ScanBox Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (97)

Cronología

Idioma

en70
zh22
de4
jp2

País

cn64
us28
ca2
th2

Actores

ScanBox8
UAC-00101
3CX Backdoor1
Emotet1
PhotoLoader1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined36
Content Management System18
Operating System10
Web Server4
Network Attached Storage Software4

Proveedor

Not Defined38
Oracle6
Linux6
Microsoft4
VMware4

Producto

Linux Kernel6
DeDeCMS4
Joomla CMS4
RadScripts RadLance2
Microsoft IIS2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1October CMS fromData condición de carrera6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004050.00CVE-2022-24800
2DeDeCMS recommend.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.028340.04CVE-2017-17731
3Fortinet FortiOS/FortiPAM/FortiProxy HTTP Request desbordamiento de búfer9.89.6$25k-$100k$25k-$100kNot DefinedOfficial Fix0.000910.04CVE-2023-42789
4Oracle Identity Management Suite Apache Log4j escalada de privilegios9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.819480.02CVE-2017-5645
5VMware Cloud Director Privilege Escalation7.26.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002520.03CVE-2022-22966
6Google Android Lockscreen KeyguardServiceWrapper.java condición de carrera2.01.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2022-20006
7Boa Webserver GET wapopen directory traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.09CVE-2017-9833
8Microsoft ASP.NET Forms Authentication directory traversal9.89.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.939760.02CVE-2004-0847
9Oracle MySQL Enterprise Monitor Monitoring directory traversal9.18.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001270.00CVE-2022-37865
10SpringBlade sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001710.02CVE-2022-27360
11Cuppa CMS File Manager copy escalada de privilegios5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.002050.02CVE-2022-25401
12JCK Editor links.php sql injection8.58.3$0-$5k$0-$5kHighNot Defined0.816230.03CVE-2018-17254
13Yii Yii2 directory traversal7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.04CVE-2015-5467
14Umbraco FeedProxy.aspx.cs Page_Load escalada de privilegios7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005110.04CVE-2015-8813
15WPS Hide Login Plugin Secret Login Page options.php escalada de privilegios6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.029330.04CVE-2021-24917
16jeecg-boot divulgación de información6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.007030.04CVE-2021-37304
17SSH SSH-1 Protocol cifrado débil7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002580.08CVE-2001-1473
18Linux Kernel nftables nft_byteorder.c nft_byteorder desbordamiento de búfer6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.04CVE-2023-35001
19emlog index.php divulgación de información5.55.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.003000.02CVE-2021-3293
20Linux Kernel DECnet Socket denegación de servicio5.45.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005040.00CVE-2023-3338

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
11.9.5.38ScanBox2020-12-24verifiedAlto
245.77.237.24345.77.237.243.vultrusercontent.comScanBox2024-02-16verifiedAlto
350.2.24.211ScanBox2020-12-24verifiedAlto
466.197.231.62ScanBox2021-01-01verifiedAlto
569.197.146.80ScanBox2021-01-01verifiedAlto
669.197.183.142us-mci1-16.renders.prerender.ioScanBox2021-01-01verifiedAlto
7XX.XXX.XXX.XXXXxxxxxx2021-01-01verifiedAlto
8XX.XXX.XXX.XXXXxxxxxx2021-01-01verifiedAlto
9XX.XXX.XXX.XXXxx-xxxx-xx.xxxxxxx.xxxxxxxxx.xxXxxxxxx2021-01-01verifiedAlto
10XX.XX.XXX.XXXxxxxxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxxx2020-12-24verifiedAlto
11XXX.XX.XXX.XXXXxxxxxx2020-12-24verifiedAlto
12XXX.XXX.XXX.XXXXxxxxxx2020-12-24verifiedAlto
13XXX.XX.XX.XXXXxxxxxx2020-12-24verifiedAlto
14XXX.XX.XX.XXXXxxxxxx2021-01-01verifiedAlto
15XXX.XX.XX.XXXXxxxxxx2024-02-16verifiedAlto
16XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024-02-16verifiedAlto
17XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxx2024-02-16verifiedAlto
18XXX.XXX.XXX.XXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxx2020-12-24verifiedAlto
19XXX.XX.XX.XXXxxxxxxx.xxxxxxxxxxxxxx.xx.xxXxxxxxx2021-01-01verifiedAlto
20XXX.XX.XXX.XXXxxx-xx-xxx-x.xx.xxx.xxxxx-xxxxx.xxxxxxxxxx.xxxXxxxxxx2021-01-01verifiedAlto
21XXX.XX.XX.Xxxx-xx-xx-x.xx.xxxxxx.xxxxx-xxxxxx.xxxxxxxxxx.xxxXxxxxxx2021-01-01verifiedAlto
22XXX.XX.XXX.XXXxxx-xx-xxx-x.xx.xxxxxx.xxxxx-xxxxx.xxxxxxxxxx.xxxXxxxxxx2021-01-01verifiedAlto
23XXX.XXX.XX.XXx.x.xxxxx.xxXxxxxxx2021-01-01verifiedAlto
24XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2024-02-16verifiedAlto
25XXX.X.XXX.XXXxxxxxx2021-01-01verifiedAlto
26XXX.X.XXX.XXXxxxxxx2021-01-01verifiedAlto

