Satori Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (178)

Cronología

Idioma

en162
es14
ru2

País

us104
ru20
es12
io4
se4

Actores

Satori6
Rhadamanthys4
FIN63
FIN73
Ostap3

Ocupaciones

Interesar

Cronología

Escribe

Not Defined62
Web Browser10
WordPress Plugin10
Programming Language Software10
Content Management System8

Proveedor

Not Defined62
Apache6
Cisco4
Google4
VMware4

Producto

PHP6
Apple iOS4
lighttpd4
RoundCube Webmail4
Mozilla Firefox4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.02CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3Online Book Store admin_add.php escalada de privilegios6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.035330.00CVE-2020-19113
4Campcodes Online Thesis Archiving System manage_user.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.09CVE-2023-2149
5GFI Kerio Control Login Page DOM-Based cross site scripting6.16.0$0-$5k$0-$5kFunctionalNot Defined0.002000.04CVE-2019-16414
6OpenSSH Authentication Username divulgación de información5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.13CVE-2016-6210
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.09CVE-2017-0055
8Progress MOVEit Automation Web Admin Application cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004350.02CVE-2020-12677
9phpMyAdmin grab_globals.lib.php directory traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023340.18CVE-2005-3299
10Redis redis-cli desbordamiento de búfer7.16.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005840.03CVE-2018-12326
11Wazzum Wazzum Dating Software profile_view.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2009-0293
12LimeSurvey File Upload directory traversal7.16.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.02CVE-2018-1000659
13Apache HTTP Server ap_some_auth_required escalada de privilegios3.73.2$25k-$100k$0-$5kUnprovenOfficial Fix0.005220.04CVE-2015-3185
14Synacor Zimbra Collaboration XML External Entity8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.02CVE-2016-9924
15Samba Shared Library is_known_pipename SambaCry escalada de privilegios9.89.4$100k y más$0-$5kHighOfficial Fix0.972640.00CVE-2017-7494
16MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.88CVE-2007-0354
17MikroTik RouterOS Winbox/HTTP Interface escalada de privilegios7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000550.03CVE-2023-30799
18Oracle WebLogic Server jQuery cross site scripting6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.006600.02CVE-2015-9251
19Technitium DNS Server NS Record escalada de privilegios5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2021-43105
20PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.00CVE-2007-1287

Campañas (1)

These are the campaigns that can be associated with the actor:

  • CVE-2014-8361 / CVE 2017-17215

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
195.211.123.69Satori2022-02-12verifiedAlto
295.215.62.169169-62-215-95.cust.briod.netSatori2022-02-11verifiedAlto
3123.207.251.95Satori2022-02-11verifiedAlto
4XXX.XXX.XXX.XXXXxxxxx2022-02-12verifiedAlto
5XXX.XX.XX.XXXXxxxxx2022-02-12verifiedAlto
6XXX.XXX.XX.XXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx2021-09-02verifiedAlto
7XXX.XXX.XXX.XXXXxxxxx2022-02-11verifiedAlto
8XXX.XX.XX.XXXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx2021-09-02verifiedAlto
9XXX.XX.XXX.XXXxxxx.xxxxxXxxxxx2022-02-11verifiedAlto
10XXX.XXX.XX.XXXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx2021-09-02verifiedAlto
11XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx2021-09-02verifiedAlto
12XXX.X.XX.XXXXxxxxx2022-02-12verifiedAlto

