Shiz Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (164)

Cronología

Idioma

en126
de30
zh4
fr2
es2

País

de30
us28
cn6
vn2
tr2

Actores

Ramnit8
Chthonic2
Shiz2
Noon1
XLoader1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined84
Content Management System8
Domain Name Software6
Web Server4
Cloud Software4

Proveedor

Not Defined38
SourceCodester32
Microsoft4
EmbedThis2
PLANEX2

Producto

SourceCodester Online Exam System6
Dnsmasq6
WordPress4
PHP4
SourceCodester Class Scheduling System4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1D-Link DIR-846 QoS POST escalada de privilegios8.88.5$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000640.03CVE-2023-6580
2SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.04CVE-2023-2642
3SourceCodester Online Internship Management System POST Parameter login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.04CVE-2023-2641
4OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment denegación de servicio6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.18CVE-2023-2618
5OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment denegación de servicio5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.09CVE-2023-2617
6SourceCodester Online Reviewer System GET Parameter user-update.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.09CVE-2023-2596
7SourceCodester Billing Management System POST Parameter ajax_service.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.04CVE-2023-2595
8SourceCodester Food Ordering Management System Registration sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.04CVE-2023-2594
9SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000620.09CVE-2023-2565
10jja8 NewBingGoGo cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.09CVE-2023-2560
11External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.04CVE-2017-20183
12SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.04CVE-2023-2619
13PHP-Login POST Parameter class.loginscript.php checkLogin sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000590.13CVE-2016-15031
14Dnsmasq Pending Request escalada de privilegios4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.005360.05CVE-2020-25686
15RRJ Nueva Ecija Engineer Online Portal Quiz add_quiz.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000510.13CVE-2024-0190
16Apache ActiveMQ escalada de privilegios7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001260.00CVE-2022-41678
17D-Link DIR-846 HNAP1 Privilege Escalation8.07.9$5k-$25k$5k-$25kNot DefinedNot Defined0.005770.00CVE-2023-33735
18PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.00CVE-2007-1287
19DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.02CVE-2010-0966
20Dnsmasq DNSSEC escalada de privilegios7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002840.00CVE-2017-15107

IOC - Indicator of Compromise (36)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
113.107.21.200Shiz2021-11-06verifiedAlto
213.107.22.200Shiz2021-11-06verifiedAlto
323.56.9.181a23-56-9-181.deploy.static.akamaitechnologies.comShiz2021-11-06verifiedAlto
423.253.126.58Shiz2021-11-06verifiedAlto
527.86.106.68mx01.au.comShiz2022-05-11verifiedAlto
635.229.93.4646.93.229.35.bc.googleusercontent.comShiz2022-04-14verifiedMedio
735.231.151.77.151.231.35.bc.googleusercontent.comShiz2021-11-06verifiedMedio
845.33.2.79li956-79.members.linode.comShiz2021-11-06verifiedAlto
9XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx2021-11-06verifiedAlto
10XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx2021-11-06verifiedAlto
11XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx2021-11-06verifiedAlto
12XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx2021-11-06verifiedAlto
13XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx2021-11-06verifiedAlto
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxx.xxXxxx2021-11-06verifiedAlto
15XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx2021-11-06verifiedAlto
16XX.XX.XXX.XXXxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx2021-11-06verifiedAlto
17XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx2021-11-06verifiedAlto
18XX.XX.XXX.XXXXxxx2022-06-25verifiedAlto
19XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx2021-11-06verifiedAlto
20XXX.XXX.XXX.XXxxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxx2022-05-06verifiedAlto
21XXX.XXX.XXX.XXXXxxx2021-11-06verifiedAlto
22XXX.XXX.XX.XXXx-xxxx.xx-xxxxxx.xxxXxxx2021-11-06verifiedAlto
23XXX.XX.XX.XXXxxx2021-11-06verifiedAlto
24XXX.XX.XX.XXXxxx2021-11-06verifiedAlto
25XXX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx2021-11-06verifiedAlto
26XXX.XXX.XXX.XXXXxxx2022-05-06verifiedAlto
27XXX.X.XXX.XXxxxxxx.xx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx2022-05-11verifiedAlto
28XXX.XX.XXX.XXXxxx2022-05-06verifiedAlto
29XXX.XXX.XXX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx2023-02-20verifiedAlto
30XXX.XX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx2021-11-06verifiedAlto
31XXX.XXX.XX.XXXXxxx2022-04-14verifiedAlto
32XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxx2022-04-14verifiedAlto
33XXX.XX.XXX.XXXXxxx2022-05-06verifiedAlto
34XXX.XX.XXX.XXXxxx2022-05-06verifiedAlto
35XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxx2021-11-06verifiedAlto
36XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxx2022-04-14verifiedAlto

