QNAPCrypt Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

Cronología

Idioma

en22
sv2

País

us18
gb2
ru2
it2

Actores

QNAPCrypt3
Nobelium1
Mirai1
BianLian1
Raccoon1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined12
Database Software2
Firewall Software2
Customer Relationship Management System2
Web Server2

Proveedor

Not Defined12
Microsoft2
Fortinet2
Hikvision2
Odoo2

Producto

Mlffat2
Microsoft SQL Server2
1C:Enterprise2
Fortinet FortiOS2
TightVNC2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1nginx escalada de privilegios6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.40CVE-2020-12440
2SourceCodester Block Inserter for Dynamic Content view_post.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.08CVE-2024-2073
3Fortinet FortiOS SSL-VPN Daemon denegación de servicio7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2023-29180
4QNAP Multimedia Console/QTS/Media Streaming Add-on escalada de privilegios9.08.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.04CVE-2023-23369
5OpenSSH Authentication Username divulgación de información5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.34CVE-2016-6210
6Mikrotik RouterOS SNMP divulgación de información8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003240.04CVE-2022-45315
7Odoo Community/Enterprise Database Manager escalada de privilegios8.58.3$0-$5k$0-$5kNot DefinedNot Defined0.006800.04CVE-2018-14885
81C:Enterprise URL Parameter divulgación de información5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001680.04CVE-2021-3131
9Hikvision Wwireless Bridge Web Server escalada de privilegios7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001420.04CVE-2022-28173
10Synology DiskStation Manager Web Interface info.cgi Reflected cross site scripting5.55.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.03
11Online Student Admission sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001720.04CVE-2022-28467
12Mini-Inventory-and-Sales-Management-System Inventory cross site request forgery3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2021-44321
13TightVNC InitialiseRFBConnection desbordamiento de búfer8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.019270.00CVE-2019-15679
14Host Web Server phpinfo.php phpinfo divulgación de información5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000000.03
15Microsoft Outlook Web App redir.aspx autenticación débil5.35.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.04
16Teradata Virtual Machine Community Edition Temp File t2a.pl escalada de privilegios9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.017960.00CVE-2016-7489
17Microsoft SQL Server Virtual Function escalada de privilegios6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.043520.04CVE-2015-1763
18Mlffat index.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000990.00CVE-2009-2585
19Microsoft IIS FTP Server desbordamiento de búfer7.57.2$25k-$100k$0-$5kHighOfficial Fix0.969920.04CVE-2010-3972
20WordPress wp_crop_image directory traversal5.95.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.955640.05CVE-2019-8943

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
1167.99.218.114QNAPCrypt2022-09-08verifiedAlto
2XXX.XXX.XX.XXXxxxxxxxx2021-08-11verifiedAlto
3XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxx2022-06-17verifiedAlto
4XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxx2024-02-12verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClaseVulnerabilidadVector de accesoEscribeConfianza
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1059.007CAPEC-18CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/opt/teradata/gsctools/bin/t2a.plpredictiveAlto
2File/webman/info.cgipredictiveAlto
3Fileaccount/gallery.phppredictiveAlto
4Filexxxxx.xxxpredictiveMedio
5Filexxx/xxxxx.xxxxpredictiveAlto
6Filexxxxxxx.xxxpredictiveMedio
7Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveAlto
8Filexxxx_xxxx.xxxpredictiveAlto
9Argumentxxx_xxpredictiveBajo
10Argumentxxxx/xxxxxx/xxxpredictiveAlto
11ArgumentxxpredictiveBajo
12ArgumentxxxxxxxxpredictiveMedio
13ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
14ArgumentxxxpredictiveBajo
15Input Value.xxx?/../../xxxx.xxxpredictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

Samples (3)

The following list contains associated samples:

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!