Bublik Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (7)

Chronologie

Langue

en8

De campagne

us4
ne4

Acteurs

Bublik1

Activités

Intérêt

Chronologie

Taper

Groupware Software2
Not Defined2
Operating System2

Fournisseur

Synacor2
Saifor2
Microsoft2

Produit

Synacor Zimbra Collaboration Suite2
Saifor CVMS HUB2
Microsoft Windows2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Saifor CVMS HUB HTTP Parameter secciones.xhtml sql injection7.57.5$0-$5kCalculateurNot DefinedNot Defined0.000870.00CVE-2018-6792
2Synacor Zimbra Collaboration Suite Header ProxyServlet.java elévation de privilèges5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007320.02CVE-2021-35209
3Synacor Zimbra Collaboration Suite Calendar Invite ZmMailMsgView.js cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001550.03CVE-2021-35208
4Dropbear svr-auth.c recv_msg_userauth_request User divulgation de l'information5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003020.04CVE-2018-15599
5ProFTPD mod_sftp/mod_sftp_pam kbdint.c resp_count dénie de service7.57.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.019800.02CVE-2013-4359
6Microsoft Windows Token Security Feature elévation de privilèges7.16.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2020-0981

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
166.23.234.229host.double-six.netBublik28/06/2023verifiedÉlevé
266.128.53.179Bublik22/07/2021verifiedÉlevé
3XX.XX.XX.XXXxxxx.xxxxxx.xxxXxxxxx28/06/2023verifiedÉlevé
4XXX.XX.XX.XXXXxxxxx22/07/2021verifiedÉlevé
5XXX.XXX.XX.XXXxxxxx05/05/2022verifiedÉlevé
6XXX.XXX.X.XXxxxx-xxxx-xxxx-xxx-xx-xxxx.xxxxxxxx.xxxXxxxxx22/07/2021verifiedÉlevé
7XXX.XXX.XXX.XXXxxxxx28/04/2022verifiedÉlevé
8XXX.XX.XXX.XXxxxxx.xxXxxxxx22/07/2021verifiedÉlevé
9XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxx05/05/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
2TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/cvms-hub/privado/seccionesmib/secciones.xhtmlpredictiveÉlevé
2Filekbdint.cpredictiveMoyen
3Filexxxxxxxxxxxx.xxxxpredictiveÉlevé
4Filexxx-xxxx.xpredictiveMoyen
5Filexxxxxxxxxxxxx.xxpredictiveÉlevé
6Argumentx-xxxxpredictiveFaible

Références (6)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!