ZooPark Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (6)

Idioma

en	6

País

us	2
co	2
ir	2

Actores

ZooPark	2

Interesar

Escribe

Not Defined	2
Router Operating System	2
Web Server	2

Proveedor

Phusion	2
MikroTik	2
Microsoft	2

Producto

Phusion Passenger	2
MikroTik RouterOS	2
Microsoft IIS	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Microsoft Windows Print Spooler Privilege Escalation	8.1	7.4	$100k y más	$0-$5k	Proof-of-Concept	Official Fix	0.00343	0.04	CVE-2022-22718
2	nginx HTTP/2 denegación de servicio	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09699	0.00	CVE-2018-16843
3	MikroTik RouterOS Winbox autenticación débil	8.2	7.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.97496	0.02	CVE-2018-14847
4	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.17	CVE-2017-0055
5	Phusion Passenger SendRequest.cpp Header escalada de privilegios	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00727	0.04	CVE-2015-7519

Campañas (1)

These are the campaigns that can be associated with the actor:

ZooPark

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	5.61.27.154	5-61-27-154.nrp.co	ZooPark	ZooPark	2021-06-01	verified	Alto
2	X.XX.XX.XXX	x-xx-xx-xxx.xxx.xx	Xxxxxxx	Xxxxxxx	2021-06-01	verified	Alto
3	X.XX.XX.XXX	x-xx-xx-xxx.xxx.xx	Xxxxxxx	Xxxxxxx	2021-06-01	verified	Alto
4	XX.XXX.XX.XXX		Xxxxxxx	Xxxxxxx	2021-06-01	verified	Alto

TTP - Tactics, Techniques, Procedures (1)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1059.007	CWE-79	Cross Site Scripting	predictive	Alto

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/uncpath/	predictive	Medio
2	File	xxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxx	predictive	Alto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you know our Splunk app?

Download it now for free!