TA410 Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (264)

Cronología

Idioma

en220
zh22
ru8
fr4
de2

País

us102
cn76
ce10
ru6
la6

Actores

Cobalt Strike14
NetSupportManager RAT11
TA4109
Raccoon9
SideWinder8

Ocupaciones

Interesar

Cronología

Escribe

Not Defined94
WordPress Plugin16
Content Management System16
Firewall Software12
Router Operating System12

Proveedor

Not Defined90
Microsoft20
Computrols6
Sophos6
QNAP6

Producto

WordPress10
Microsoft Windows8
Computrols CBAS6
QNAP QTS6
Microsoft Exchange Server6

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.70CVE-2010-0966
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
4Palo Alto PAN-OS GlobalProtect Clientless VPN desbordamiento de búfer8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
5VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
6Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
7Linksys WRT54GL Web Management Interface SysInfo1.htm divulgación de información4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.19CVE-2024-1406
8MW WP Form Plugin escalada de privilegios7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.002480.00CVE-2023-6316
9request-baskets API Request {name} escalada de privilegios6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
10Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.08CVE-2019-10232
11Sophos Firewall User Portal/Webadmin autenticación débil8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.974340.08CVE-2022-1040
12CutePHP CuteNews escalada de privilegios7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.08CVE-2019-11447
13WordPress Object escalada de privilegios5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
14Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k y más$0-$5kProof-of-ConceptOfficial Fix0.070840.04CVE-2022-26923
15QNAP QTS Media Library escalada de privilegios8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
16Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.973190.00CVE-2021-34473
17Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$0-$5kUnprovenOfficial Fix0.965140.04CVE-2021-42321
18Bitcoin Core bitcoin-qt wallet.dat Memory cifrado débil5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.002360.03CVE-2019-15947
19OpenSSH Authentication Username divulgación de información5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.09CVE-2016-6210
20Samurai Build File util.c canonpath desbordamiento de búfer6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2019-19795

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
15.252.179.227no-rdns.mivocloud.comTA4102022-10-05verifiedAlto
243.254.216.104TA4102022-10-05verifiedAlto
343.254.219.153TA4102022-10-05verifiedAlto
445.124.115.10345.124.115.103.static.xtom.hkTA4102022-10-05verifiedAlto
5XX.XXX.XX.XXXxxxx2022-10-05verifiedAlto
6XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxx2022-10-05verifiedAlto
7XXX.XX.XX.XXXxxxx.xxxxxxx-xxxxxx.xxxXxxxx2024-02-16verifiedAlto
8XXX.XXX.X.XXXXxxxx2024-02-16verifiedAlto
9XXX.XXX.X.XXXxxxx2022-10-05verifiedAlto
10XXX.XX.XXX.XXXXxxxx2022-10-05verifiedAlto
11XXX.XXX.XXX.XXXxxxx2022-10-05verifiedAlto
12XXX.XX.XXX.Xxxxxxx-xxx-xx-xxx-x.xxxxxx.xx.xxXxxxx2022-10-05verifiedAlto
13XXX.XXX.XX.XXxxxx.xxxxxxxxxxxxxxx.xxxXxxxx2022-10-05verifiedAlto
14XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxx2022-10-05verifiedAlto
15XXX.XXX.XXX.XXXxxxx2024-02-16verifiedAlto
16XXX.XXX.XXX.XXXXxxxx2022-10-05verifiedAlto

