Palevo Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (379)

Cronología

Idioma

en314
zh52
es6
de2
ru2

País

cn230
us116
ru10
es2
de2

Actores

Palevo5
Cobalt Strike2
PingPull1
pupy1
Locky1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined106
Router Operating System32
Content Management System30
WordPress Plugin20
Firewall Software10

Proveedor

Not Defined114
D-Link16
Apache14
Cisco12
Ubiquiti8

Producto

Ubiquiti EdgeRouter X8
WordPress6
AWStats6
Wireshark6
D-Link DIR-8826

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1AWStats Config awstats.pl Privilege Escalation5.04.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
2Trend Micro Apex One/Apex One as a Service Management Server directory traversal8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.002150.00CVE-2023-32557
3WordPress Metadata escalada de privilegios8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015780.00CVE-2018-20148
4Hitron CODA-5310 System Configuration Interface autenticación débil8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001480.02CVE-2023-30604
5request-baskets API Request {name} escalada de privilegios6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
6Galaxy gunicorn directory traversal7.17.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.04CVE-2022-23470
7Cisco Identity Services Engine tcpdump escalada de privilegios5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.04CVE-2022-20964
8Drupal File escalada de privilegios3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.007290.02CVE-2017-6922
9VMware Horizon DaaS RDP File escalada de privilegios5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000790.00CVE-2017-4897
10Ubiquiti EdgeRouter X OSPF escalada de privilegios [Disputa]8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.009340.09CVE-2023-1458
11AWStats awstats.pl Path divulgación de información5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001760.06CVE-2018-10245
12Fortinet FortiOS SSH Server escalada de privilegios9.89.6$25k-$100k$0-$5kHighOfficial Fix0.681880.02CVE-2016-1909
13D-Link DIR-815 getcfg.php divulgación de información8.57.9$5k-$25k$5k-$25kNot DefinedNot Defined0.004380.03CVE-2018-10106
14Hitron CODA-5310 Telnet autenticación débil9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.001550.00CVE-2023-30603
15D-Link DIR-867/DIR-878/DIR-882 autenticación débil7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000980.04CVE-2020-15633
16Linux Kernel Page Table Isolation EntryBleed divulgación de información4.94.9$5k-$25k$5k-$25kNot DefinedNot Defined0.000420.04CVE-2022-4543
17vsftpd deny_file vulnerabilidad desconocida3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.04CVE-2015-1419
18D-Link DIR-820L lan.asp Privilege Escalation6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.456150.00CVE-2022-26258
19Netgear RV340/RV340W/RV345/RV345P escalada de privilegios4.94.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001420.00CVE-2023-20007
20Realtek Jungle SDK MP Daemon UDPServer desbordamiento de búfer7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.966670.03CVE-2021-35394

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
142.120.158.78Palevo2021-06-13verifiedAlto
267.210.170.16967-210-170.169.static.tel-ott.comPalevo2021-06-13verifiedAlto
376.74.255.138loom.comPalevo2021-06-13verifiedAlto
4XX.XXX.X.XXXXxxxxx2021-06-13verifiedAlto
5XX.XXX.XXX.XXxxx.xxxxxxxxx.xxXxxxxx2021-06-13verifiedAlto
6XXX.XX.XXX.XXXxxxx.xxxxx.xxxXxxxxx2021-06-13verifiedAlto
7XXX.XXX.XX.XXXXxxxxx2021-06-13verifiedAlto
8XXX.XXX.XXX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx2021-06-13verifiedAlto
9XXX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxx2021-06-13verifiedAlto
10XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xxXxxxxx2021-06-13verifiedAlto
11XXX.X.XXX.XXXxxxxx2021-06-13verifiedAlto
12XXX.X.XXX.XXXxxxxx2021-06-13verifiedAlto

