Scar Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Idioma

en	14
ru	2

País

us	14
ru	2

Actores

TA505	1
Scar	1
Cobalt Strike	1
RedLine Stealer	1
Raccoon	1

Interesar

Escribe

Not Defined	6
Operating System	4
Web Server	2
File Compression Software	2
Router Operating System	2

Proveedor

Not Defined	4
HelpSystems	2
RARLAB	2
Microsoft	2
Linux	2

Producto

nginx	2
HelpSystems Cobalt Strike Server	2
RARLAB WinRAR	2
Microsoft Windows	2
systemd	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	nginx HTTP/2 denegación de servicio	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09699	0.04	CVE-2018-16843
2	Microsoft Windows Runtime Remote Code Execution	8.1	7.7	$25k-$100k	$5k-$25k	High	Official Fix	0.40028	0.00	CVE-2022-21971
3	Joomla Usergroup Table escalada de privilegios	4.6	4.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00103	0.00	CVE-2021-26036
4	Bitrix24 Web Application Firewall cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00113	0.07	CVE-2020-13483
5	Linux Kernel Netfilter x_tables.c desbordamiento de búfer	8.8	8.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00256	0.04	CVE-2021-22555
6	Linux Kernel ptrace.c escalada de privilegios	7.8	7.6	$5k-$25k	$0-$5k	High	Official Fix	0.00052	0.00	CVE-2019-13272
7	HelpSystems Cobalt Strike Server Screenshot readCountedBytes Hotcobalt denegación de servicio	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00280	0.05	CVE-2021-36798
8	Cisco ASA/Firepower Threat Defense Network Address Translation escalada de privilegios	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00111	0.00	CVE-2021-34790
9	systemd unit-name.c alloca denegación de servicio	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.02	CVE-2021-33910
10	Hikvision Product Message escalada de privilegios	5.5	5.5	$0-$5k	$0-$5k	High	Not Defined	0.97485	0.03	CVE-2021-36260
11	RARLAB WinRAR desbordamiento de búfer	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00469	0.00	CVE-2008-7144
12	TP-LINK TL-WR740N Firmware Local Privilege Escalation	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.04
13	TP-LINK TL-WR841N Web Service desbordamiento de búfer	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02223	0.04	CVE-2019-17147
14	Genymotion Desktop Clipboard divulgación de información	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00594	0.00	CVE-2021-27549
15	Oracle Database Server OJVM escalada de privilegios	9.9	9.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00165	0.00	CVE-2017-10202

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	35.186.232.167	167.232.186.35.bc.googleusercontent.com	Scar	2022-05-06	verified	Medio
2	52.85.151.4	server-52-85-151-4.iad89.r.cloudfront.net	Scar	2021-07-17	verified	Alto
3	52.85.151.59	server-52-85-151-59.iad89.r.cloudfront.net	Scar	2021-07-17	verified	Alto
4	64.186.131.47		Scar	2022-04-12	verified	Alto
5	67.228.31.225	e1.1f.e443.ip4.static.sl-reverse.com	Scar	2022-04-12	verified	Alto
6	72.21.81.240		Scar	2022-05-05	verified	Alto
7	XX.XXX.XXX.XX	xxxxxx.xx-xxx-xxx-xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx	2021-07-17	verified	Alto
8	XX.XXX.XXX.XXX		Xxxx	2021-07-17	verified	Alto
9	XX.XX.XXX.XX	xxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxx	Xxxx	2021-07-17	verified	Alto
10	XX.XX.XXX.XXX	xxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxx	Xxxx	2021-07-17	verified	Alto
11	XXX.XXX.XX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxx	2022-05-05	verified	Alto
12	XXX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxx	2022-05-06	verified	Alto
13	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxx	2022-05-06	verified	Alto
14	XXX.XXX.XXX.XX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxx	2022-05-05	verified	Alto
15	XXX.XXX.XX.XX	xx-xx-xxx.xxxxx.xxx	Xxxx	2022-05-06	verified	Alto
16	XXX.XXX.XX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxx	2022-05-06	verified	Alto
17	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxx	2022-05-06	verified	Alto
18	XXX.XXX.X.XX		Xxxx	2021-07-17	verified	Alto
19	XXX.XXX.X.XX	xxxxxx.xxxxxxxxxxx.xxx	Xxxx	2021-07-17	verified	Alto
20	XXX.XXX.XXX.XXX		Xxxx	2022-04-12	verified	Alto
21	XXX.XX.XX.XXX	xx-xx.xxxxxxxxxx.xxx	Xxxx	2022-05-06	verified	Alto
22	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxxx	2022-05-06	verified	Alto
23	XXX.XXX.XXX.XX	xxxx.xxxxx.xxx	Xxxx	2022-05-05	verified	Alto
24	XXX.XXX.XXX.XX	xxxx.xxxxx.xxx	Xxxx	2022-05-05	verified	Alto
25	XXX.XX.XXX.XXX	xxx.xxxxx.xxx.xx	Xxxx	2022-05-05	verified	Alto
26	XXX.XX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxx	2022-05-06	verified	Alto
27	XXX.XX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxx	2022-05-06	verified	Alto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Clase	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Alto
2	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
3	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	basic/unit-name.c	predictive	Alto
2	File	components/bitrix/mobileapp.list/ajax.php/	predictive	Alto
3	File	xxxxxx/xxxxxx.x	predictive	Alto
4	File	xxx/xxxxxxxxx/x_xxxxxx.x	predictive	Alto
5	Argument	xxxxx[xxxxx][xx]	predictive	Alto

Referencias (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!