SessionManager Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Cronología

Idioma

zh12
en12
ja2

País

cn22
us2
jp2

Actores

Gelsemium2
Cobalt Strike2

Ocupaciones

Interesar

Cronología

Escribe

Not Defined12
Operating System4
Web Browser2
WordPress Plugin2
Content Management System2

Proveedor

Not Defined6
Microsoft4
Google2
Hikvision2
Michael Leithold2

Producto

Microsoft Windows4
ZCMS2
sentry-sdk2
Google Chrome2
Hikvision NVR DS-76xxNI-E12

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConCTIEPSSCVE
1ZCMS ThinkPHP sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00209CVE-2020-19705
2sentry-sdk Session divulgación de información5.65.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00090CVE-2023-28117
3IBM CTSS Text Editor Password divulgación de información3.33.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00000
4Permalink Manager Lite Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00000CVE-2024-2738
5Michael Leithold DSGVO All in One for WP Plugin cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.050.00043CVE-2024-27967
6Google Chrome V8 Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.00045CVE-2024-2625
7Huawei SXXXX XML Parser escalada de privilegios3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00056CVE-2017-15346
8prototypejs Prototype JavaScript framework Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00406CVE-2008-7220
9NVIDIA GeForce Experience nvcontainer.exe escalada de privilegios7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2020-5978
10Microsoft Windows Runtime Remote Code Execution8.17.4$100k y más$5k-$25kUnprovenOfficial Fix0.000.47432CVE-2022-21971
11Parallels Plesk Panel index.htm cross site scripting5.25.2$0-$5kCalculadorNot DefinedNot Defined0.010.00112CVE-2019-18793
12Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00054CVE-2018-19464
13ZCMS sql injection8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00386CVE-2015-7346
14ZCMS cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00058CVE-2019-9078
15Microsoft Windows Print Spooler Local Privilege Escalation7.56.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.96825CVE-2021-1675
16Jfinal CMS FileManagerController.java FileManager.rename escalada de privilegios6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00202CVE-2020-19155
17Redis BIT Command divulgación de información7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01713CVE-2021-32761
18OpenLiteSpeed WebAdmin Console escalada de privilegios9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00244CVE-2020-5519
19FileZilla Server PORT escalada de privilegios4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00052CVE-2015-10003
20ThinkPHP index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00173CVE-2018-10225

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
1202.182.123.185202.182.123.185.vultrusercontent.comSessionManager2022-07-05verifiedAlto
2XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxx2022-07-05verifiedAlto

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1059.007CWE-79Cross Site ScriptingpredictiveAlto
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
3TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1Fileadmin.phppredictiveMedio
2Fileindex.phppredictiveMedio
3Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveAlto
4Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
5Filexxxxxxxxxxx.xxxpredictiveAlto
6Filexxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxxpredictiveAlto
7Filexxxx/xxx.xxx?xx=xxxxxxpredictiveAlto
8ArgumentxxxxxxxxpredictiveMedio
9ArgumentxxxxxxxxpredictiveMedio
10Input ValuexxxxxxpredictiveBajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!