Sugar Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (355)

Idioma

en	344
fr	4
es	4
de	2
it	2

País

us	32
es	10
it	2
ch	2
ar	2

Actores

FIN7	1
Wizard Spider	1
APT28	1
TrickBot	1
Sugar	1

Interesar

Escribe

Not Defined	166
Operating System	22
Smartphone Operating System	16
Content Management System	10
Anti-Malware Software	10

Proveedor

Not Defined	94
Microsoft	22
Cisco	12
Google	12
NetIQ	10

Producto

Microsoft Windows	16
Google Android	10
Kaspersky Internet Security	8
Kaspersky Total Security	8
Kaspersky Security Cloud	8

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	thecodingmachine Gotenberg html escalada de privilegios	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00092	0.00	CVE-2021-23345
3	ALEOS API desbordamiento de búfer	4.1	3.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00114	0.00	CVE-2019-11848
4	VMware Tools VM3DMP Driver denegación de servicio	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2021-21997
5	Synology Download Station escalada de privilegios	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2021-34811
6	Apache HTTP Server mod_rewrite Redirect	6.7	6.7	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00258	0.09	CVE-2020-1927
7	Cisco Jabber denegación de servicio	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00107	0.00	CVE-2021-1570
8	Wibu CodeMeter Runtime Runtime Server denegación de servicio	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02268	0.00	CVE-2021-20094
9	LaikeTui ZIP Archive escalada de privilegios	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00320	0.00	CVE-2021-34128
10	IBM Resilient SOAR cifrado débil	2.7	2.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2021-20567
11	Tianocore EDK2 Private Key IpSecDxe.efi Privilege Escalation	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00168	0.00	CVE-2021-28213
12	Samsung Account SettingWebView escalada de privilegios	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2021-25403
13	Samsung Smart Phone SecSettings escalada de privilegios	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.02	CVE-2021-25393
14	Huawei Smart Phone App escalada de privilegios	5.5	5.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2021-22334
15	Chiyu BF-430/BF-431/BF-450M man.cgi cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.97029	0.00	CVE-2021-31250
16	Linux Kernel UDP Port denegación de servicio	4.0	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2001-1400
17	Huawei Smart Phone autenticación débil	4.1	4.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00070	0.00	CVE-2021-22316
18	Nextcloud Server Lookup escalada de privilegios	2.7	2.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00063	0.00	CVE-2021-32653
19	RebornCore ObjectInputStream.readObject escalada de privilegios	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02926	0.03	CVE-2021-33790
20	Red Hat Ansible Tower OAuth2 Authentication autenticación débil	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.03	CVE-2020-10709

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	82.146.53.237	docker-05.yarperspektiva.ru	Sugar		2022-02-05	verified	Alto
2	XXX.XX.XXX.XXX		Xxxxx		2022-02-05	verified	Alto