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-88, CWE-94Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
13TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
17TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
19TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
20TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
21TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
22TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (165)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/+CSCOE+/logon.htmlpredictiveAlto
2File/addnews.htmlpredictiveAlto
3File/admin/system/database/filedown.phppredictiveAlto
4File/api/baskets/{name}predictiveAlto
5File/bin/boapredictiveMedio
6File/bin/protestpredictiveMedio
7File/cgi-bin/cstecgi.cgipredictiveAlto
8File/cgi-bin/ExportSettings.shpredictiveAlto
9File/cgi-bin/upload_vpntarpredictiveAlto
10File/getcfg.phppredictiveMedio
11File/HNAP1predictiveBajo
12File/htdocs/web/getcfg.phppredictiveAlto
13File/lan.asppredictiveMedio
14File/MTFWUpredictiveBajo
15File/network_test.phppredictiveAlto
16File/okm:rootpredictiveMedio
17File/SetTriggerLEDBlink/BlinkpredictiveAlto
18File/spip.phppredictiveMedio
19File/wp-content/plugins/updraftplus/admin.phppredictiveAlto
20Filexxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxxpredictiveAlto
21Filexxx.xxxpredictiveBajo
22Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictiveAlto
23Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveAlto
24Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveAlto
25Filexxxxx/xxxxx.xxx?x=xx_xxx&x=xxxxx&x=xxxxx&x=xxxxx_xxxx_xxxxxxx&xxxxx=xxxx&xxxxx=xpredictiveAlto
26Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveAlto
27Filexxx.xxxpredictiveBajo
28Filexxxxx/xxxxxxx/xxxxxxxxxxxxxpredictiveAlto
29Filexxxxxx.xxxpredictiveMedio
30Filexxxxxxx.xxpredictiveMedio
31Filexxx-xxx/xxxxxxxxxxxx.xxx/xxxxxxxxxxxxpredictiveAlto
32Filexxxx/xxxxxx/xxxxx.xxxpredictiveAlto
33Filexxxxxx.xxxpredictiveMedio
34Filexxxxxxxx.xxxpredictiveMedio
35Filexxx/xxxx_xxxxxpredictiveAlto
36Filexxxxxx.xxxpredictiveMedio
37Filexxxxx.xxxpredictiveMedio
38Filexxxx/xxxxxxxxxx/xxxxxx-xxxx.xpredictiveAlto
39Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveAlto
40Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveAlto
41Filexx_xxx_xx.xpredictiveMedio
42Filexxxxxxxxx.xxxpredictiveAlto
43Filexxxxx.xxxpredictiveMedio
44Filexxxx.xxxpredictiveMedio
45Filexxxxx.xxxxpredictiveMedio
46Filexxxxx_xxxxx.xxxpredictiveAlto
47Filexxxxxxxx/xxxxxxx/xxxxx.xxxxx.xxxpredictiveAlto
48Filexxxxxxxx/xxxxxx.xxxpredictiveAlto
49Filexxxxx.xxxpredictiveMedio
50Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveAlto
51Filexxxxxxx.xxxpredictiveMedio
52Filexxx/xxx.xpredictiveMedio
53Filexxx_xxxxxxxxx.xxxpredictiveAlto
54Filexxxxxx.xpredictiveMedio
55Filexxxxxx/xxx_xxxxxx.xpredictiveAlto
56Filexxxxxx.xxpredictiveMedio
57Filexxxxxxx/xxxxx/xx/xxxxxx.xxxxx.xxxpredictiveAlto
58Filexxxx/xxxxxx/xxxxx.xxxpredictiveAlto
59Filexxxxx.xxxpredictiveMedio
60Filexxxxxxxx.xxxpredictiveMedio
61Filexxxxxxxx.xxxpredictiveMedio
62Filexxx_xxx.xpredictiveMedio
63Filexxx/xxxx/xxxx.xpredictiveAlto
64Filexxxxxxx.xxxpredictiveMedio
65Filexxxxxxxxxxx-xxxx.xxpredictiveAlto
66Filexxxxxxx.xxxpredictiveMedio
67Filexxxxxxxxxxx.xxxpredictiveAlto
68Filexxxxx.xpredictiveBajo
69Filexxxxxxxx.xxxxx.xxxpredictiveAlto
70Filexxxx/xxxxxxxxx.xxxpredictiveAlto
71Filexxxx.xxxpredictiveMedio
72Filexxxxx_xxxxx.xxxpredictiveAlto
73Filexxxxxxxx.xxxpredictiveMedio
74Filexxxxxx/xxxxx/xxx.xpredictiveAlto