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
13TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (87)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/admin/user/manage_user.phppredictiveAlto
2File/anony/mjpg.cgipredictiveAlto
3File/plainpredictiveBajo
4File/public/login.htmpredictiveAlto
5File/uncpath/predictiveMedio
6File/wbms/classes/Master.php?f=delete_clientpredictiveAlto
7File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveAlto
8Fileadmin_add.phppredictiveAlto
9Fileawstats.plpredictiveMedio
10Filebooks.phppredictiveMedio
11Filex-xxxxxx/xxxxxxx.xpredictiveAlto
12Filexxxx/xxxxxx/xxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveAlto
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
14Filexxxxx/xxxxxxxx.xxxpredictiveAlto
15Filexxxxxxxxx.xxxpredictiveAlto
16Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
17Filexxxxx.xxxpredictiveMedio
18Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
19Filexxxxx_xxx_xxxxx.xxxpredictiveAlto
20Filexxxx_xxxxxxx.xxx.xxxpredictiveAlto
21Filexxx/xxxxxx.xxxpredictiveAlto
22Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
23Filexxxxxxxx/xxxxxxx.xxxpredictiveAlto
24Filexxxxx.xxxpredictiveMedio
25Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictiveAlto
26Filexxxx_xxxx.xxxpredictiveAlto
27Filexxxxxx/xxxxxx/xxxx.xpredictiveAlto
28Filexxxxxxxxx/xxxxxxx.xpredictiveAlto
29Filexxxxxxxxx.xxxpredictiveAlto
30Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveAlto
31Filexxx_xxxxx_xxxxx.xpredictiveAlto
32Filexxxxxxxx.xxxxxpredictiveAlto
33Filexxxxxxx.xxxpredictiveMedio
34Filexxxxxxx.xxxpredictiveMedio
35Filexxxxxxxx.xxxpredictiveMedio
36Filexxxxxxx_xxxxxxx.xxxpredictiveAlto
37Filexxxxxxx_xxxx.xxxpredictiveAlto
38Filexxxxx_xxxxxxx.xxxpredictiveAlto
39Filexxxxxxxxx.xxxxpredictiveAlto
40Filexxxxx.xxxpredictiveMedio
41Filexxxxx-xxxx.xxxpredictiveAlto
42Filexxxxxxxxx.xxxpredictiveAlto
43Filexxxxxxxx/xxxxxx.xxxxxxxxpredictiveAlto
44Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveAlto
45Filexx-xxxxx.xxxpredictiveMedio
46Filexxxxxxx.xxxpredictiveMedio
47Library/xxx/xxxxx/xxxxxxxxx.xxpredictiveAlto
48Libraryxxx.xxxpredictiveBajo
49Libraryxxxxx/xxxxxx/xxx/xxxxx/xxxxx.xxxxx_xx.xxxpredictiveAlto
50Libraryxxx/xxx/xxxx/predictiveAlto
51Libraryxx-xxxxxxx/xxxxxxx/xxxxxx/xxx_xxxx.xxxpredictiveAlto
52Argument-xpredictiveBajo
53Argument-xxxxxxxxxxxxxpredictiveAlto
54Argument-xpredictiveBajo
55ArgumentxxxxxxxxpredictiveMedio
56ArgumentxxxxxxpredictiveBajo
57ArgumentxxxpredictiveBajo
58Argumentxxxx_xxpredictiveBajo
59ArgumentxxxxxxxpredictiveBajo
60ArgumentxxxxxxpredictiveBajo
61ArgumentxxxxxxxxxxxpredictiveMedio
62Argumentxxxxxxxxx_xxxxxx_xxxxpredictiveAlto
63ArgumentxxxxpredictiveBajo
64ArgumentxxxxpredictiveBajo
65ArgumentxxxxxxxxpredictiveMedio
66ArgumentxxpredictiveBajo
67ArgumentxxxpredictiveBajo
68ArgumentxxxxxxpredictiveBajo
69ArgumentxxxxxxxpredictiveBajo
70ArgumentxxxpredictiveBajo
71ArgumentxxxxxxxxxpredictiveMedio
72ArgumentxxxxxpredictiveBajo
73ArgumentxxxxpredictiveBajo
74ArgumentxxxxxpredictiveBajo
75ArgumentxxxxpredictiveBajo
76ArgumentxxxxxxxxpredictiveMedio
77ArgumentxxxxxxxpredictiveBajo
78ArgumentxxxpredictiveBajo
79Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveAlto
80Argumentxxxx_xxpredictiveBajo
81ArgumentxxxxxxpredictiveBajo
82Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
83Input Value../predictiveBajo
84Network Portxxx/xxxpredictiveBajo
85Network Portxxx/xxxxpredictiveMedio
86Network Portxxx/xxx (xxx)predictiveAlto
87Network Portxxx xxxxxx xxxxpredictiveAlto

Referencias (4)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!