OilRig Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (487)

Cronología

Idioma

en472
de10
ru2
fr2
es2

País

us324
ir118
gb4
fr4
ru2

Actores

OilRig7
APT342
Mount Locker1
MuddyWater1
Cobalt Strike1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined154
Operating System28
Chip Software16
Content Management System14
Router Operating System14

Proveedor

Not Defined116
Microsoft28
Apache24
Google16
Linux16

Producto

Linux Kernel16
Qualcomm Snapdragon Auto14
Qualcomm Snapdragon Compute14
Qualcomm Snapdragon Connectivity14
Qualcomm Snapdragon Industrial IOT14

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.51
2woo-variation-swatches Plugin cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000760.02CVE-2019-14774
3OpenSLP desbordamiento de búfer8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.032720.04CVE-2019-5544
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
5nginx escalada de privilegios6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.30CVE-2020-12440
6vldPersonals index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001670.00CVE-2014-9005
7Couchbase Sync Gateway Sync Document cifrado débil2.62.6$0-$5k$0-$5kNot DefinedNot Defined0.000650.02CVE-2021-43963
8BusyBox netstat Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.011320.03CVE-2022-28391
9Google Chrome TabStrip desbordamiento de búfer7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010480.00CVE-2021-21159
10DZCP deV!L`z Clanportal browser.php divulgación de información5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.39CVE-2007-1167
11VMware vRealize Operations JMX RMI Service escalada de privilegios8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.008940.00CVE-2020-3943
12PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.04CVE-2015-4134
13vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.21CVE-2018-6200
14ZNC Web Skin Name directory traversal5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001900.00CVE-2018-14056
15Alt-N MDaemon Worldclient escalada de privilegios4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
16Moodle Lesson Question Import directory traversal6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002930.02CVE-2022-35650
17Flask-RESTX Regular Expression email_regex denegación de servicio6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005470.04CVE-2021-32838
18Couchbase Sync Gateway REST API sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.004150.04CVE-2019-9039
19SkaDate Skadate Online Dating Software featured_list.php directory traversal5.35.3$0-$5k$0-$5kHighUnavailable0.014160.02CVE-2007-5299
20WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.935360.04CVE-2022-21661

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
111.24.237.110OilRig2020-12-22verifiedAlto
224.125.0.1OilRig2020-12-22verifiedAlto
331.3.225.55h31-3-225-55.host.redstation.co.ukOilRig2020-12-23verifiedAlto
433.33.94.94OilRig2020-12-22verifiedAlto
5XX.XX.XX.XXXxxxxx2020-12-22verifiedAlto
6XX.XX.XX.XXXxxxxx2020-12-22verifiedAlto
7XX.XX.XX.XXXxxxxx2020-12-22verifiedAlto
8XX.XX.XX.XXXXxxxxx2020-12-23verifiedAlto
9XX.XX.XX.XXXXxxxxx2020-12-22verifiedAlto
10XX.XX.XX.XXXXxxxxx2020-12-22verifiedAlto
11XX.XXX.XXX.XXXXxxxxx2020-12-23verifiedAlto
12XX.XXX.XXX.XXXxxxxxxxxxxxxxxx-xxxxxxxxxxxxxx.xxx.xxx.xxxxx.xxxxxx.xxxXxxxxx2020-12-22verifiedAlto
13XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx2020-12-23verifiedAlto
14XXX.XX.XXX.XXXXxxxxx2020-12-23verifiedAlto
15XXX.XX.XX.XXXxxxxx2020-12-23verifiedAlto
16XXX.XX.XX.XXxxx.xx.xxx-xxxxxxx-xx-xxx.xxxXxxxxx2020-12-23verifiedAlto
17XXX.XXX.XXX.XXXxxxxx2020-12-22verifiedAlto
18XXX.XXX.XXX.XXXXxxxxx2020-12-22verifiedAlto
19XXX.XXX.XX.XXxxxxx2024-03-05verifiedAlto
20XXX.XXX.XX.XXxx-xx-xxx-xxx.xxxx.xxxXxxxxx2024-03-05verifiedAlto