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-21, CWE-22	Path Traversal	predictive	Alto
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CWE-94	Argument Injection	predictive	Alto
4	T1059.007	CWE-79, CWE-80, CWE-83	Cross Site Scripting	predictive	Alto
5	T1068	CWE-264, CWE-266, CWE-269, CWE-270, CWE-284	Execution with Unnecessary Privileges	predictive	Alto
6	TXXXX.XXX	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CWE-XXX	Xxx-xxx Xxxx Xxxxxxx Xxxx	predictive	Alto
9	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
11	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
12	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
13	TXXXX	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	Alto
14	TXXXX	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
15	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
16	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
17	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
18	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
19	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
20	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
21	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
22	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto
23	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (110)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/$({curl	predictive	Medio
2	File	/+CSCOE+/logon.html	predictive	Alto
3	File	/bfd/pef.c	predictive	Medio
4	File	/cms/print.php	predictive	Alto
5	File	/convert/html	predictive	Alto
6	File	/device/device=140/tab=wifi/view	predictive	Alto
7	File	/doorgets/app/requests/user/emailingRequest.php	predictive	Alto
8	File	/etc/passwd	predictive	Medio
9	File	/one/getpassword.php	predictive	Alto
10	File	/oscommerce/admin/administrators.php	predictive	Alto
11	File	/public/admin.php	predictive	Alto
12	File	/restapi/v1/certificates/FFM-SSLInspect	predictive	Alto
13	File	/xxx/xxxxx-xxxxxxxx/xxxxx-xxxxxxx-xxxx	predictive	Alto
14	File	/xxx/xxxx/xx	predictive	Medio
15	File	/xxx/xxxx.xxx	predictive	Alto
16	File	/_xxxx/xxxxxxx/	predictive	Alto
17	File	xxxxx/xxxxxx-xxxxxxxx.xxx	predictive	Alto
18	File	xxxxxxx/xxxxxx.xxx?xx=xxxxxxxx	predictive	Alto
19	File	xxxxxx.xxx	predictive	Medio
20	File	xxxxxx_xxxxxxxx.xxx	predictive	Alto
21	File	xxxxxxxx.xxx	predictive	Medio
22	File	xxx-xxx/xxxxxxxxx	predictive	Alto
23	File	xxxxx-xx-xxxxxx-xxxxx.xxx	predictive	Alto
24	File	xxx.xxxx	predictive	Medio
25	File	xxx.xxx	predictive	Bajo
26	File	xxxxxxxxxx/xxxxxxxxxx-xxxxxxxx.xxx	predictive	Alto
27	File	xxxx/xxxxx-xxxxxx.xxx	predictive	Alto
28	File	xxxx/xxxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
29	File	xxxxx_xxxxxxx.x	predictive	Alto
30	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
31	File	xxx/xxxxxx/xxxxxx/xxxxxxxxxxx/xxx.xxx	predictive	Alto
32	File	xxxxxxxx?xxxx=xxxxx	predictive	Alto
33	File	xxxxxxxxxx.xxx	predictive	Alto
34	File	xxxxxx\xxxxx.xxxxxxx_xxxxxxx.xxx	predictive	Alto
35	File	xxxx-xxxxx.x	predictive	Medio
36	File	xxxxxxxxxxx.xxx	predictive	Alto
37	File	xxxxxxx_xxx.x	predictive	Alto
38	File	xxx_xxxx.xxx	predictive	Medio
39	File	xxxx/xxx_xxx_xxxxx.x	predictive	Alto
40	File	xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxx/xxxxx/xxxxx-xxxxxxx.xxx	predictive	Alto
41	File	xxxxx.xx	predictive	Medio
42	File	xxxxx.xxx	predictive	Medio
43	File	xxxxx.xxx/xxxxx/xxxxx	predictive	Alto
44	File	xxxxx.xxx?xxxxxx=xxxxxx&xxxxxx=xxx	predictive	Alto
45	File	xxxxxxxx.xxx	predictive	Medio
46	File	xxxx-xxxxxx-xxxxxxxxx.xxx	predictive	Alto
47	File	xxxx/xxxxxxx/xxxxxxxx.xxxx.xxx	predictive	Alto
48	File	xxxxx.xxx	predictive	Medio
49	File	xxxxx.xxx	predictive	Medio
50	File	xxx.xxx	predictive	Bajo
51	File	xx-xxxxx/xxxx.xxx	predictive	Alto
52	File	xxxxxxx_xxxxx.xxx	predictive	Alto
53	File	xx/xxx.x	predictive	Medio
54	File	xxx/xxx_xxxxx/xx_xxxxx.x	predictive	Alto
55	File	xxxx_xxxx.x	predictive	Medio
56	File	xxxxxxxxxxxxx.xxx	predictive	Alto
57	File	xxxxxxx.xxx	predictive	Medio
58	File	xxxxxxxxxxxxx.x	predictive	Alto
59	File	xxxxxxxxxxxxx.xxx	predictive	Alto
60	File	xxxxxxxxxxxxx.xxx	predictive	Alto
61	File	xxxxxxxxxxxxx.xxx	predictive	Alto
62	File	xxxxxx/xxxxxx.xxx	predictive	Alto
63	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Alto
64	File	xxxx.x	predictive	Bajo
65	File	xxxx_xxx.xxx	predictive	Medio
66	File	xxxxxx.xx	predictive	Medio
67	File	xxxxx_xxx_xxxxxxx.x	predictive	Alto
68	File	xxxxxxxxxxxxxxxxxxxx.xxx	predictive	Alto
69	File	xxxxxx.xxx	predictive	Medio
70	File	xxxx/xxxxxxxxxxxxxx.xxx	predictive	Alto
71	File	xxx_xxxxxx.x	predictive	Medio
72	File	xx-xxxxx/xxxxx-xxxxxx.xxx	predictive	Alto
73	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Alto
74	Library	xxxxxxxxxx.xxx	predictive	Alto
75	Argument	.xxxxx	predictive	Bajo
76	Argument	xxxxxx[xxxx]	predictive	Medio
77	Argument	xxxxxxx	predictive	Bajo
78	Argument	xxxx_xx	predictive	Bajo
79	Argument	xxx_xx	predictive	Bajo
80	Argument	xxxxxx xxxx	predictive	Medio
81	Argument	xxx	predictive	Bajo
82	Argument	xxxxxx['xxxx']	predictive	Alto
83	Argument	xxxxxxxx	predictive	Medio
84	Argument	xxxxxx	predictive	Bajo
85	Argument	xxxxxx	predictive	Bajo
86	Argument	xxxx_xxxx	predictive	Medio
87	Argument	xxxxx	predictive	Bajo
88	Argument	xx	predictive	Bajo
89	Argument	xxxxxxxxxxxxxxxx	predictive	Alto
90	Argument	xxx	predictive	Bajo
91	Argument	xxxx	predictive	Bajo
92	Argument	xxxxxxx	predictive	Bajo
93	Argument	xxxxxxxx	predictive	Medio
94	Argument	xxxx_xx	predictive	Bajo
95	Argument	xxx_xxxxxx_xxx_xxxxxx_xxxxxxx	predictive	Alto
96	Argument	xxxxxx_xxx	predictive	Medio
97	Argument	xxx	predictive	Bajo
98	Argument	xxx	predictive	Bajo
99	Argument	xxxxxx	predictive	Bajo
100	Argument	xxxxxxxxx	predictive	Medio
101	Argument	xxxx	predictive	Bajo
102	Argument	xxxxxxxx	predictive	Medio
103	Argument	xxxx	predictive	Bajo
104	Argument	_xxx_xxxxxxx_xxxxx_xxxxxxxxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxx	predictive	Alto
105	Input Value	%x/%x	predictive	Bajo
106	Input Value	../xxxxx.xxxx	predictive	Alto
107	Input Value	xxxx	predictive	Bajo
108	Input Value	===	predictive	Bajo
109	Network Port	xxxx	predictive	Bajo
110	Network Port	xxx/xxxx	predictive	Medio

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!