PortDoor Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Cronología

Idioma

en14
es2

País

us14
ir2

Actores

TA4281

Ocupaciones

Interesar

Cronología

Escribe

Not Defined8
Cloud Software2
Router Operating System2
Content Management System2

Proveedor

Not Defined2
DUware2
Nextcloud2
Thomas R. Pasawicz2
DZCP2

Producto

Bitcoin Core2
Bitcoin Knots2
DUware DUdownload2
Nextcloud Server2
Thomas R. Pasawicz HyperBook Guestbook2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Microsoft Windows Registry Password divulgación de información3.73.6$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
3Nextcloud Server Image Preview config.php escalada de privilegios7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002540.04CVE-2021-32802
4D-Link DIR-865L register_send.php autenticación débil7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.02CVE-2013-3096
5Google Go ExtractTo directory traversal7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001070.00CVE-2020-7668
6PHP phpinfo desbordamiento de búfer6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023450.02CVE-2005-2491
7DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.96CVE-2010-0966
8DZCP deV!L`z Clanportal browser.php divulgación de información5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.87CVE-2007-1167
9Kerberos Package DLL LoadLibrary escalada de privilegios6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.004400.00CVE-2020-13110
10WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.17CVE-2008-0507
11LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.92
12Bitcoin Core/Bitcoin Knots Final Alert cifrado débil6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001580.00CVE-2016-10725
13DUware DUdownload detail.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002540.03CVE-2006-6367

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
145.63.27.16245.63.27.162.vultr.comPortDoor2022-03-04verifiedMedio

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/forum/away.phppredictiveAlto
2Fileadclick.phppredictiveMedio
3Filexxxxxx.xxxpredictiveMedio
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
5Filexxxxxx.xxxpredictiveMedio
6Filexxx/xxxxxx.xxxpredictiveAlto
7Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
8Filexxxxxxxx_xxxx.xxxpredictiveAlto
9ArgumentxxxxxxxxpredictiveMedio
10ArgumentxxxxpredictiveBajo
11ArgumentxxpredictiveBajo
12ArgumentxxxxxpredictiveBajo
13Input Value..predictiveBajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!