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-21, CWE-22, CWE-23, CWE-37Path TraversalpredictiveAlto
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-94Argument InjectionpredictiveAlto
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
18TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
19TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
20TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
21TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (157)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/admin/index.phppredictiveAlto
2File/bdswebui/assignusers/predictiveAlto
3File/bin/goaheadpredictiveMedio
4File/cgi-bin/lucipredictiveAlto
5File/cgi-bin/supervisor/PwdGrp.cgipredictiveAlto
6File/dev/dri/card1predictiveAlto
7File/forum/away.phppredictiveAlto
8File/GetCSSashx/?CP=%2fwebconfigpredictiveAlto
9File/HNAP1predictiveBajo
10File/horde/util/go.phppredictiveAlto
11File/login.htmlpredictiveMedio
12File/proc/#####/fd/3predictiveAlto
13File/squashfs-root/www/HNAP1/control/SetWizardConfig.phppredictiveAlto
14File/uir/predictiveBajo
15File/uncpath/predictiveMedio
16File/xpdf/Stream.ccpredictiveAlto
17Fileactions.hsppredictiveMedio
18Fileadclick.phppredictiveMedio
19Filexxx_xxxx_xxxx.xxxpredictiveAlto
20Filexxxxx/xxxxxxxxx/predictiveAlto
21Filexxxxx/xxxxx.xxxpredictiveAlto
22Filexxx/xxpredictiveBajo
23Filexxxxxxx.xxxpredictiveMedio
24Filexxxxxxx/xxxxxxxxxxx.xpredictiveAlto
25Filexxxxx_xxx.xxxpredictiveAlto
26Filexxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveAlto
27Filexxxxx_xxxx.xpredictiveMedio
28Filexxxxx.xxxpredictiveMedio
29Filexxx-xxxx.xxxpredictiveMedio
30Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveAlto
31Filexxxxx_xx_xxxx.xxxpredictiveAlto
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
33Filexxxxxx.xxxpredictiveMedio
34Filexxxxxxx/xxxx/xxxxxx.xpredictiveAlto
35Filexxxxxxx/xxx/xxxxxx/xxx-xxxxx-xxxxxxx.xpredictiveAlto
36Filexxxxxxx/xxx/xxx.xpredictiveAlto
37Filexxxxxxx/xxxx/xxxxxxxx/xxxxxxxx_xxx_xxxx.xpredictiveAlto
38Filexxxxxxxx.xpredictiveMedio
39Filexxxxx.xxxpredictiveMedio
40Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveAlto
41Filexxx_xx/xxx/xxx/xxxxxx_xxxxxxx.xxxpredictiveAlto
42Filexxxx.xxxpredictiveMedio
43Filexxxx.xpredictiveBajo
44Filexxx/xxxx/xxxx_xxxxxx.xpredictiveAlto
45Filexxxxxxxx_xxxx.xxxpredictiveAlto
46Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
47Filexxxxxxxxxxxxxxxx.xxxpredictiveAlto
48Filexxxxxxxx.xxxxpredictiveAlto
49Filexxxxxxx.xpredictiveMedio
50Filexxxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
51Filexx/xxx/xxxxx.xpredictiveAlto
52Filexxxxxxxxx.xxxpredictiveAlto
53Filexxxxxxxxx/xxx_xxxx_xxxxxx.xxxpredictiveAlto
54Filexxxxxx.xxxpredictiveMedio
55Filexxxxxx/xxxxxxxxxxxpredictiveAlto
56Filexxxx.xxxpredictiveMedio
57Filexxxx.xxxpredictiveMedio
58Filexxxxxxxxx/xxxxxx/xxxxxxx.xxxpredictiveAlto
59Filex/xpredictiveBajo
60Filexxxxxx_xxxx.xxxpredictiveAlto
61Filexxx/xxxxxx.xxxpredictiveAlto
62Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
63Filexxxxx.xxxpredictiveMedio
64Filexx-xxx.xpredictiveMedio
65Filexx_xxxxx/xxx_xxxx.xpredictiveAlto
66Filexxxxxxxxxxxx/xxxxxx_xxxxx.xxpredictiveAlto
67Filexxxxx.xxxpredictiveMedio
68Filexxxxx.xxxxpredictiveMedio
69Filexxxxx.xxxpredictiveMedio
70Filexxx/xxx_xxx/xxxxxx/xxx_xxxxx.xpredictiveAlto
71Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictiveAlto
72Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveAlto
73Filexxx_xxxx.xpredictiveMedio
74Filexxxxx-xxxxx.xpredictiveAlto
