007-1167
7Devilz Clanportal File Upload vulnerabilidad desconocida5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.910.05362CVE-2006-6338
8Lars Ellingsen Guestserver guestserver.cgi escalada de privilegios9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00266CVE-2001-0180
9YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01240CVE-2004-2402
10Tiki Admin Password tiki-login.php autenticación débil8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix5.430.00936CVE-2020-15906
11jforum cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00118CVE-2012-5337
12Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.150.00169CVE-2005-4222
13WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.00804CVE-2006-5509
14PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.250.02101CVE-2007-1287
15Microsoft Windows Runtime Remote Code Execution8.17.4$100k y más$5k-$25kUnprovenOfficial Fix0.000.40206CVE-2022-21971
16Jasper imginfo bmp_dec.c bmp_getdata denegación de servicio5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00314CVE-2016-8690
17Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000.00684CVE-2006-6339
18ZyXEL NAS 326 Python Web Server escalada de privilegios7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00197CVE-2019-10633
19ZenPhoto escalada de privilegios5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00391CVE-2018-0610
20Microsoft Windows Kernel-Mode Driver win32k escalada de privilegios7.06.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.00056CVE-2016-3309

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
1160.20.147.254KillSomeOne2021-05-31verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1059CWE-94Argument InjectionpredictiveAlto
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1Fileaddentry.phppredictiveMedio
2Fileadmin_add.phppredictiveAlto
3Fileassets/add/registrar-accounts.phppredictiveAlto
4Filedata/gbconfiguration.datpredictiveAlto
5Filexxxxx.xxxpredictiveMedio
6Filexxxxxxxxx.xxxpredictiveAlto
7Filexxxxxxxxxxx.xxxpredictiveAlto
8Filexxx/xxxxxx.xxxpredictiveAlto
9Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
10Filexxxxx.xxxpredictiveMedio
11Filexxxxxxxxx/xxx/xxx_xxx.xpredictiveAlto
12Filexxxx.xxxpredictiveMedio
13Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
14Filexxxx-xxxxx.xxxpredictiveAlto
15Filexxxxx.xxxpredictiveMedio
16Filexxxx.xxpredictiveBajo
17LibraryxxxxxxpredictiveBajo
18Argumentxx_xxxxx_xxx_xxxxpredictiveAlto
19ArgumentxxxxxxxxpredictiveMedio
20ArgumentxxxxxpredictiveBajo
21ArgumentxxxxxpredictiveBajo
22ArgumentxxxxpredictiveBajo
23ArgumentxxpredictiveBajo
24ArgumentxxxpredictiveBajo
25ArgumentxxxpredictiveBajo
26Argumentxxxxxxxx/xxxxxxxx xx/xxxxxpredictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!