Sysrv Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (158)

Cronología

Idioma

en124
ru18
ja8
zh4
fr2

País

us46
ua38
cn10
gb2

Actores

Sysrv3
Mirai3
Cobalt Strike3
AsyncRAT2
Nanocore RAT2

Ocupaciones

Interesar

Cronología

Escribe

Not Defined66
Content Management System18
Firewall Software6
Cloud Software6
Web Browser6

Proveedor

Not Defined46
Joomla8
OnePlug6
Cisco6
Fortinet4

Producto

Joomla CMS8
OnePlug CMS6
Fortinet FortiOS4
Multivendor Marketplace Solution for WooCommerce2
Fortinet FortiProxy2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Apple iOS ImageIO denegación de servicio6.46.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.035330.00CVE-2016-1811
2gopeak MasterLab HTTP POST Request Framework.php sqlInject sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.08CVE-2023-7145
3Grafana directory traversal6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.974740.02CVE-2021-43798
4CKFinder File Name escalada de privilegios7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.04CVE-2019-15862
5PHPMailer Phar Deserialization addAttachment escalada de privilegios5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
6Apple iOS CommonCrypto divulgación de información5.45.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2016-1802
7Fortinet FortiOS sslvpnd desbordamiento de búfer9.89.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.418830.00CVE-2022-42475
8Fortinet FortiOS/FortiProxy FortiGate SSL-VPN desbordamiento de búfer9.89.6$25k-$100k$25k-$100kNot DefinedOfficial Fix0.154070.04CVE-2023-27997
9WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.04CVE-2008-0507
10Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.33
11ASP Portal add_edit_cat.asp sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.009830.02CVE-2006-1353
12MyBatis Plus sql injection8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2023-25330
13Zabbix Application Server Privilege Escalation4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.003170.00CVE-2021-46088
14Grafana Labs Permission autenticación débil9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.972400.07CVE-2021-39226
15Duo Network Gateway Log divulgación de información4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2020-3483
16Linux Kernel af_packet.c packet_set_ring desbordamiento de búfer6.56.4$0-$5k$0-$5kHighOfficial Fix0.000880.04CVE-2017-7308
17Biscom Secure File Transfer escalada de privilegios8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.021800.04CVE-2020-8796
18Oracle Siebel CRM Siebel Core - Server Infrastructure divulgación de información5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001940.00CVE-2021-2368
19studio-42 elfinder phar File Remote Code Execution5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.016230.02CVE-2021-23394
20shell-quote Windows Drive Letter exec escalada de privilegios5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.06CVE-2021-42740

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
131.42.177.123scalemany.comSysrv2022-07-27verifiedAlto
231.210.20.120Sysrv2022-07-27verifiedAlto
3XX.XXX.XX.XXXXxxxx2022-07-27verifiedAlto
4XX.XXX.XXX.XXXxxxx2022-07-27verifiedAlto
5XXX.XXX.XXX.XXxxx-xxxx.xxxxx--xxxxxxx.xxxXxxxx2022-07-27verifiedAlto
6XXX.XX.XXX.XXXxxxx2022-07-27verifiedAlto
7XXX.XXX.XXX.XXXxxxx2022-07-27verifiedAlto
8XXX.XX.XX.XXXxxxx2022-07-27verifiedAlto

