Squirrelwaffle Análisis

IOB - Indicator of Behavior (316)

Cronología

Idioma

en252
es54
fr6
pt4

País

us210
es60
br26
fr6
cn4

Actores

Ocupaciones

Interesar

Cronología

Escribe

Proveedor

Producto

Microsoft Windows14
Apple iOS8
Apple iPadOS6
Apache HTTP Server6
phpMyAdmin4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2OpenSSH Authentication Username divulgación de información5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
3Microsoft Windows IGMP Header escalada de privilegios7.56.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.00425CVE-1999-0918
4Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
5Microsoft Office Excel desbordamiento de búfer7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.08322CVE-2018-8574
6nginx escalada de privilegios6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.100.00241CVE-2020-12440
7Apple macOS Kernel Coldtro desbordamiento de búfer7.87.6$5k-$25k$0-$5kHighOfficial Fix0.000.00128CVE-2022-32894
8Dahua DHI-HCVR7216A-S3 DVR Protocol cifrado débil6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00159CVE-2017-6432
9Joomla CMS User Registration escalada de privilegios7.77.5$5k-$25kCalculadorHighOfficial Fix0.000.91424CVE-2016-8870
10Moment.js directory traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00330CVE-2022-24785
11ASRock RGB Driver AsrDrv103.sys vulnerabilidad desconocida5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00044CVE-2020-15368
12IBM AIX escalada de privilegios7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00044CVE-2017-1692
13SourceCodester Library Management System index.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00114CVE-2022-2492
14Apache HTTP Server mod_reqtimeout denegación de servicio5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.01696CVE-2007-6750
15Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k y más$5k-$25kUnprovenOfficial Fix0.000.00121CVE-2022-21857
16Discourse Messaging Bus directory traversal3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00071CVE-2021-43840
17Microsoft Windows MS-EFSRPC EfsRpcOpenFileRaw PetitPotam escalada de privilegios7.36.7$25k-$100k$0-$5kProof-of-ConceptWorkaround0.020.00000
18WordPress class-wp-object-cache.php stats cross site scripting4.94.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00877CVE-2020-11029
19DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.590.00943CVE-2010-0966
20Grandstream GXP16xx VoIP SSH Configuration Interface escalada de privilegios9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00270CVE-2018-17565

Campañas (1)

These are the campaigns that can be associated with the actor:

  • ProxyShell/ProxyLogon

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
123.111.163.24223-111-163-242.static.hvvc.usSquirrelwaffleProxyShell/ProxyLogon2022-02-22verifiedAlto
224.55.112.61dynamic.libertypr.netSquirrelwaffle2022-06-12verifiedAlto
324.229.150.5424.229.150.54.cmts-static.sm.ptd.netSquirrelwaffleProxyShell/ProxyLogon2022-02-22verifiedAlto
445.46.53.140cpe-45-46-53-140.maine.res.rr.comSquirrelwaffle2022-06-12verifiedAlto
547.22.148.6ool-2f169406.static.optonline.netSquirrelwaffle2022-06-12verifiedAlto
6XX.XX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxxxxx2022-06-12verifiedAlto
7XX.XXX.XXX.XXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxxxxx2022-06-12verifiedAlto
8XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx2022-02-22verifiedAlto
9XX.XX.XX.XXxxx-xx-xx-xx-xx.xx.xxx.xx.xxxXxxxxxxxxxxxxx2022-06-12verifiedAlto
10XX.XXX.XXX.XXx-xx-xxx-xxx-xx.xxxx.xx.xxxxxxx.xxxXxxxxxxxxxxxxx2022-06-12verifiedAlto
11XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxx.xx.xxxXxxxxxxxxxxxxx2022-06-12verifiedAlto
12XX.XX.XXX.XXXx-xx-xx-xxx-xxx.xxxx.xx.xxxxxxx.xxxXxxxxxxxxxxxxx2022-06-12verifiedAlto
13XX.XXX.XXX.XXXxxxxxxxxxxx-xxx-x-xx-xxx.xxx-xxx.xxx.xxxxxxx.xxXxxxxxxxxxxxxx2022-06-12verifiedAlto
14XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxxxx.xxxxxx.xxXxxxxxxxxxxxxx2022-06-12verifiedAlto
15XX.XX.XX.XXXxxx.xxxxxx-xx-xx.xxxxxxx.xxxxxx.xxXxxxxxxxxxxxxx2022-06-12verifiedAlto
16XXX.XXX.XXX.XXXxxxxxxxxxxxxx2022-06-12verifiedAlto
17XXX.XXX.XXX.XXxxxxx-xxxx.xxxxxxxxx.xxx.xxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx2022-02-22verifiedAlto
18XXX.XXX.XXX.XXxxx.xxxxxx.xxxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx2022-02-22verifiedAlto
19XXX.XX.XXX.XXxx.xxx.xx.xxx.xxx.xxx.xxxXxxxxxxxxxxxxx2022-06-12verifiedAlto
20XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxx.xxx.xxxXxxxxxxxxxxxxx2022-06-12verifiedAlto
21XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxx.xxxxx.xxxXxxxxxxxxxxxxx2022-06-12verifiedAlto
22XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxx.xxx.xxXxxxxxxxxxxxxx2022-06-12verifiedAlto
23XXX.XXX.XX.XXxxx-xxx-xx-xx.xxx.xxxxxxxx.xxXxxxxxxxxxxxxx2022-06-12verifiedAlto
24XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxxxxxxx-xxxxxxxx.xxx.xxXxxxxxxxxxxxxx2022-06-12verifiedAlto
25XXX.XXX.XXX.XXXxxxxxxxxxxxxx2022-02-22verifiedAlto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (134)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File.procmailrcpredictiveMedio
2File/cgi-bin/ExportALLSettings.shpredictiveAlto
3File/cgi-bin/ExportAllSettings.shpredictiveAlto
4File/config/getuserpredictiveAlto
5File/etc/passwdpredictiveMedio
6File/include/chart_generator.phppredictiveAlto
7File/index.phppredictiveMedio
8File/product_list.phppredictiveAlto
9File/qsr_server/device/rebootpredictiveAlto
10File/resource/file/api/save?auto=1predictiveAlto
11File/snmpGetpredictiveMedio
12File/tmppredictiveBajo
13File/uncpath/predictiveMedio
14File/wp-admin/admin-ajax.phppredictiveAlto
15Fileadministrator/components/com_media/helpers/media.phppredictiveAlto
16Fileadm_program/modules/dates/dates_function.phppredictiveAlto
17Filexxxx/xxxxxxxx.xxxpredictiveAlto
18Filexxxxxxxxx/xxxxxxxxxxxxxpredictiveAlto
19Filexxxx-xxxx.xpredictiveMedio
20Filexxxx.xxxpredictiveMedio
21Filexxxxx/xxx.xpredictiveMedio
22Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxxxxxxx\xxxxxx.xxxpredictiveAlto
23Filexxxxx-xx-xxxxxx-xxxxx.xxxpredictiveAlto
24Filexxxxxxx.xxxpredictiveMedio
25Filexxxxxxx_xx.xxxpredictiveAlto
26Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
27Filexxxx/xxxxxxxxxx/xxxxxxx/xxxxxxx.xxxxpredictiveAlto
28Filexxxxxxx.xxxpredictiveMedio
29Filexxxxxxx/xxx/xxxxx/xxxxxxxxxxxxpredictiveAlto
30Filexxxx.xxxpredictiveMedio
31Filexxxxxxxx.xxxpredictiveMedio
32Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
33Filexxxxxxx.xxxpredictiveMedio
34Filexxxxxxxx/xxxx/xxxx.xxpredictiveAlto
35Filexxxx-xxxx.xxpredictiveMedio
