Sofacy Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (159)

Cronología

Idioma

en142
de10
ru4
zh2
es2

País

us52
ch48
cn6
tr6
nl4

Actores

Sofacy8
APT283
Vidar2
Sliver2
Raccoon2

Ocupaciones

Interesar

Cronología

Escribe

Not Defined54
Content Management System12
Operating System10
Smartphone Operating System8
Router Operating System8

Proveedor

Not Defined66
LG6
SourceCodester6
Microsoft6
Oracle4

Producto

LG Mobile Devices6
Drupal6
SourceCodester Simple and Nice Shopping Cart Scrip ...4
WordPress4
phpMyAdmin4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Backdoor.Win32.Tiny.c Service Port 7778 escalada de privilegios7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
2Linux Kernel NILFS File System inode.c security_inode_alloc desbordamiento de búfer8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2022-2978
3SourceCodester Simple and Nice Shopping Cart Script profile.php escalada de privilegios6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000980.03CVE-2022-2909
4Crow HTTP Pipelining desbordamiento de búfer8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007770.04CVE-2022-38667
5mySCADA myPRO escalada de privilegios9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.03CVE-2022-2234
6GNU Bash Environment Variable variables.c Shellshock escalada de privilegios9.89.3$100k y más$0-$5kHighOfficial Fix0.975640.00CVE-2014-6271
7WordPress Editor divulgación de información4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004630.04CVE-2021-29450
8AnyMacro AnyMacro Mail System directory traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001790.02CVE-2011-2468
9phpMyAdmin Configuration File setup.php escalada de privilegios7.37.0$5k-$25k$0-$5kHighOfficial Fix0.805860.06CVE-2009-1151
10WordPress class-wp-customize-widgets.php escalada de privilegios7.36.4$5k-$25k$0-$5kUnprovenOfficial Fix0.071580.03CVE-2014-5203
11Zeus Zeus Web Server desbordamiento de búfer10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.158870.02CVE-2010-0359
12OpenSSL c_rehash escalada de privilegios5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.097380.02CVE-2022-1292
13Tenda AX1803 getIptvInfo desbordamiento de búfer7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000870.02CVE-2023-51969
14ownCloud graphapi GetPhpInfo.php divulgación de información7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.869820.04CVE-2023-49103
15Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.02CVE-2022-27228
16Git Plugin Build escalada de privilegios6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.02CVE-2022-36883
17Cisco RV340/RV340W/RV345/RV345P escalada de privilegios7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.375090.02CVE-2023-20073
18Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.453520.00CVE-2023-21716
19ampache sql injection5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2023-0771
20x-text Language Tag divulgación de información5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000920.00CVE-2021-38561

Campañas (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
11.6.3.8Sofacy2020-12-22verifiedAlto
223.0.0.185a23-0-0-185.deploy.static.akamaitechnologies.comSofacy2020-12-23verifiedAlto
340.112.210.240Sofacy2020-12-23verifiedAlto
4XX.XXX.XXX.XXXxxxxx.xxxxxxxxxxx.xxxXxxxxxXxxxxxx2021-08-29verifiedAlto
5XX.XX.XX.XXXxxxxx2020-12-23verifiedAlto
6XX.XX.XX.XXXXxxxxx2020-12-23verifiedAlto
7XX.XXX.XX.XXXxxxxxxxxxxxxxxxx.xxxXxxxxxXxxxxxx2021-08-29verifiedAlto
8XX.XXX.XXX.XXXXxxxxxXxxxxxx2021-08-29verifiedAlto
9XX.XXX.XX.XXxxxxxx-xx.xxxxxxxx.xxXxxxxxXxxxxxxxxxxxx2020-12-23verifiedAlto
10XXX.XX.XX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxxx2020-12-22verifiedAlto
11XXX.XX.XX.XXXxxxx-xxxxx.xxxxxxx.xxxxXxxxxx2020-12-22verifiedAlto
12XXX.XXX.XX.XXXxxxxxxx.xxxx-xxxxxx.xxxXxxxxx2020-12-22verifiedAlto
13XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxXxxxxx2020-12-22verifiedAlto
14XXX.XXX.XXX.XXXXxxxxx2020-12-22verifiedAlto