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
12TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (83)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/cgi-bin/wapopenpredictiveAlto
2File/proc/self/setgroupspredictiveAlto
3File/secure/QueryComponent!Default.jspapredictiveAlto
4File/userRpm/PingIframeRpm.htmpredictiveAlto
5File/webman/info.cgipredictiveAlto
6File/wp-admin/options.phppredictiveAlto
7Fileadclick.phppredictiveMedio
8Fileaddentry.phppredictiveMedio
9Fileand/orpredictiveBajo
10Filexxxxxx.xxxxxx.xxxpredictiveAlto
11Filexxx.xxxpredictiveBajo
12Filexxxxxx.xpredictiveMedio
13Filexxx-xxx/xxxxxxpredictiveAlto
14Filexxxxxx.xxx.xxxpredictiveAlto
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
16Filexxxx-xxxxx.xxxpredictiveAlto
17Filexxxxxxxxx.xxx.xxxpredictiveAlto
18Filexxxxxxx.xxxpredictiveMedio
19Filexxxxxxxxxxxx_xxxx.xxxpredictiveAlto
20Filexxxxxxx/xxxxxxxxxxx.xxxpredictiveAlto
21Filexxx/xxxxxx.xxxpredictiveAlto
22Filexxxxx.xxxpredictiveMedio
23Filexxxx_xxxx.xxxpredictiveAlto
24Filexxx.xxxxpredictiveMedio
25Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveAlto
26Filexxxxxx/xxx/xxxxxxxx.xpredictiveAlto
27Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
28Filexxxxxx.xxxpredictiveMedio
29Filexxx/xxxxxxxxx.xxpredictiveAlto
30Filexxxxxx.xxxpredictiveMedio
31Filexxx/xxx/xx_xxx.xpredictiveAlto
32Filexxx/xxxxxxxxx/xxx_xxxxxxxxx.xpredictiveAlto
33Filexxxxxxx.xxxpredictiveMedio
34Filexxxxxxxxxx.xxxpredictiveAlto
35Filexxxx/xxxxxxxxx.xxxpredictiveAlto
36Filexxxxx.xxxpredictiveMedio
37Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
38Filexxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
39Filexxxxxxxx.xxxpredictiveMedio
40Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
41Filex/xxxxx.xxxpredictiveMedio
42Filexxx_xxxx_xxxxxx.xxxpredictiveAlto
43Filexxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xxpredictiveAlto
44Filexxxx-xxxxxxx.xxxpredictiveAlto
45Filexxxx.xxxxx.xxxxxxpredictiveAlto
46Filexx-xxxxx.xxxpredictiveMedio
47Libraryxxx/xxxxxxxxx.xxpredictiveAlto
48Libraryxxxx.xxxxxpredictiveMedio
49Argument$_xxxxxpredictiveBajo
50Argumentxxxxx_xxxxpredictiveMedio
51ArgumentxxxxxxxxpredictiveMedio
52ArgumentxxxxxxxxpredictiveMedio
53ArgumentxxxxxxxxxxpredictiveMedio
54ArgumentxxxxxpredictiveBajo
55Argumentxxxx_xxpredictiveBajo
56ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
57Argumentx_xxpredictiveBajo
58ArgumentxxxxxxxxxxpredictiveMedio
59ArgumentxxxxxxxxpredictiveMedio
60ArgumentxxxxpredictiveBajo
61Argumentxxxx/xxxxxx/xxxpredictiveAlto
62ArgumentxxpredictiveBajo
63ArgumentxxxxxxxxpredictiveMedio
64Argumentxxx_xxxxxxx_xxxpredictiveAlto
65Argumentxxxx/xxxxxxxx/xxx/xxx/xxxxxxxx/xxxxxxxpredictiveAlto
66ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
67ArgumentxxxxxxpredictiveBajo
68ArgumentxxxxpredictiveBajo
69ArgumentxxxxxxxxpredictiveMedio
70ArgumentxxxxxxpredictiveBajo
71Argumentxxxx_xxxxxpredictiveMedio
72Argumentxxxxxxxxxx_xxxxpredictiveAlto
73ArgumentxxxxxxxxxxxpredictiveMedio
74ArgumentxxxxpredictiveBajo
75ArgumentxxxxxxpredictiveBajo
76Argumentxxxxxxxxx: xpredictiveMedio
77ArgumentxxxpredictiveBajo
78ArgumentxxxxxxpredictiveBajo
79ArgumentxxxxxxxxpredictiveMedio
80Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
81ArgumentxxxxpredictiveBajo
82Input Value../..predictiveBajo
83Network Portxxx/xxxxpredictiveMedio

Referencias (4)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!