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
10TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (118)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/api/baskets/{name}predictiveAlto
2File/api/RecordingList/DownloadRecord?file=predictiveAlto
3File/api /v3/authpredictiveAlto
4File/apply.cgipredictiveMedio
5File/cgi-bin/wlogin.cgipredictiveAlto
6File/gena.cgipredictiveMedio
7File/MIME/INBOX-MM-1/predictiveAlto
8File/netflow/jspui/editProfile.jsppredictiveAlto
9File/php/ping.phppredictiveAlto
10File/rapi/read_urlpredictiveAlto
11File/scripts/unlock_tasks.phppredictiveAlto
12File/sec/content/sec_asa_users_local_db_add.htmlpredictiveAlto
13File/see_more_details.phppredictiveAlto
14File/xxxxxxxx.xxxpredictiveAlto
15File/xxxxxxx_xxxx.xxxpredictiveAlto
16File/xxxxxx/xxxx/xxxxxxx/xxx_xxxxx/xxxxxxxxxx.xxxpredictiveAlto
17File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveAlto
18Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveAlto
19Filexxxxxxx/xxxx.xxxpredictiveAlto
20Filexxxx-xxxx.xpredictiveMedio
21Filexxxxxx.xxxpredictiveMedio
22Filexxx-xxx/xxxxx_xxx_xxxpredictiveAlto
23Filexxxxxx/xxx.xpredictiveMedio
24Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
25Filexxxxxxxxx.xxx.xxxpredictiveAlto
26Filexxxxx/xxxxx.xxxpredictiveAlto
27Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
28Filexxxx_xxxxx.xxxpredictiveAlto
29Filexxxxx.xxxpredictiveMedio
30Filexxxxxx.xxxpredictiveMedio
31Filexx/xx-xx.xpredictiveMedio
32Filexxx/xxxx_xxxx.xpredictiveAlto
33Filexxxxxx/xxxxxxxxxxxpredictiveAlto
34Filexxxx_xxxxxx.xpredictiveAlto
35Filexxxx/xxxxxxx.xpredictiveAlto
36Filexxx/xxxxxx.xxxpredictiveAlto
37Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
38Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveAlto
39Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveAlto
40Filexxxxx.xxxpredictiveMedio
41Filexxxxx.xxx?x=xxxxx&x=xxxxx&x=xxxxxpredictiveAlto
42Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveAlto
43Filexxxxxxxxxx.xxxpredictiveAlto
44Filexxxxxx_xxxx_xxxxxxx.xxxpredictiveAlto
45Filexxxxx.xxxpredictiveMedio
46Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
47Filexxxx.xpredictiveBajo
48Filexxx/xxx.xxxpredictiveMedio
49Filexxx/xxxxx.xxxxpredictiveAlto
50Filexxxx_xxxxxxx.xxxpredictiveAlto
51Filexxx%xx.xxxpredictiveMedio
52Filexxxxxx.xpredictiveMedio
53Filexxxx.xxxpredictiveMedio
54Filexxxxx.xxxpredictiveMedio
55Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveAlto
56Filexxxxxxxx.xxxpredictiveMedio
57Filexxxxxxxx.xxxpredictiveMedio
58Filexxxx.xxxpredictiveMedio
59Filexxxxx/xxxxx.xxxpredictiveAlto
60Filexxxxxxxx.xxxpredictiveMedio
61Filexxxx-xxxxxxxx.xxxpredictiveAlto
62Filexxxxxxxxx.xxxpredictiveAlto
63Filexxxx.xpredictiveBajo
64FilexxxxxxxxxxpredictiveMedio
65Filexxxxxxx/xxxxx.xxxpredictiveAlto
66Filexxxxxx.xxxpredictiveMedio
67Filexxx/xxxxxx/xxx/xxxxxxxxx.xxxpredictiveAlto
68Libraryxxxxx.xxxpredictiveMedio
69Argumentxx/xxpredictiveBajo
70ArgumentxxxxxxpredictiveBajo
71Argumentxxxxxxx_xxxxpredictiveMedio
72Argumentxxxxxx_xxxxpredictiveMedio
73ArgumentxxxxxxxxpredictiveMedio
74ArgumentxxxpredictiveBajo
75ArgumentxxxxxxxxxxxxxxxxxpredictiveAlto
76ArgumentxxxxxpredictiveBajo
77Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveAlto
78Argumentxxxxxx_xxpredictiveMedio
79ArgumentxxxxpredictiveBajo
80ArgumentxxxxxxpredictiveBajo
81ArgumentxxxxpredictiveBajo
82ArgumentxxxxpredictiveBajo
83ArgumentxxpredictiveBajo
84Argumentxxxxx_xxxxpredictiveMedio
85Argumentxxxxxxxx[xx]predictiveMedio
86ArgumentxxxpredictiveBajo
87ArgumentxxxxxxxpredictiveBajo
88Argumentxxxx/xxx_xxxxxxxxxpredictiveAlto
89Argumentxxx_xxxxpredictiveMedio
90Argumentxxxx_xxxxxpredictiveMedio
91ArgumentxxxxxxxxpredictiveMedio
92Argumentxxxx_xxxxpredictiveMedio
93ArgumentxxpredictiveBajo
94Argumentxxxxxxx/xxxxxpredictiveAlto
95ArgumentxxxxxxxxxxpredictiveMedio
96Argumentxxxxxx_xxxpredictiveMedio
97Argumentxxxx_xxxxxxpredictiveMedio
98Argumentxxxx_xxpredictiveBajo
99Argumentxxxxxxxx_xxxxxxxxpredictiveAlto
100Argumentxxx_xxxx[x][]predictiveAlto
101ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
102Argumentxxxx_xxpredictiveBajo
103ArgumentxxxpredictiveBajo
104ArgumentxxxpredictiveBajo
105ArgumentxxxxpredictiveBajo
106ArgumentxxxxxxxxpredictiveMedio
107ArgumentxxxxxxxxpredictiveMedio
108Argumentxxxx/xx/xxxx/xxxpredictiveAlto
109Input Value.%xx.../.%xx.../predictiveAlto
110Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveAlto
111Input Valuexxxxxxx -xxxpredictiveMedio
112Input ValuexxxxxxxxxxpredictiveMedio
113Network PortxxxxpredictiveBajo
114Network PortxxxxpredictiveBajo
115Network Portxxxx xxxxpredictiveMedio
116Network Portxxx/xxxpredictiveBajo
117Network Portxxx/xxxpredictiveBajo
118Network Portxxx/xxxxpredictiveMedio

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!