VBREVSHELL Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (126)

Cronología

Idioma

en118
zh8

País

us92
cn18
br2
nl2
gb2

Actores

VBREVSHELL5
Cobalt Strike3
HyperBro1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined8
Router Operating System4
Web Server4
Operating System2
Unified Communication Software2

Proveedor

Not Defined12
Cisco6
Microsoft4
Palo Alto2
Goahead2

Producto

Microsoft Windows2
Cisco Packaged Contact Center Enterprise2
Cisco Unified Communications Manager2
Cisco Unified Communications Manager IM & Presence ...2
Cisco Unified Communications Manager Session Manag ...2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001270.00CVE-2018-25085
2Microsoft Windows NetBIOS WinNuke denegación de servicio7.57.2$25k-$100k$0-$5kHighOfficial Fix0.003040.03CVE-1999-0153
3jforum User escalada de privilegios5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
4python-django escalada de privilegios7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002090.37CVE-2023-31047
5Palo Alto PAN-OS Web Interface escalada de privilegios7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001820.02CVE-2021-3050
6Cisco Packaged Contact Center Enterprise escalada de privilegios9.99.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001620.04CVE-2024-20253
7Paddle denegación de servicio5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.04CVE-2023-38677
8DolphinPHP Incomplete Fix CVE-2021-46097 common.php escalada de privilegios7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.012830.06CVE-2023-0935
9PbootCMS GET Request sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001090.05CVE-2021-37497
10October CMS Admin Panel escalada de privilegios5.85.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2022-35944
11WordPress cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial Fix0.001920.00CVE-2008-2068
12Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.06CVE-2017-0055
13Goahead Web Server Multi-Part Request desbordamiento de búfer9.08.9$0-$5k$0-$5kNot DefinedWorkaround0.478180.04CVE-2019-5096
14Bitcoin wallet.dat AES Encryption Padding cifrado débil7.16.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.11
15QNAP QTS Helpdesk escalada de privilegios8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002740.03CVE-2018-0714
16Linux Kernel Call tcp_collapse_ofo_queue escalada de privilegios6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.783020.04CVE-2018-5390
17Cisco Linksys Router tmUnblock.cgi escalada de privilegios9.89.2$25k-$100k$0-$5kHighWorkaround0.000000.04
18AVTECH IP Camera/NVR/DVR PwdGrp.cgi escalada de privilegios9.89.2$5k-$25k$0-$5kHighUnavailable0.000000.00
19vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.32CVE-2018-6200
20Google Android Ashmem desbordamiento de búfer6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.001010.03CVE-2017-13216

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
18.134.126.121VBREVSHELL2024-04-01verifiedAlto
227.124.47.147VBREVSHELL2023-10-15verifiedAlto
345.77.250.19645.77.250.196.vultrusercontent.comVBREVSHELL2023-11-29verifiedAlto
4XX.XXX.XXX.XXXxxxxxxxxx2023-10-21verifiedAlto
5XX.XXX.XXX.XXXxxxxxxxxx2023-11-03verifiedAlto
6XX.XX.XX.XXXxxxxxxxxx2023-11-29verifiedAlto
7XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx2024-03-09verifiedAlto
8XXX.XXX.XXX.XXxxx-xxx-xxx-xxx-xx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxxxxxx2023-10-29verifiedAlto
9XXX.XXX.XXX.XXXxxxxxxxxx2023-11-10verifiedAlto
10XXX.XXX.XXX.XXXxxxxxxxxx2023-10-15verifiedAlto
11XXX.XXX.XX.XXXXxxxxxxxxx2023-10-15verifiedAlto
12XXX.XX.XX.XXXxxx-xx-xx-xxx-xxxxxxxxx.xxxxxxxx.xxxXxxxxxxxxx2023-10-15verifiedAlto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClaseVulnerabilidadVector de accesoEscribeConfianza
1T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveAlto
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
9TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveAlto
2File/uncpath/predictiveMedio
3Filecommon.phppredictiveMedio
4Filexxxxxxxxxx.xxxpredictiveAlto
5Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
6Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveAlto
7Filexxxxx.xxxpredictiveMedio
8Filexxxxxxxxx.xxxpredictiveAlto
9Filexxxxxx.xxxpredictiveMedio
10Argumentxxxxx.xxxxxxxxx/xxxxx.xxxxxxxxxxpredictiveAlto
11ArgumentxxpredictiveBajo
12ArgumentxxxxxxxxpredictiveMedio
13Argumentxxxx_xxpredictiveBajo
14ArgumentxxxpredictiveBajo
15Network Portxxx/xxxxpredictiveMedio

Referencias (13)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!