75Filexxxxxxxxx.xxxpredictiveAlto
76Filexxxxx.xxxpredictiveMedio
77Filexxxxxxxx.xxpredictiveMedio
78Filexxxxxxxxxx.xxxpredictiveAlto
79Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
80Filexxx.xxxpredictiveBajo
81Filexxxxx.xxxpredictiveMedio
82Filexxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx%xxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveAlto
83Filex/xxxxx.xxxpredictiveMedio
84Filexxx_xxxx.xpredictiveMedio
85Filexxx_xxxxxx.xxxpredictiveAlto
86Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveAlto
87Filexxx.xxxpredictiveBajo
88Filexxxxx.xxxpredictiveMedio
89Filexxxx.xpredictiveBajo
90Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
91Filexx-xxxxx/xxxxx.xxxpredictiveAlto
92Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx_xxxxxxxxpredictiveAlto
93Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxxxxxx-xxxxxxxx-xxxxxxxxpredictiveAlto
94Filexx-xxxx.xxxpredictiveMedio
95Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
96Filexx-xxxxxxxx/xxxx.xxxpredictiveAlto
97Filexx-xxxxxxxx/xxxx.xxxpredictiveAlto
98Filexx-xxxxxxxxxxx.xxxpredictiveAlto
99Filexxx_xxxxxx.xpredictiveMedio
100Filexxx.xxxxpredictiveMedio
101Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxpredictiveAlto
102Libraryxxxxxx.xxxpredictiveMedio
103Libraryxxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxxpredictiveAlto
104Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveAlto
105ArgumentxxxxxxxxpredictiveMedio
106ArgumentxxxxxxpredictiveBajo
107Argumentxx_xxpredictiveBajo
108Argumentxxxx/xxxxpredictiveMedio
109Argumentxxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxxpredictiveAlto
110ArgumentxxxxpredictiveBajo
111Argumentxxxxxx_xxxx_xxxxpredictiveAlto
112ArgumentxxxxpredictiveBajo
113ArgumentxxxxxxxxxpredictiveMedio
114Argumentxxxxxx_xxxxxx_xxxxxpredictiveAlto
115Argumentxxxx_xxpredictiveBajo
116ArgumentxxxxxxxpredictiveBajo
117ArgumentxxxxxxxpredictiveBajo
118ArgumentxxxxpredictiveBajo
119ArgumentxxxxxxxxpredictiveMedio
120ArgumentxxpredictiveBajo
121ArgumentxxxxxxxxxpredictiveMedio
122ArgumentxxxxxpredictiveBajo
123ArgumentxxxxpredictiveBajo
124Argumentxxx_xxxxx_xxxxxxxxpredictiveAlto
125Argumentxxx_xxxxxxxxpredictiveMedio
126ArgumentxxxxxxxxxxxxxxxxxpredictiveAlto
127ArgumentxxxxxxxxpredictiveMedio
128ArgumentxxxxxxxxpredictiveMedio
129Argumentxxxxxx_xxxxpredictiveMedio
130Argumentx_xxxxxxxxpredictiveMedio
131ArgumentxxxxxxxxpredictiveMedio
132ArgumentxxxxxxxxxpredictiveMedio
133ArgumentxxxxxxxxxpredictiveMedio
134ArgumentxxxpredictiveBajo
135Argumentxxxxx_xxxxxxpredictiveMedio
136Argumentxxx-xxxxxxxxxx-xxxxpredictiveAlto
137ArgumentxxxxxpredictiveBajo
138Argumentxxxxxxxx/xxxxxxpredictiveAlto
139ArgumentxxxpredictiveBajo
140ArgumentxxxxpredictiveBajo
141ArgumentxxxpredictiveBajo
142ArgumentxxxxxxxxpredictiveMedio
143Argumentxxxx_xxpredictiveBajo
144Argumentx_xxxxpredictiveBajo
145Argumentxxxx_xxxxpredictiveMedio
146Argumentxxxxxx_xxxxxxx_xxxpredictiveAlto
147Input Value../predictiveBajo
148Input Value../../xxxxxxx.xxxpredictiveAlto
149Input Value./../predictiveBajo
150Input Value/../predictiveBajo
151Input Valuex">[xxx/xxxxxx=xxxxx(x)]predictiveAlto
152Input Valuexxxxxxx-xxxxxxxxxxx: xxxx-xxxx; xxxx="xx"[\x][\x][\x]predictiveAlto
153Input Valuexxxx://xxx.xxxxxx.xxxpredictiveAlto
154Pattern|xx|xx|xx|predictiveMedio
155Network Portxxx/xx (xxx)predictiveMedio
156Network Portxxx/xx (xxx)predictiveMedio
157Network Portxxx xxxxxx xxxxpredictiveAlto

Referencias (8)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!