PowerShell Análisis

IOB - Indicator of Behavior (43)

Cronología

Idioma

en42
zh2

País

Actores

Ocupaciones

Interesar

Cronología

Escribe

Proveedor

Producto

phpBB8
vBulletin6
Linux Kernel4
DZCP deV!L`z Clanportal2
EDK II2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2EDK II DxeCore desbordamiento de búfer6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00181CVE-2018-12183
3Apache Tomcat Incomplete Fix CVE-2020-9484 escalada de privilegios7.26.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00055CVE-2021-25329
4Qualcomm Snapdragon Mobile camx Driver desbordamiento de búfer6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00044CVE-2020-3701
5PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.02101CVE-2007-1287
6Cisco PIX denegación de servicio7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.01896CVE-2009-1157
7Adobe Acrobat Reader Smart Independent Glyphlets CoolType.dll desbordamiento de búfer5.04.8$25k-$100k$0-$5kHighOfficial Fix0.000.80942CVE-2010-2883
8Microsoft Windows Remote Desktop Service escalada de privilegios10.09.0$100k y más$0-$5kHighOfficial Fix0.030.78895CVE-2012-0002
9D-Link DIR-823G HNAP1 GetNetworkTomographyResult escalada de privilegios8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.030.71575CVE-2019-7297
10NASA RtRetrievalFramework escalada de privilegios7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00399CVE-2018-1000048
11Zend Framework Zend_Db_Select sql injection8.58.2$0-$5kCalculadorNot DefinedOfficial Fix0.040.00895CVE-2016-4861
12Laravel Framework Permission .env writeNewEnvironmentFileWith Password divulgación de información6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.11608CVE-2017-16894
13vBulletin decodeArguments escalada de privilegios7.37.3$0-$5k$0-$5kHighNot Defined0.000.74237CVE-2015-7808
14vBulletin cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01206CVE-2004-1824
15Tapatalk Plugin XMLRPC API unsubscribe_forum.php sql injection8.57.7$0-$5kCalculadorProof-of-ConceptOfficial Fix0.000.00242CVE-2014-2023
16phpBB Perl ucp_pm_options.php message_options cross site request forgery6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00335CVE-2015-1432
17vBulletin sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00214CVE-2014-5102
18PunBB cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00199CVE-2010-0455
19vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.220.00141CVE-2018-6200
20vBulletin Vbulletin Forum Remote Code Execution9.88.5$0-$5k$0-$5kUnprovenOfficial Fix0.000.00620CVE-2012-4328

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
145.76.53.25345.76.53.253.vultrusercontent.comPowerShell2022-10-07verifiedAlto
2XX.XX.XXX.XXXxxxxxxxxx2022-04-12verifiedAlto
3XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxXxxxxxxxxx2022-08-04verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1059CWE-94Argument InjectionpredictiveAlto
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/.envpredictiveBajo
2File/HNAP1predictiveBajo
3Fileajax/api/hook/decodeArgumentspredictiveAlto
4Filebreadcrumbs_create.phppredictiveAlto
5Filedata/gbconfiguration.datpredictiveAlto
6Filexxxxxxx/xxx/xxx/xxx/xxx_xxx.xpredictiveAlto
7Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
8Filexxx/xxxxxx.xxxpredictiveAlto
9Filexxxxxxxx/xxxxxxx.xxxpredictiveAlto
10Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictiveAlto
11Filexxxxxxx.xxxpredictiveMedio
12Filexxxxx.xxxpredictiveMedio
13Filexxxxx.xxxpredictiveMedio
14Filexxxxxxxx.xxxpredictiveMedio
15Filexxxxxxx.xxxpredictiveMedio
16Filexxxxxxxxxx.xxxpredictiveAlto
17Filexxxxxxxx.xxxpredictiveMedio
18Filexxxxx/xxx/xxxx/xxxx_xxxxxxxx.xpredictiveAlto
19Filexxxxxxxxxxx_xxxxx.xxxpredictiveAlto
20Filexxxxxxxxxxxxxx.xxxpredictiveAlto
21Libraryxxxxxxxx.xxxpredictiveMedio
22ArgumentxxxxxxxxxpredictiveMedio
23ArgumentxxxxxxxxpredictiveMedio
24ArgumentxxxxxxxxxpredictiveMedio
25Argumentxxx_xxxxpredictiveMedio
26Argumentxxxxx_xxxx_xxxpredictiveAlto
27ArgumentxxxpredictiveBajo
28ArgumentxxxxxxxpredictiveBajo
29ArgumentxxxxpredictiveBajo
30ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
31ArgumentxxxxxpredictiveBajo
32ArgumentxxxxxxpredictiveBajo
33ArgumentxxxxxxxxxxpredictiveMedio
34ArgumentxxxpredictiveBajo
35Network Portxxx/xxxx (xxx)predictiveAlto

Referencias (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!