36Filexxxxxx.xxxpredictiveMedio
37Filexxx/xxxxxx.xxxpredictiveAlto
38Filexxxxxxx.xxxpredictiveMedio
39Filexxxxxxxx/xxxxxxx/xxxxxxxx_xxxx.xxxpredictiveAlto
40Filexxxxx.xxxpredictiveMedio
41Filexxxxx.xxxpredictiveMedio
42Filexxxxxxx.xxxpredictiveMedio
43Filexxx.x/xxxxxx.xpredictiveAlto
44Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveAlto
45Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveAlto
46Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveAlto
47Filexxxxxxx/xxxx_xxx_xxxxx.xxxpredictiveAlto
48Filexxxxx.xxxxpredictiveMedio
49Filexxx.xxxpredictiveBajo
50Filexxxxxxxx_xxxxxx.xxxpredictiveAlto
51Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictiveAlto
52Filexxxxx_xxxxxx_xxx.xxxpredictiveAlto
53Filexxxxx.xxxpredictiveMedio
54Filexxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxxpredictiveAlto
55Filexxxxxxxxxxxxxxxx.xxpredictiveAlto
56Filexxxxxxx.xxxpredictiveMedio
57Filexxxxx.xxxxpredictiveMedio
58Filexxx-xxxx.xpredictiveMedio
59Filexxxxxxxxx.xxxpredictiveAlto
60Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveAlto
61Filexxxx-xxxxxxxx.xxxpredictiveAlto
62Filexxxxx-xx-xxxxxx="xxxxxxxxx"/predictiveAlto
63Filexxxx_xxxxxxxx.xxxpredictiveAlto
64Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
65Filexx/xxxxxx/xxxxxpredictiveAlto
66Filexxxxxxxx.xxxpredictiveMedio
67Filexxxxxx.xxxpredictiveMedio
68Filexxxxxxxxxx.xxxpredictiveAlto
69Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxx_xxxxxx_xxxxxxpredictiveAlto
70Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
71File\xxxxxxx\xxxxxxxxx\xxxxxxxxxxxxxxxxxxpredictiveAlto
72File~/xxxxx.xxxpredictiveMedio
73Libraryxx/xxx/xxxx_xxxxxx.xxxpredictiveAlto
74Libraryxxxxxxxxx.xxxpredictiveAlto
75Libraryxxxxxxxxxxxxx.xxxpredictiveAlto
76Libraryxxxxxx.xxxpredictiveMedio
77Libraryxxxxxxxx.xxxpredictiveMedio
78Libraryxxxxxxxxx.xxxpredictiveAlto
79Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
80Argument--xxxxxxxpredictiveMedio
81Argument-xpredictiveBajo
82Argumentx@xxxxpredictiveBajo
83Argumentxxxxxxxx_xxxxpredictiveAlto
84ArgumentxxxxxpredictiveBajo
85ArgumentxxxxxxxxpredictiveMedio
86ArgumentxxxxxxxxxxpredictiveMedio
87ArgumentxxxpredictiveBajo
88Argumentxxx_xxx_xxpredictiveMedio
89ArgumentxxxxxxxxxxxxxxxpredictiveAlto
90ArgumentxxxpredictiveBajo
91ArgumentxxxxpredictiveBajo
92Argumentxxxx_xxxxpredictiveMedio
93ArgumentxxxxxpredictiveBajo
94Argumentxxxx_xxxxxxxpredictiveMedio
95ArgumentxxpredictiveBajo
96ArgumentxxxxxxxxxxxpredictiveMedio
97Argumentxxx_xxxpredictiveBajo
98Argumentxxxxxxx_xxxpredictiveMedio
99ArgumentxxpredictiveBajo
100ArgumentxxxxpredictiveBajo
101ArgumentxxxxpredictiveBajo
102ArgumentxxxxxxxxpredictiveMedio
103ArgumentxxxxxxxxpredictiveMedio
104Argumentxxxx[xxxxxxx]predictiveAlto
105ArgumentxxxxxxxpredictiveBajo
106ArgumentxxxxxxpredictiveBajo
107ArgumentxxxxxpredictiveBajo
108Argumentxx_xxxxpredictiveBajo
109ArgumentxxxxxxxpredictiveBajo
110Argumentxxxxx_xxxxxxpredictiveMedio
111ArgumentxxxxxxxxpredictiveMedio
112ArgumentxxxxxxxxxxpredictiveMedio
113ArgumentxxxxxxpredictiveBajo
114Argumentxxxx_xxxpredictiveMedio
115ArgumentxxxxxxpredictiveBajo
116Argumentxxxxxxx_xxpredictiveMedio
117Argumentxxxxx/xxxxxpredictiveMedio
118ArgumentxxxpredictiveBajo
119ArgumentxxxxxxpredictiveBajo
120ArgumentxxxxxxxxpredictiveMedio
121Argumentxxxxxxxx/xxxxpredictiveAlto
122Argumentxxxxxxxx:xxxxxxxxpredictiveAlto
123Argument_xxx_xxxxxxxxxxx_predictiveAlto
124Input Value..%xxpredictiveBajo
125Input Valuex</xx><xxxxxx>xxxxx(x)</xxxxxx>predictiveAlto
126Input Value::$xxxxx_xxxxxxxxxxpredictiveAlto
127Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveAlto
128Input ValuexxxxxxxxpredictiveMedio
129Input Valuexxxxxxxxx:xxxxxxxxpredictiveAlto
130Input Valuexxx.xxx[xxxxx]predictiveAlto
131Network PortxxxpredictiveBajo
132Network Portxxx/xx (xxx)predictiveMedio
133Network Portxxx/xxxx (xxx)predictiveAlto
134Network Portxxx xxxxxx xxxxpredictiveAlto

Referencias (4)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!