Space Pirates Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (244)

Idioma

en	180
zh	44
ja	6
sv	4
it	4

País

cn	136
us	100
it	2
jp	2
zw	2

Actores

Space Pirates	11
Cobalt Strike	5
TA505	1
pupy	1
Magniber	1

Interesar

Escribe

Not Defined	76
Firewall Software	12
Router Operating System	12
Content Management System	10
Operating System	6

Proveedor

Not Defined	68
Fortinet	12
Cisco	6
Apache	6
Microsoft	4

Producto

Fortinet FortiOS	10
Fortinet FortiProxy	6
WordPress	6
ProFTPD	4
Cisco IOS XE	4

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.08	CVE-2010-0966
3	PHP phpinfo cross site scripting	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.08985	0.08	CVE-2006-0996
4	WordPress URL Validator Redirect	6.6	6.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00509	0.03	CVE-2018-10101
5	WordPress get_the_generator cross site scripting	5.2	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00451	0.00	CVE-2018-10102
6	PHP phpinfo cross site scripting	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02101	0.04	CVE-2007-1287
7	Grafana Dashboard escalada de privilegios	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.03	CVE-2023-2801
8	Google Chrome V8 Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.24380	0.02	CVE-2020-16040
9	WordPress Login Page Redirect	6.2	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00731	0.04	CVE-2018-10100
10	SquirrelMail compose.php Serialized escalada de privilegios	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00456	0.02	CVE-2020-14932
11	GNU Screen socket.c ReceiveMsg escalada de privilegios	4.9	4.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00062	0.02	CVE-2023-24626
12	SmarterTools SmarterStats Remote Code Execution	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00777	0.03	CVE-2011-2159
13	Git Plugin Build escalada de privilegios	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01156	0.04	CVE-2022-36883
14	MinDoc ZIP File escalada de privilegios	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00084	0.00	CVE-2022-29637
15	MinDoc attach_#.jpg escalada de privilegios	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.00	CVE-2018-19114
16	Wondershare Filmora NativePushService escalada de privilegios	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00052	0.01	CVE-2023-31747
17	Apache RocketMQ Broker directory traversal	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00058	0.04	CVE-2019-17572
18	Nfec.de RechnungsZentrale authent.php4 sql injection	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01513	0.03	CVE-2006-1954
19	Synacor Zimbra Collaboration Suite WebEx Zimlet escalada de privilegios	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.70648	0.00	CVE-2020-7796
20	Basti2web Book Panel books.php sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00064	0.02	CVE-2009-4889