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveAlto
16TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
19TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
20TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (131)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/.htpasswdpredictiveMedio
2File/admin/budget/manage_budget.phppredictiveAlto
3File/admin/edit_subject.phppredictiveAlto
4File/admin/save_teacher.phppredictiveAlto
5File/admin/service.phppredictiveAlto
6File/api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequestpredictiveAlto
7File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveAlto
8File/cas/logoutpredictiveMedio
9File/cgi-bin/nasset.cgipredictiveAlto
10File/changeimage.phppredictiveAlto
11File/dosen/datapredictiveMedio
12File/HNAP1predictiveBajo
13File/HNAP1/predictiveBajo
14File/index.php/weblinks-categoriespredictiveAlto
15File/jurusan/datapredictiveAlto
16File/kelas/datapredictiveMedio
17File/xxxxxxxxxx/xxxxpredictiveAlto
18File/xxx/xxxxx?xxxxx=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&xxxxx=xxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
19File/xxxxxxxxx/xxxxpredictiveAlto
20File/xxxx/xxxxx-xx-x/predictiveAlto
21File/xxxxxxxxx/xxxxxx.xxxpredictiveAlto
22File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictiveAlto
23File/xxxx_xxxxx.xxx?xxxxxxxxx=xxxxxxxpredictiveAlto
24File/xxxxxxxx-xxxx/xxx_xx/xxxxxx.xxxxpredictiveAlto
25File/xxxxxxx/predictiveMedio
26File/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveAlto
27Filexxx_xxxx.xxxpredictiveMedio
28Filexxxxx/predictiveBajo
29Filexxxxx/?xxxx=xxxxxxxxxx/xxxxxx_xxxxxxxxpredictiveAlto
30Filexxxxx/xxxxx.xxxpredictiveAlto
31Filexxxxx/xxxxxxxx_xxxxx_xxxx.xxxpredictiveAlto
32Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveAlto
33Filexxxxx_xxx.xxx?xxxxxx=xxxpredictiveAlto
34Filexxxx.xxxpredictiveMedio
35Filexxxx_xxxxxxx.xxxpredictiveAlto
36Filexxxx/xxx/xx.xpredictiveAlto
37Filex:\xxxxxxxx.xxxpredictiveAlto
38Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveAlto
39Filexxx.xpredictiveBajo
40Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxpredictiveAlto
41Filexxxxx.xxxpredictiveMedio
42Filexxxxxxxx.xxxpredictiveMedio
43Filexxxxxxxxxx_xxxxxx.xxxpredictiveAlto
44Filexxxxxxxxxxxxx.xxxpredictiveAlto
45Filexxxxxxxx-xxxxx-xxxxxxx-xxxxxx.xxxpredictiveAlto
46Filexxxxxxxxxxxx.xxxpredictiveAlto
47Filexx_xxxxxxx.xxxpredictiveAlto
48Filexxxxxxxxxxxxxxxx.xxxpredictiveAlto
49Filexxxxxxxxxx.xxxxx.xxxpredictiveAlto
50Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
51Filexxx/xxxxxx.xxxpredictiveAlto
52Filexxxxx.xxx?x=xxxxxxxxpredictiveAlto
53Filexxxxx/xxxx.xxxpredictiveAlto
54Filexxxxxx.xxpredictiveMedio
55Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictiveAlto
56Filexxx_xxxx.xxxpredictiveMedio
57Filexxxxxx_xxxxxxx.xxxpredictiveAlto
58Filexxxxxx.xpredictiveMedio
59Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveAlto
60Filexxxxxxxx.xxxpredictiveMedio
61Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveAlto
62Filexxxxxxx.xpredictiveMedio
63Filexxxx/xxx/xxx_xxxx.xpredictiveAlto
64Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveAlto
65Filexxxx_xxxx.xxxpredictiveAlto
66Filexxxxxx_xxxx.xxxpredictiveAlto
67Filexxxxxxxx.xxxpredictiveMedio
68Filexxxxx.xxxpredictiveMedio
69Filexxxxx/xxxx_xxxx.xxxpredictiveAlto
70Filexxxx_xxxxxx.xxxpredictiveAlto
71Filexxxxxx.xxxpredictiveMedio
72Filexxxxxxx.xxxxpredictiveMedio
73Filexxxx.xxpredictiveBajo
74Library/xxxxxxxxxx.xxx.xxxpredictiveAlto
75Libraryxxx/xxxxxxxx.xxxpredictiveAlto
76Libraryxxxxx.xxxpredictiveMedio
77Argument$_xxxxxx['xxxxx_xxxxxx']predictiveAlto
78Argumentxxxxxxxx_xxxxpredictiveAlto
79ArgumentxxxxxxxxpredictiveMedio
80ArgumentxxxxxxpredictiveBajo
81ArgumentxxxxxxxxpredictiveMedio
82ArgumentxxxxxxxxxxpredictiveMedio
83Argumentxx_xxpredictiveBajo
84Argumentxxxxxx_xxpredictiveMedio
85Argumentxxxx_xxpredictiveBajo
86Argumentxxxxxxx[x][xxxx]predictiveAlto
87Argumentxxxxxxxxx_xxxxpredictiveAlto
88Argumentxxxx_xxxxxxxxpredictiveAlto
89ArgumentxxxxxpredictiveBajo
90Argumentxxxx_xxxxxxx_xxxxpredictiveAlto
91ArgumentxxxxxxxxpredictiveMedio
92ArgumentxxxxxxpredictiveBajo
93Argumentxxxxxxxx/xxxxxxx/xxxxxxxpredictiveAlto
94ArgumentxxpredictiveBajo
95ArgumentxxxxxpredictiveBajo
96ArgumentxxxxxxxpredictiveBajo
97ArgumentxxxxxxxxxxpredictiveMedio
98ArgumentxxxxpredictiveBajo
99ArgumentxxxxxxpredictiveBajo
100ArgumentxxxxxxpredictiveBajo
101Argumentxxx_xxxxxxxxpredictiveMedio
102ArgumentxxxxpredictiveBajo
103Argumentxxxxxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxxpredictiveAlto
104ArgumentxxxxxxxxpredictiveMedio
105Argumentxxxx xxxxx/xxxx xxxxxxxxxxxpredictiveAlto
106ArgumentxxxxxxxpredictiveBajo
107ArgumentxxxxxxxpredictiveBajo
108Argumentxxxx/xxxxpredictiveMedio
109ArgumentxxxxpredictiveBajo
110Argumentxxxxxxxx_xxxxxxx_xxxxxxx/xxxxxxxx_xxxxxx_xxxxxxxpredictiveAlto
111ArgumentxxxxxxpredictiveBajo
112Argumentxxxxxxxxxx_xxxx_xxxxxxxpredictiveAlto
113ArgumentxxxpredictiveBajo
114Argumentxxx/xxxxx/xxxxx/xxxxxx/xxxx-xxxxpredictiveAlto
115ArgumentxxxxxxxxpredictiveMedio
116Argumentxxxxxxxx-xxxx-xxpredictiveAlto
117Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
118Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
119Argumentxxxx_xxpredictiveBajo
120Input Value-xpredictiveBajo
121Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveAlto
122Input ValuexxxxxxpredictiveBajo
123Input Value</xxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveAlto
124Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveAlto
125Input ValuexxxxxpredictiveBajo
126Input ValuexxxxxxpredictiveBajo
127Input Valuexxxxxxxxxx:xxxxxxxxxpredictiveAlto
128Pattern|xx|predictiveBajo
129Network Portxxx/xx (xxx xxxxxxxx)predictiveAlto
130Network Portxxx/xxxxxpredictiveMedio
131Network Portxxx xxxxxx xxxxpredictiveAlto

Referencias (7)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!