PoshC2 Análisis

IOB - Indicator of Behavior (7)

Idioma

en	8

País

us	6

Actores

APT33	1

Interesar

Escribe

Not Defined	6
Chat Software	2

Proveedor

Not Defined	4
DUware	2
Zoom	2

Producto

ampleShop	2
DUware DUpaypal Pro	2
Zoom Chat	2
Thruk	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	CTI	EPSS	CVE
1	Thruk Parameter cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00075	CVE-2021-35489
2	ampleShop category.cfm sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.03	0.00610	CVE-2006-2038
3	DUware DUpaypal Pro cat.asp sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.00192	CVE-2005-2047
4	Microsoft Windows MSHTML Remote Code Execution	8.8	7.9	$100k y más	$5k-$25k	Proof-of-Concept	Official Fix	0.04	0.96612	CVE-2021-40444
5	Zoom Chat Privilege Escalation	5.0	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.03134	CVE-2021-30480
6	OpenResty API ngx_http_lua_subrequest.c escalada de privilegios	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.00353	CVE-2020-11724
7	Sitos Six Blog cross site scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00115	CVE-2019-15750

Campañas (1)

These are the campaigns that can be associated with the actor:

PoshC2

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Escribe	Confianza
1	35.202.253.45	45.253.202.35.bc.googleusercontent.com	PoshC2		verified	Medio
2	XXX.XXX.XXX.XX		Xxxxx	Xxxxxx	verified	Alto

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1059.007	CWE-79	Cross Site Scripting	predictive	Alto
2	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/thruk/#cgi-bin/extinfo.cgi?type=2	predictive	Alto
2	File	cat.asp	predictive	Bajo
3	File	xxxxxxxx.xxx	predictive	Medio
4	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	Alto
5	Argument	xxx	predictive	Bajo
6	Argument	xxxx/xxxxxxx/xxxxxxx	predictive	Alto
7	Argument	xxxx	predictive	Bajo
8	Argument	xx	predictive	Bajo

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión de conjuntoPróximo ▸

Do you know our Splunk app?

Download it now for free!