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	45.76.145.22	45.76.145.22.vultrusercontent.com	Space Pirates	2022-07-28	verified	Alto
2	45.77.16.91	45.77.16.91.vultrusercontent.com	Space Pirates	2022-07-28	verified	Alto
3	47.108.89.169		Space Pirates	2022-07-28	verified	Alto
4	103.27.109.234		Space Pirates	2022-07-28	verified	Alto
5	XXX.XXX.XXX.XXX		Xxxxx Xxxxxxx	2022-07-28	verified	Alto
6	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxxx	2022-07-28	verified	Alto
7	XXX.XX.XXX.XXX		Xxxxx Xxxxxxx	2022-07-28	verified	Alto
8	XXX.XX.XXX.XXX		Xxxxx Xxxxxxx	2022-07-28	verified	Alto
9	XXX.X.XXX.XX		Xxxxx Xxxxxxx	2022-07-28	verified	Alto
10	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxxx	2022-07-28	verified	Alto
11	XXX.XX.XX.XXX		Xxxxx Xxxxxxx	2022-07-28	verified	Alto
12	XXX.XXX.XXX.XXX		Xxxxx Xxxxxxx	2022-07-28	verified	Alto
13	XXX.XXX.XX.XXX		Xxxxx Xxxxxxx	2022-07-28	verified	Alto
14	XXX.XXX.XXX.XXX		Xxxxx Xxxxxxx	2022-07-28	verified	Alto
15	XXX.XXX.XXX.XXX		Xxxxx Xxxxxxx	2022-07-28	verified	Alto
16	XXX.XXX.XXX.XXX		Xxxxx Xxxxxxx	2024-02-19	verified	Alto
17	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxxx	2022-07-28	verified	Alto
18	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxxx	2022-07-28	verified	Alto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-21, CWE-22, CWE-23	Path Traversal	predictive	Alto
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CWE-94	Argument Injection	predictive	Alto
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
12	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
13	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Alto
15	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
16	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
17	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
18	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (88)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/controller/Index.php	predictive	Alto
2	File	/GetCSSashx/?CP=%2fwebconfig	predictive	Alto
3	File	/includes/rrdtool.inc.php	predictive	Alto
4	File	/login.php	predictive	Medio
5	File	/robots.txt	predictive	Medio
6	File	/rom	predictive	Bajo
7	File	/srv/www/htdocs	predictive	Alto
8	File	aa/../../uploads/blog/201811/attach_#.jpg	predictive	Alto
9	File	abook_database.php	predictive	Alto
10	File	admin/killsource	predictive	Alto
11	File	xxx_xxxxxx.xxx	predictive	Alto
12	File	xxxxxxxxxxx.xxx	predictive	Alto
13	File	xxxxxxx.xxxx	predictive	Medio
14	File	xxx/xxx.x	predictive	Medio
15	File	xxxxx.xxx	predictive	Medio
16	File	xxxxxxxx.xxx	predictive	Medio
17	File	xxxxxxxx/xxxxxxxxxx.xxxx	predictive	Alto
18	File	xxxxxxx.xxx	predictive	Medio
19	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
20	File	xxxxxxxxx.xxx	predictive	Alto
21	File	xxxxxxx/xxxxxxxx.xxx	predictive	Alto
22	File	xxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxx	predictive	Alto
23	File	xxxx.xxx	predictive	Medio
24	File	xxxxxxxxxxx.xxx	predictive	Alto
25	File	xxx/xxxxxx.xxx	predictive	Alto
26	File	xxxxxxx/xxx_xxxxx_xxxxxx.xxx	predictive	Alto
27	File	xxxxx.xxx	predictive	Medio
28	File	xxxxxxx/xxxxxxxxxxxxx.xxxx	predictive	Alto
29	File	xxxx_xxxx.xxx	predictive	Alto
30	File	xxxxxx.x	predictive	Medio
31	File	xxxx_xxxxxx.xxx	predictive	Alto
32	File	xxxxxxxxxxxx.xxx	predictive	Alto
33	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	predictive	Alto
34	File	xxxxxxxxxx.xxx	predictive	Alto
35	File	xxxxxxxx_xxxx.xxx	predictive	Alto
36	File	xxxxxxx.x	predictive	Medio
37	File	xxxxxx.xxx	predictive	Medio
38	File	xxxx.xxx	predictive	Medio
39	File	xxxxxx/xxxxxx.xxxxx.xxx	predictive	Alto
40	File	xxxxxx.x	predictive	Medio
41	File	xxx/xxxxxxxx.x	predictive	Alto
42	File	xxxxxxx_xxxxx.xxx	predictive	Alto
43	File	xxxxxxx.xxx	predictive	Medio
44	File	xxx_xxxxxx.xxx	predictive	Alto
45	File	xxxx.xxx	predictive	Medio
46	File	xxxxxx.xxx	predictive	Medio
47	File	xx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxx_xxxxxxxx_xxxxxxx&xxx=xxxxxxxx_xxxxx	predictive	Alto
48	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Alto
49	File	xx-xxxxxxxx/xxxx.xxx	predictive	Alto
50	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	Alto
51	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	Alto
52	File	xx-xxxxx.xxx	predictive	Medio
53	File	xx-xxxxxxxx.xxx	predictive	Alto
54	File	xxx/xxxx.xxx	predictive	Medio
55	File	xx_xxxxx/xxxxxx/xxxxxxxxx/xxxxxx_xxxx.xxx	predictive	Alto
56	Library	xxxxxxxxxx/xxxxx_xxx.x	predictive	Alto
57	Argument	xxx_xx	predictive	Bajo
58	Argument	xxxxxxxxxxx	predictive	Medio
59	Argument	xxxxxxxx	predictive	Medio
60	Argument	xxxxxxxx	predictive	Medio
61	Argument	xxxxxx	predictive	Bajo
62	Argument	xxx	predictive	Bajo
63	Argument	xxxxxxxxxx	predictive	Medio
64	Argument	xxx	predictive	Bajo
65	Argument	xxxx_xx	predictive	Bajo
66	Argument	xxxxxx	predictive	Bajo
67	Argument	xxxxxxxx	predictive	Medio
68	Argument	xx	predictive	Bajo
69	Argument	xx	predictive	Bajo
70	Argument	xxxx	predictive	Bajo
71	Argument	xxxxxxxxxx	predictive	Medio
72	Argument	xxx	predictive	Bajo
73	Argument	xxxxx	predictive	Bajo
74	Argument	xxxxx	predictive	Bajo
75	Argument	xxxxxxxx	predictive	Medio
76	Argument	xxxxxxx xxxxx	predictive	Alto
77	Argument	xxx_xx	predictive	Bajo
78	Argument	xxx_xxxxx	predictive	Medio
79	Argument	xxx	predictive	Bajo
80	Argument	xxx	predictive	Bajo
81	Argument	xxxx	predictive	Bajo
82	Argument	xxxx_xxxxx	predictive	Medio
83	Argument	\xxx\	predictive	Bajo
84	Argument	_xxxxx	predictive	Bajo
85	Argument	_xxxxxx_xxxxxxx_xxxx	predictive	Alto
86	Input Value	..	predictive	Bajo
87	Input Value	/xxxx.xxx	predictive	Medio
88	Network Port	xxx/xxxxx	predictive	Medio

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!