75Filexxxxxxx.xxxpredictiveMedio
76Filexxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xxpredictiveAlto
77Filexxxxx.xxxpredictiveMedio
78Filexxx_xxxxxx.xxxpredictiveAlto
79Filexxxxx-xxxxxxxxxxxx.xxxpredictiveAlto
80Filexxxxx/_xxxxxxxx.xxxpredictiveAlto
81FilexxxxxxxxxpredictiveMedio
82Filexxxxxx.xxxpredictiveMedio
83Filexxxx_xxxxx_xxxxx.xxxpredictiveAlto
84Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
85Filexxxx/xxxx/xxxxx.xxxpredictiveAlto
86Filexxxx_xxx_xxx_xxxx.xxxpredictiveAlto
87Filexxxxx.xxxpredictiveMedio
88Filexxx/xxxxxx-xxxxxxx.xxxpredictiveAlto
89Filexxxxx.xxxpredictiveMedio
90Filexxxxxxx/xxx.xpredictiveAlto
91Filexxxxxxx/xxxxxxxxx.xpredictiveAlto
92Filexx-xxxxx/xxxx-xxx.xxxpredictiveAlto
93Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
94Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
95Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveAlto
96Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveAlto
97Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveAlto
98Libraryxxxxxx.xxxpredictiveMedio
99Libraryxxxxx.xxxpredictiveMedio
100Libraryxxx/xxxxxx/xxxxxx.xxpredictiveAlto
101Libraryxxx/xxxxxxxxxxxxx/xxxxxxxxxx.xxpredictiveAlto
102Libraryxxxxxx.xxxpredictiveMedio
103Argument$_xxxxxpredictiveBajo
104Argument$_xxxxxxx['xxxx']predictiveAlto
105Argumentxx_xxxxx_xxx_xxxxpredictiveAlto
106Argumentxxxxxx_xxxxxxpredictiveAlto
107ArgumentxxxxpredictiveBajo
108ArgumentxxxxxxpredictiveBajo
109ArgumentxxxxxxpredictiveBajo
110Argumentxxxxxxxxxx_xxxxpredictiveAlto
111ArgumentxxxpredictiveBajo
112Argumentxxxxxx_xxxxxxxpredictiveAlto
113ArgumentxxxxxxpredictiveBajo
114ArgumentxxxxxxxxpredictiveMedio
115Argumentxxxxxx xxxxpredictiveMedio
116ArgumentxxxpredictiveBajo
117ArgumentxxxxpredictiveBajo
118ArgumentxxxpredictiveBajo
119ArgumentxxxxxxpredictiveBajo
120ArgumentxxxxxxxpredictiveBajo
121ArgumentxxxxpredictiveBajo
122ArgumentxxxxxxxxpredictiveMedio
123ArgumentxxxxxxxxxpredictiveMedio
124Argumentxxxxxx_xxxxx_xxxpredictiveAlto
125ArgumentxxxxxpredictiveBajo
126Argumentxxxxxxxxx/xxxxxxpredictiveAlto
127ArgumentxxxxxxxpredictiveBajo
128Argumentxxxxx_xxpredictiveMedio
129Argumentxxxxx_xxxxxxpredictiveMedio
130ArgumentxxxxpredictiveBajo
131ArgumentxxxxpredictiveBajo
132ArgumentxxpredictiveBajo
133ArgumentxxxxxxxxxxxxxpredictiveAlto
134Argumentxxxxxxx_xxxxxxpredictiveAlto
135ArgumentxxxpredictiveBajo
136ArgumentxxxxpredictiveBajo
137Argumentxxxxxx_xxxx_xxxxpredictiveAlto
138ArgumentxxxxxxxxxxxxxxpredictiveAlto
139ArgumentxxxxxxxxxxxxxpredictiveAlto
140ArgumentxxxxxxxpredictiveBajo
141Argumentxxx_xxxxxpredictiveMedio
142ArgumentxxxxpredictiveBajo
143ArgumentxxxxpredictiveBajo
144ArgumentxxxxxpredictiveBajo
145ArgumentxxxxxxxxpredictiveMedio
146ArgumentxxxxxxxxxxxxxxpredictiveAlto
147ArgumentxxxxxxpredictiveBajo
148ArgumentxxxxpredictiveBajo
149Argumentxxxxxxx/xxxxxxxpredictiveAlto
150Argumentxxxxxx-xxxx-xxpredictiveAlto
151ArgumentxxxxxpredictiveBajo
152Argumentxxxxxxx[]predictiveMedio
153Argumentxxxxxxxxxx[xxxx]predictiveAlto
154ArgumentxxxxpredictiveBajo
155Argumentxxxxxxxxxx_xxxx_xxxxxxxpredictiveAlto
156ArgumentxxpredictiveBajo
157ArgumentxxxxxxxxpredictiveMedio
158Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
159ArgumentxxxpredictiveBajo
160Argumentxxxx->xxxxxxxpredictiveAlto
161Argument_xxxxxxxxxpredictiveMedio
162Argument_xxxxxxxpredictiveMedio
163Input Value../../predictiveBajo
164Input Value..\predictiveBajo
165Network Portxxx/xxx (xxxx)predictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!