Sednit Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (95)

Cronología

Idioma

en74
de10
ru4
fr4
es2

País

us54
ru10
de6
fr4
es2

Actores

Grizzly Steppe6
APT283
Cobalt Strike3
Zeus2
Mirai2

Ocupaciones

Interesar

Cronología

Escribe

Not Defined30
Operating System10
Content Management System8
Groupware Software6
Database Software4

Proveedor

Not Defined30
Microsoft10
Apache4
Cisco4
VMware4

Producto

Microsoft Exchange Server4
Apache HTTP Server4
Microsoft Windows4
PHP4
Apple macOS4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Apple macOS Sudo desbordamiento de búfer6.56.4$0-$5k$0-$5kHighOfficial Fix0.970510.00CVE-2021-3156
2Microsoft IIS FastCGI desbordamiento de búfer7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.282640.06CVE-2010-2730
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
4Apache HTTP Server mod_cgid denegación de servicio5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.247150.04CVE-2014-0231
5Drupal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.001350.00CVE-2008-2999
6Nuked-Klan Partenaires module clic.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001340.06CVE-2010-4925
7Contest Gallery Photos and Files Plugin cross site request forgery4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-24887
8MariaDB init_expr_cache_tracker desbordamiento de búfer5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.00CVE-2022-32083
9TikiWiki tiki-register.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010755.65CVE-2006-6168
10Django Admin Interface debug.py cross site scripting6.15.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003700.03CVE-2016-6186
11Mendelson OFTP2 Upload Directory directory traversal4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.00CVE-2022-27906
12Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 denegación de servicio7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001720.03CVE-2023-20079
13Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 escalada de privilegios9.89.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.002870.00CVE-2023-20078
14Serendipity exit.php escalada de privilegios6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.21
15Bitrix Site Manager redirect.php escalada de privilegios5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
16OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
17PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.03CVE-2015-4134
18eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
19iRZ RUH2 Firmware Patch autenticación débil6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002260.00CVE-2016-2309
20Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.05CVE-2022-23797

Campañas (1)

These are the campaigns that can be associated with the actor:

  • Sednit

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
15.135.183.154ns3290077.ip-5-135-183.euAPT28Sednit2020-12-15verifiedAlto
231.7.62.103Sednit2022-03-05verifiedAlto
3XX.XXX.XX.XXXxxxxXxxxxx2020-12-15verifiedAlto
4XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxxXxxxxx2020-12-15verifiedAlto
5XX.XX.XX.Xxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxXxxxxx2020-12-15verifiedAlto
6XX.XXX.XX.XXXXxxxxXxxxxx2020-12-15verifiedAlto
7XX.XXX.XX.XXXxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxxx2020-12-15verifiedAlto
8XXX.XX.XXX.XXXXxxxxXxxxxx2020-12-15verifiedAlto
9XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxxx2020-12-15verifiedAlto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClaseVulnerabilidadVector de accesoEscribeConfianza
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (48)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/+CSCOE+/logon.htmlpredictiveAlto
2File/etc/config/image_signpredictiveAlto
3File/home/httpd/cgi-bin/cgi.cgipredictiveAlto
4File/htdocs/web/getcfg.phppredictiveAlto
5File/uncpath/predictiveMedio
6Fileadmin/admin.shtmlpredictiveAlto
7Filexxxxx/xxxxxxxx.xxxpredictiveAlto
8Filexxxxx/xxxxxxxxx.xxxpredictiveAlto
9Filexxxx.xxxpredictiveMedio
10Filexxxx.xxxpredictiveMedio
11Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveAlto
12Filexxx/xxxx/xxxx.xpredictiveAlto
13Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveAlto
14Filexxxx.xxxpredictiveMedio
15Filexxxxxxxxxxxxxx.xxxpredictiveAlto
16Filexxxxx.xxxpredictiveMedio
17Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveAlto
18Filexxxxxx.xpredictiveMedio
19Filexxx/xxxx/xxxx.xpredictiveAlto
20Filexxxxx:xxxxxxxxxxx.xxpredictiveAlto
21Filexxxx.xxxpredictiveMedio
22Filexxxxxxxx.xxxpredictiveMedio
23Filexxxxxxxx.xxxpredictiveMedio
24Filexx-xxxxxxx.xxxpredictiveAlto
25Filexxx.xxxpredictiveBajo
26Filexxxxxxxxxxx.xpredictiveAlto
27Filexxxxxx_xxxxxxxxxx_xxxxxxxx_xxxxxxx_xxxxxxxx.xpredictiveAlto
28Filexxxxxxx-xxxxxxx.xxxpredictiveAlto
29Filexxxx-xxxxxxxx.xxxpredictiveAlto
30Filexxx.xxxpredictiveBajo
31Filexxxxx/xxxxx.xxpredictiveAlto
32Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveAlto
33Filexxxxxxx.xxxpredictiveMedio
34ArgumentxxxxpredictiveBajo
35ArgumentxxpredictiveBajo
36ArgumentxxxxxxxxxpredictiveMedio
37ArgumentxxxxxxxxpredictiveMedio
38Argumentxxxxxx/xxxxxpredictiveMedio
39ArgumentxxxpredictiveBajo
40ArgumentxxxpredictiveBajo
41ArgumentxxxxxxxpredictiveBajo
42ArgumentxxxpredictiveBajo
43ArgumentxxxxxpredictiveBajo
44ArgumentxxxpredictiveBajo
45Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveAlto
46Argumentx=/predictiveBajo
47Input Valuexxxxxx/**/xxxx.predictiveAlto
48Input Value…/.predictiveBajo

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!