Tick Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (36)

Idioma

en	34
de	2

País

us	26
cn	6
kr	2

Actores

Tick	5
Cobalt Strike	2
PlugX	1

Interesar

Escribe

Not Defined	12
Content Management System	2
Network Attached Storage Software	2
Application Server Software	2
Forum Software	2

Proveedor

Not Defined	6
LogicBoard	2
Thomas R. Pasawicz	2
Discuz!	2
Apache	2

Producto

LogicBoard CMS	2
Thomas R. Pasawicz HyperBook Guestbook	2
TerraMaster TOS	2
Discuz! DiscuzX	2
Apache Tomcat	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Canon MF210/MF220 System Manager Mode login.html autenticación débil	8.5	8.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01367	0.00	CVE-2018-11711
3	WP Contacts Manager Plugin sql injection	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00172	0.00	CVE-2022-1014
4	NodeBB abort cross site request forgery	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00083	0.06	CVE-2022-3978
5	Nodebb JSON File directory traversal	4.6	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.03	CVE-2021-43788
6	TerraMaster TOS Parameter exportUser.php escalada de privilegios	9.3	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96623	0.00	CVE-2020-15568
7	Plex Media Server Camera Upload escalada de privilegios	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01114	0.04	CVE-2019-19141
8	Kyocera ECOSYS M5526cdw Web Application desbordamiento de búfer	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00096	0.07	CVE-2019-13206
9	Synacor Zimbra Collaboration XML External Entity	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00441	0.02	CVE-2016-9924
10	Fortinet FortiOS SSL VPN Web Portal desbordamiento de búfer	5.4	5.3	$0-$5k	$0-$5k	High	Official Fix	0.00817	0.19	CVE-2018-13383
11	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.13	CVE-2017-0055
12	Discuz! DiscuzX Attachment escalada de privilegios	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00183	0.04	CVE-2018-5259
13	Discuz! admin.php cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.02	CVE-2018-19464
14	Microsoft SQL Server SQL Master Data Services denegación de servicio	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00472	0.03	CVE-2014-4061
15	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00122	0.10	CVE-2018-6200
16	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	2.24
17	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.09	CVE-2008-5928
18	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.07	CVE-2015-4134
19	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.93	CVE-2007-0354
20	esoftpro Online Guestbook Pro ogp_show.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00135	0.00	CVE-2010-4996

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	52.84.186.239	server-52-84-186-239.cdg50.r.cloudfront.net	Tick	2018-10-22	verified	Alto
2	58.230.118.78	mail.booksr.co.kr	Tick	2023-03-14	verified	Alto
3	61.106.60.47		Tick	2022-03-27	verified	Alto
4	103.127.124.76		Tick	2023-03-14	verified	Alto
5	XXX.XXX.XXX.XXX		Xxxx	2023-03-14	verified	Alto
6	XXX.XXX.XXX.XXX		Xxxx	2024-03-05	verified	Alto
7	XXX.XX.XX.XX		Xxxx	2023-03-14	verified	Alto
8	XXX.XX.XXX.XXX		Xxxx	2022-03-27	verified	Alto
9	XXX.XX.XXX.XX		Xxxx	2018-10-22	verified	Alto
10	XXX.XXX.XX.XXX		Xxxx	2023-03-14	verified	Alto
11	XXX.XXX.XXX.XX		Xxxx	2022-10-14	verified	Alto
12	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxx	Xxxx	2023-03-14	verified	Alto
13	XXX.XXX.XXX.XXX		Xxxx	2018-10-22	verified	Alto
14	XXX.XXX.XX.XXX	xxxxxxxx.xxxxxxxxxxxxxx.xxx	Xxxx	2018-10-22	verified	Alto
15	XXX.XX.XXX.XXX		Xxxx	2018-10-22	verified	Alto
16	XXX.XXX.XX.XXX		Xxxx	2022-03-27	verified	Alto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Clase	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/forum/away.php	predictive	Alto
2	File	/login.html	predictive	Medio
3	File	/register/abort	predictive	Alto
4	File	/uncpath/	predictive	Medio
5	File	xxxxx.xxx	predictive	Medio
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
7	File	xxxxx.xxx	predictive	Medio
8	File	xxxx.xxx	predictive	Medio
9	File	xxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
10	File	xxxxxxx/xxxxxxxxxx.xxx	predictive	Alto
11	File	xxxxxxx.xxx	predictive	Medio
12	File	xxxxxxxxx/	predictive	Medio
13	File	xxx_xxxx.xxx	predictive	Medio
14	File	xxxxx.xxx	predictive	Medio
15	File	xxxxxxxxxx.xxx	predictive	Alto
16	File	xxxxxx_xxxx.xxx	predictive	Alto
17	Argument	xxx	predictive	Bajo
18	Argument	xxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxx	predictive	Alto
19	Argument	xxxx	predictive	Bajo
20	Argument	xx	predictive	Bajo
21	Argument	xxxxxx	predictive	Bajo
22	Argument	xxxxxxxx	predictive	Medio
23	Argument	xxx	predictive	Bajo

Referencias (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!