Arid Viper Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (400)

Chronologie

Langue

en364
de14
ru12
pl8
fr2

De campagne

us356
de14
ru12
pl8
ir4

Acteurs

Arid Viper8
RecordBreaker2
Vidar2
Desert Falcons2
Socks5 Systemz1

Activités

Intérêt

Chronologie

Taper

Not Defined22
Programming Language Software8
Content Management System8
Web Server6
Web Browser4

Fournisseur

Not Defined38
Oracle4
Google2
Facebook2
Phplivesupport.2

Produit

OpenSSH4
nginx4
systemd2
Google Chrome2
jQuery2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1jforum User elévation de privilèges5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.10CVE-2010-0966
4Dreaxteam Xt-News add_comment.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.005990.07CVE-2006-6746
5Enigma2 Coppermine Bridge e2_header.inc.php elévation de privilèges9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.100260.00CVE-2006-6864
6IBM WebSphere Service Registry/Repository Access Restriction elévation de privilèges4.34.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.001620.00CVE-2014-6160
7Big Webmaster Big Webmaster Guestbook Script addguest.cgi cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006150.04CVE-2006-2231
8LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.16
9Joomla CMS remember.php elévation de privilèges5.44.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030440.00CVE-2013-3242
10Joomla CMS Media Manager directory traversal8.58.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.901670.04CVE-2019-10945
11Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.55
12Apple macOS authentification faible5.65.4$5k-$25k$0-$5kHighOfficial Fix0.021810.02CVE-2023-41991
13Oracle Java SE JSSE vulnérabilité inconnue7.47.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001110.06CVE-2023-21930
14ICQ fetch elévation de privilèges10.09.5$0-$5k$0-$5kNot DefinedOfficial Fix0.003460.00CVE-2011-0487
15WebP Converter for Media Plugin passthru.php Redirect4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001060.04CVE-2021-25074
16CasaOS API elévation de privilèges5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.011870.04CVE-2022-24193
17jQuery cross site scripting4.33.8$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.03CVE-2011-4969
18Oracle Retail Central Office Security cross site scripting6.26.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003840.02CVE-2021-41184
19InsydeH2O SMM HandleProtocol dénie de service5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-41839
20PHP zip Extension php_zip.c buffer overflow9.89.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.063260.03CVE-2016-5773

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • Hamas

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
154.255.143.112ec2-54-255-143-112.ap-southeast-1.compute.amazonaws.comArid Viper24/12/2020verifiedMoyen
291.199.147.84s726618.srvape.comArid ViperHamas30/10/2023verifiedÉlevé
394.131.98.3stockdc1.comArid ViperHamas30/10/2023verifiedÉlevé
495.164.18.204vm1554543.stark-industries.solutionsArid ViperHamas30/10/2023verifiedÉlevé
5XX.XXX.XX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30/10/2023verifiedÉlevé
6XXX.XX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30/10/2023verifiedÉlevé
7XXX.XX.XXX.XXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30/10/2023verifiedÉlevé
8XXX.XXX.XX.XXxx.xx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxx Xxxxx24/12/2020verifiedÉlevé
9XXX.XX.XX.XXXXxxx XxxxxXxxxx30/10/2023verifiedÉlevé
10XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxXxxx XxxxxXxxxx30/10/2023verifiedÉlevé
11XXX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30/10/2023verifiedÉlevé
12XXX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30/10/2023verifiedÉlevé
13XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx Xxxxx24/12/2020verifiedÉlevé
14XXX.XX.XX.XXXxxxxxxxxx.xxx.xxXxxx Xxxxx24/12/2020verifiedÉlevé
15XXX.XXX.XXX.XXxxx.xxxxxxxxx.xxxXxxx Xxxxx24/12/2020verifiedÉlevé
16XXX.X.XX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30/10/2023verifiedÉlevé
17XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxxxxxx.xxXxxx Xxxxx24/12/2020verifiedÉlevé
18XXX.XXX.XXX.Xxxxxxx.xxxxxxxxxxxxx.xxxXxxx Xxxxx24/12/2020verifiedÉlevé

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1059CWE-94Argument InjectionpredictiveÉlevé
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/forum/away.phppredictiveÉlevé
2Fileaddguest.cgipredictiveMoyen
3Fileadd_comment.phppredictiveÉlevé
4Fileadmin/index.phppredictiveÉlevé
5Fileapi_jsonrpc.phppredictiveÉlevé
6Filecloud.phppredictiveMoyen
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
8Filexx_xxxxxx.xxx.xxxpredictiveÉlevé
9Filexxxxxx/xxx/xxxxxxx.xxxpredictiveÉlevé
10Filexxxxx.xxxpredictiveMoyen
11Filexxxxx/xxxxx_xxxxx_xpredictiveÉlevé
12Filexxxxxx.xpredictiveMoyen
13Filexx.xxxpredictiveFaible
14Filexxxx/xxx_xxxx_xxxxx.xpredictiveÉlevé
15Filexxx/xxxxxx.xxxpredictiveÉlevé
16Filexxxxx.xxxpredictiveMoyen
17Filexxxxxxxxxxx.xxxpredictiveÉlevé
18Filexxxxxx/xxxxxx/xxxx.xpredictiveÉlevé
19Filexxxxxxxx.xxxpredictiveMoyen
20Filexxxxxxx_xxx.xxxpredictiveÉlevé
21Filexxxxx/xxxxx.xxx.xxxpredictiveÉlevé
22Filexxxxxxxx.xxxpredictiveMoyen
23Filexxx_xxx.xpredictiveMoyen
24Filexxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveÉlevé
25Filexxxxxxxxxxxx.xxxpredictiveÉlevé
26Filexxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveÉlevé
27Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveÉlevé
28Filexxx.xpredictiveFaible
29Filexxxx-xxxx.xpredictiveMoyen
30Filexxxxx/xxxxxxxx.xxxpredictiveÉlevé
31Filexx/xx/xxxxxpredictiveMoyen
32ArgumentxxxxxxxxpredictiveMoyen
33ArgumentxxxxxxxxpredictiveMoyen
34ArgumentxxxxxxxxxxpredictiveMoyen
35Argumentxxxxxxxxxxxx/xxxxxxxpredictiveÉlevé
36Argumentxxxx/xxxxpredictiveMoyen
37ArgumentxxxxxxxxxpredictiveMoyen
38Argumentxxxx_xxxpredictiveMoyen
39ArgumentxxxxxxpredictiveFaible
40ArgumentxxxxxxxxxxxpredictiveMoyen
41Argumentxxx_xxxx_xxxxxxxxpredictiveÉlevé
42Argumentxxxxx xxxx/xxxx xxxxpredictiveÉlevé
43ArgumentxxxxxxpredictiveFaible
44ArgumentxxpredictiveFaible
45Argumentxx_xxxxpredictiveFaible
46Argumentxxxx_xxxpredictiveMoyen
47ArgumentxxxxxxxxpredictiveMoyen
48Argumentxxxxxxx_xxxxx_xxxxx_xxxxxxx=xxxxxpredictiveÉlevé
49Argumentxxxxxxxx_xxxpredictiveMoyen
50ArgumentxxxpredictiveFaible

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!