Leviathan Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

Cronología

Idioma

en18
it16
sv2

País

us26
ru4
fr2

Actores

Leviathan3
APT281
Zeus1
Qakbot1
Cobalt Strike1

Ocupaciones

Interesar

Cronología

Escribe

Virtualization Software6
File Transfer Software4
Not Defined4
Content Management System4
Database Software4

Proveedor

Not Defined18
Zoho ManageEngine2
HP2
Binarymoon2
Linksys2

Producto

Zoho ManageEngine OpManager2
nginx2
HP HP-UX2
vsftpd2
Binarymoon WordThumb2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Drupal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.001350.00CVE-2008-2999
2Unisoc S8000 Telephony Service denegación de servicio3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2022-48447
3Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 denegación de servicio7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001720.03CVE-2023-20079
4Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 escalada de privilegios9.89.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.002870.00CVE-2023-20078
5iRZ RUH2 Firmware Patch autenticación débil6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002260.00CVE-2016-2309
6Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.02CVE-2022-23797
7Microsoft Access desbordamiento de búfer7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.002320.00CVE-2020-1582
8libvirtd API virDomainSaveImageGetXMLDesc escalada de privilegios7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.02CVE-2019-10161
9nginx escalada de privilegios6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.12CVE-2020-12440
10Desiscripts Desi Short URL Script index.php autenticación débil7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.009330.00CVE-2009-2642
11Cisco FirePOWER Management Center Web UI desbordamiento de búfer8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001070.00CVE-2019-12688
12vsftpd deny_file vulnerabilidad desconocida3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.04CVE-2015-1419
13phpMyAdmin divulgación de información6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.182900.03CVE-2019-6799
14WallacePOS resetpassword.php cross site scripting5.25.0$0-$5k$0-$5kNot DefinedNot Defined0.001010.00CVE-2017-7388
15Linksys Spa921 denegación de servicio7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.018340.00CVE-2006-7121
16Zabbix zabbix_agentd divulgación de información4.03.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000420.00CVE-2007-6210
17BEA WebLogic Mobility Server autenticación débil7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.020560.00CVE-2007-6384
18Netop Remote Control Guest Client desbordamiento de búfer4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000630.02CVE-2017-5216
19Samsung Mobile Phone Application Installation bad_alloc escalada de privilegios4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000550.02CVE-2017-5217
20Splunk Header cross site scripting4.34.3$0-$5k$0-$5kHighNot Defined0.002130.05CVE-2014-8380

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
154.87.87.13ec2-54-87-87-13.compute-1.amazonaws.comLeviathan2020-12-23verifiedMedio
254.242.66.219ec2-54-242-66-219.compute-1.amazonaws.comLeviathan2020-12-23verifiedMedio
3XX.XX.XXX.XXXXxxxxxxxx2020-12-23verifiedAlto
4XX.XX.XXX.XXXXxxxxxxxx2020-12-23verifiedAlto
5XX.XX.XXX.XXXXxxxxxxxx2020-12-23verifiedAlto
6XXX.XXX.XXX.XXXXxxxxxxxx2020-12-17verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1Fileencrypt.cpredictiveMedio
2Fileept.cpredictiveBajo
3Filexxxxx.xxxpredictiveMedio
4Filexxxxx:xxxxxxxxxxx.xxpredictiveAlto
5Filexxxx-xxx.xxxpredictiveMedio
6Filexxxxxxxxxx-xxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
7ArgumentxxxxxxxpredictiveBajo
8Argumentxxxxxxx_xxpredictiveMedio
9ArgumentxxxpredictiveBajo
10ArgumentxxxxxpredictiveBajo
11Input Valuexxxxxx/**/xxxx.predictiveAlto
12Input Valuexxxxxxxxxx:xxxxxx("xxx xx xxxxxxxxxxx");predictiveAlto

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!