Sality Análisis

IOB - Indicator of Behavior (40)

Cronología

Idioma

en28
de8
pl2
ru2

País

Actores

Ocupaciones

Interesar

Cronología

Escribe

Proveedor

Producto

Adobe Acrobat Reader4
WordPress4
Microsoft Windows4
phpRaid2
ManageEngine Firewall Analyzer2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConCTIEPSSCVE
1WordPress wp-trackback.php mb_convert_encoding cifrado débil5.35.1$5k-$25kCalculadorNot DefinedOfficial Fix0.040.03358CVE-2009-3622
2Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00053CVE-2022-28507
3YaPiG view.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01368CVE-2005-1886
4WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.000.00322CVE-2007-5105
5MetInfo URL Redirector login.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00107CVE-2017-11718
6phpRaid register.php escalada de privilegios5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
7vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.240.00181CVE-2007-6138
8DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.480.00943CVE-2010-0966
9Symantec Endpoint Protection Manager SAP XML Parser XML External Entity7.36.6$5k-$25k$0-$5kHighOfficial Fix0.000.83177CVE-2013-5014
10Mozilla Firefox/Thunderbird/Firefox ESR NPAPI Plugin cross site request forgery6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00419CVE-2019-11712
11Linux Kernel oom_kill.c __oom_reap_task_mm desbordamiento de búfer4.74.7$0-$5kCalculadorNot DefinedOfficial Fix0.030.00062CVE-2017-18202
12Node.js HTTP Header denegación de servicio6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02355CVE-2018-12121
13TestLink Plugin summary.jelly cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00053CVE-2018-1000113
14Microsoft Windows Windows Media Player divulgación de información2.52.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00157CVE-2017-11768
15W3C Jigsaw Host Header cross site scripting6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.01034CVE-2002-1053
16Microsoft Windows Subsystem for Linux escalada de privilegios6.45.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.00213CVE-2018-0743
17Microsoft Windows DirectX divulgación de información5.14.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-0837
18WordPress wpdb->prepare sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00389CVE-2017-16510
19Microsoft Lync/Skype for Business Security Feature escalada de privilegios7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00284CVE-2018-8238
20Iptanus File Upload Plugin Shortcode cross site scripting6.05.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00185CVE-2018-9172

IOC - Indicator of Compromise (31)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
15.101.0.44Sality2022-04-12verifiedAlto
220.53.203.50Sality2022-08-01verifiedAlto
320.72.235.82Sality2022-08-01verifiedAlto
420.81.111.85Sality2022-08-01verifiedAlto
520.84.181.62Sality2022-08-01verifiedAlto
620.103.85.33Sality2022-08-01verifiedAlto
720.109.209.108Sality2022-08-01verifiedAlto
8XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx2022-08-01verifiedAlto
9XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx2022-08-01verifiedAlto
10XX.XXX.XXX.XXXxxxxx2022-04-08verifiedAlto
11XX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxx-xxxx.xxx.xxxXxxxxx2022-04-12verifiedAlto
12XX.XX.X.XXxxxxxxx.x.xxxxxxxxx.xxxXxxxxx2022-04-12verifiedAlto
13XX.XXX.XXX.XXXxxxxx2022-04-08verifiedAlto
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxx2022-04-08verifiedAlto
15XX.XXX.XXX.XXXXxxxxx2022-04-12verifiedAlto
16XX.XXX.XX.XXXxx-xxx-xx-xxx-xxxxxx.xxxxxxx.xxxXxxxxx2023-10-29verifiedAlto
17XX.XXX.XXX.XXxx-xxxxx.xx.xxxxxxxxxxxxx.xxXxxxxx2022-04-12verifiedAlto
18XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxx2022-04-12verifiedAlto
19XXX.XX.XX.XXxxxxxxxxxxx.x.xxxxxxxxx.xxxXxxxxx2022-04-12verifiedAlto
20XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx2022-04-12verifiedAlto
21XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxx2022-04-12verifiedAlto
22XXX.X.XXX.XXXXxxxxx2022-04-12verifiedAlto
23XXX.XXX.XX.XXx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx2022-04-12verifiedAlto
24XXX.XX.XXX.Xxx-xxxxx.xxx.xx.xxXxxxxx2022-04-12verifiedAlto
25XXX.XX.XX.XXXXxxxxx2022-04-08verifiedAlto
26XXX.XX.XXX.XXXXxxxxx2022-04-08verifiedAlto
27XXX.XX.XXX.XXXXxxxxx2022-04-08verifiedAlto
28XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx2022-04-08verifiedAlto
29XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxx-xxxx.xxxXxxxxx2022-04-08verifiedAlto
30XXX.XX.XX.XXxxxx.xxxxxxx.xxXxxxxx2022-04-08verifiedAlto
31XXX.XX.XX.XXXxxx.xxxxxxx.xxXxxxxx2022-04-12verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1059CWE-94Argument InjectionpredictiveAlto
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/getcfg.phppredictiveMedio
2File/settings/avatarpredictiveAlto
3Filebin/icingapredictiveMedio
4Fileinc/config.phppredictiveAlto
5Fileindex.phppredictiveMedio
6Filexxxxxx/xxxxx.xxxpredictiveAlto
7Filexxxxxx.xxpredictiveMedio
8Filexx/xxx_xxxx.xpredictiveAlto
9Filexxx.xxxpredictiveBajo
10Filexxxxx.xxxpredictiveMedio
11Filexxxxxxxx.xxxpredictiveMedio
12Filexxxxxxxxxxxxxxxxxxx/xxxxxxx.xxxxxpredictiveAlto
13Filexxxxxxxxx.xxpredictiveMedio
14Filexxxx/xxxxxxxxxxxx.xpredictiveAlto
15Filexxxx.xxxpredictiveMedio
16Filexx-xxxxxxxx.xxxpredictiveAlto
17Filexx-xxxxxxxxx.xxxpredictiveAlto
18ArgumentxxxxxxxxpredictiveMedio
19ArgumentxxxxxxxxxpredictiveMedio
20ArgumentxxxxxxxpredictiveBajo
21ArgumentxxxxxxxxxxxpredictiveMedio
22ArgumentxxxxxpredictiveBajo
23ArgumentxxpredictiveBajo
24ArgumentxxxxxxpredictiveBajo
25ArgumentxxxxxxxxpredictiveMedio
26ArgumentxxxxpredictiveBajo
27Argumentxxxxxxx_xxxpredictiveMedio
28ArgumentxxxxxxxxpredictiveMedio
29ArgumentxxxxxxxxxxxxxpredictiveAlto
30Argumentxxxx_xxxxxpredictiveMedio
31Argument_xxxxxxxpredictiveMedio
32Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveAlto
33Pattern|xx|xx|xx|predictiveMedio
34Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)predictiveAlto
35Network Portxxx xxxxxx xxxxpredictiveAlto

Referencias (6)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!