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-21, CWE-22Path TraversalpredictiveAlto
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-94Argument InjectionpredictiveAlto
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveAlto
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
15TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (81)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/admin/contenttemppredictiveAlto
2File/htdocs/upnpinc/gena.phppredictiveAlto
3File/lab.htmlpredictiveMedio
4File/member/picture/albumpredictiveAlto
5File/products/details.asppredictiveAlto
6File/public/plugins/predictiveAlto
7File/services/details.asppredictiveAlto
8File/vendorpredictiveBajo
9Fileadclick.phppredictiveMedio
10Fileadd_edit_cat.asppredictiveAlto
11Filexxxxx.xxxpredictiveMedio
12Filexxxxx/xxxxxx.xxxxxxxxx_xxxxx.xxxpredictiveAlto
13Filexxxxxxx.xxxpredictiveMedio
14Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveAlto
15Filexxx/xxxx/xxxxxxxxx.xxxpredictiveAlto
16Filexxxxxxxxxx.xxxpredictiveAlto
17Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveAlto
18Filexxxxxx.xxx.xxxpredictiveAlto
19Filexxxxxxxx.xxx.xxxpredictiveAlto
20Filexxxxxxxxxxxxx.xxxxxpredictiveAlto
21Filexxx/xxxx.xpredictiveMedio
22Filexxx/xxxxxx.xxxpredictiveAlto
23Filexxxxxxx.xxxpredictiveMedio
24Filexxxxxxx/xxxx_xxxxxxxxxx.xxxpredictiveAlto
25Filexxxx_xxxx.xxxpredictiveAlto
26Filexxxxxx_xxxxx_xxxxxxx.xpredictiveAlto
27Filexxx/xxxxxx/xx_xxxxxx.xpredictiveAlto
28Filexxxx.xxxpredictiveMedio
29Filexxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveAlto
30Filexxxxxxx.xxxpredictiveMedio
31Filexxxxx/xxxxxxx.xxxpredictiveAlto
32Filexxxxxxxx.xxxpredictiveMedio
33Filexxxxxxxx.xxxpredictiveMedio
34Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveAlto
35Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveAlto
36Filexxxx_xxxxx.xxxxpredictiveAlto
37Filexxxxx_xxxx_xxx.xxxpredictiveAlto
38Filexxxxx_xxxxx.xxxpredictiveAlto
39Filexxx.xxxpredictiveBajo
40Filexxxxxxxx.xxxpredictiveMedio
41Filexxxxxxx.xxxpredictiveMedio
42Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveAlto
43Filexx-xxxxx-xxxxxx.xxxpredictiveAlto
44File\xxx\xxxxxxxx\xxxxxxxx\xxxxxxxx.xxxpredictiveAlto
45Libraryxxx_xxxxxx.xxxpredictiveAlto
46Libraryxxxxxx[xxxxxx_xxxxpredictiveAlto
47Libraryxxxxxxxxx/xxx/xxxxxxxxxx/xxxx/xxxxx/xxxxxxx.xxxxx.xxxpredictiveAlto
48ArgumentxxxxxxxxpredictiveMedio
49Argumentxxxxx_xxxxpredictiveMedio
50Argumentxxx_xxxpredictiveBajo
51Argumentxxx_xxpredictiveBajo
52Argumentxxxx_xxpredictiveBajo
53Argumentxxxxxx[xxxxxx_xxxx]predictiveAlto
54ArgumentxxxxxxxxxxxxpredictiveMedio
55ArgumentxxxxxxxxpredictiveMedio
56ArgumentxxxxpredictiveBajo
57ArgumentxxpredictiveBajo
58ArgumentxxxxxxxxxpredictiveMedio
59ArgumentxxxpredictiveBajo
60Argumentxxx_xxxxxxx_xxxpredictiveAlto
61Argumentxxxxxxx xxxxpredictiveMedio
62Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveAlto
63ArgumentxxxxpredictiveBajo
64Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveAlto
65ArgumentxxxpredictiveBajo
66Argumentxxxxxxx_xxpredictiveMedio
67ArgumentxxxpredictiveBajo
68ArgumentxxxxxxxxxxxpredictiveMedio
69Argumentxxxxxx_xxxxpredictiveMedio
70ArgumentxxxxxxpredictiveBajo
71Argumentxxxxxxx_xxpredictiveMedio
72ArgumentxxxxpredictiveBajo
73Argumentxxxxxxx xxxxxxxpredictiveAlto
74ArgumentxxxpredictiveBajo
75Argumentxxxxxxxxx_xxxxxpredictiveAlto
76ArgumentxxxxxxxpredictiveBajo
77ArgumentxxxxxpredictiveBajo
78ArgumentxxxxpredictiveBajo
79Argumentxxxxxxxx/xxxxxxxx/xxxxxxxxxxxpredictiveAlto
80Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveAlto
81Input Value..predictiveBajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!