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-94Argument InjectionpredictiveAlto
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
13TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
17TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (80)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File.procmailrcpredictiveMedio
2File/dashboard/updatelogo.phppredictiveAlto
3File/etc/openshift/server_priv.pempredictiveAlto
4File/files.md5predictiveMedio
5File/index.phppredictiveMedio
6File/info/headerspredictiveAlto
7File/mkshop/Men/profile.phppredictiveAlto
8File/Noxen-master/users.phppredictiveAlto
9File/uncpath/predictiveMedio
10Filexxxxxxx/xxxxxxxx.xxxpredictiveAlto
11Filexxxxxxx/xxxx.xxxpredictiveAlto
12Filexxxxxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
13Filexxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveAlto
14Filexx/xxxxxx_xxx.xxxpredictiveAlto
15Filexxxx/xxxxxxxxxxxx.xxxpredictiveAlto
16Filexxx.xxx?xxx=xxxxx_xxxxpredictiveAlto
17Filexxxxxxxx/xxxxpredictiveAlto
18Filex_xxxxxxpredictiveMedio
19Filexx.xpredictiveBajo
20Filexxxxx.xxxpredictiveMedio
21Filexxxxxxxxxx.xxxpredictiveAlto
22Filexxxxxx.xpredictiveMedio
23Filexxxxxxxx.xxxpredictiveMedio
24Filexxxxxxxxxx.xxxpredictiveAlto
25Filexxxx_xxxx.xpredictiveMedio
26Filexxxxx.xxxpredictiveMedio
27Filexxxxxx.xxxpredictiveMedio
28Filexxxxx.xpredictiveBajo
29Filexxxxxxxxxx.xxxpredictiveAlto
30Filexxxxx_xxxxxxx.xxxpredictiveAlto
31Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveAlto
32Filexxxx.xxxpredictiveMedio
33Filexxxxx.xxxpredictiveMedio
34Filexxxxx/xxxxx-xxxx-xxxxxxxx.xxxpredictiveAlto
35Filexxxx.xxx.xxxxxxxxxxpredictiveAlto
36Filexxxxxxxxx/xxxxx/xxxxxx.xxxxpredictiveAlto
37Filexxxxxx/xxxx.xxxpredictiveAlto
38Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
39Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveAlto
40Filexxxxxxxxx.xpredictiveMedio
41Filexxxxxxx.xxxpredictiveMedio
42Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxpredictiveAlto
43Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
44Filexxxxxx.xxxpredictiveMedio
45Filexx_xxxxxxx.xpredictiveMedio
46Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveAlto
47Libraryxxxxx.xxxpredictiveMedio
48ArgumentxxxxpredictiveBajo
49ArgumentxxxxxxxxxpredictiveMedio
50Argumentxxxx/xxxxpredictiveMedio
51Argumentxxxxxx_xxxx_xxxxxxxxpredictiveAlto
52ArgumentxxxxpredictiveBajo
53Argumentxxx_xxxx/xxx_xxxxxxxpredictiveAlto
54ArgumentxxxxxxpredictiveBajo
55ArgumentxxxxxxxxxxxpredictiveMedio
56Argumentxxxx_xxpredictiveBajo
57ArgumentxxxxpredictiveBajo
58Argumentxxx_xxpredictiveBajo
59ArgumentxxxxxxxxpredictiveMedio
60Argumentxxxxxxx[xxxxx]/xxxxxxx[xxxxxxxxxxx]predictiveAlto
61Argumentxxxx_xxxxpredictiveMedio
62ArgumentxxxxxxpredictiveBajo
63ArgumentxxxxxxxxxxxxpredictiveMedio
64ArgumentxxxxxxpredictiveBajo
65Argumentxxxxxx_xxpredictiveMedio
66ArgumentxxxxxpredictiveBajo
67ArgumentxxxxpredictiveBajo
68Argumentxxxxxx_xxpredictiveMedio
69ArgumentxxxpredictiveBajo
70ArgumentxxxxxxxxpredictiveMedio
71ArgumentxxxxxxxpredictiveBajo
72ArgumentxxxxpredictiveBajo
73Argumentxxxxx/xxxxxpredictiveMedio
74Argument_xxxxpredictiveBajo
75Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveAlto
76Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveAlto
77Input Valuexxx=/&xxxpredictiveMedio
78Pattern() {predictiveBajo
79Network Portxxx/xxxx (xxx)predictiveAlto
80Network Portxxx/xxxxpredictiveMedio

Referencias (6)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!