CryptoWire Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Chronologie

Langue

en10
zh10

De campagne

cn20

Acteurs

APT411
Conti1
RecordBreaker1
FIN71
Mirai1

Activités

Intérêt

Chronologie

Taper

Not Defined10
Forum Software4
Chip Software2
Router Operating System2

Fournisseur

Not Defined12
Qualcomm2
Pulse Secure2
Cisco2

Produit

phpBB4
Qualcomm Snapdragon Auto2
Qualcomm Snapdragon Compute2
Qualcomm Snapdragon Consumer IOT2
Qualcomm Snapdragon Industrial IOT2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1OPNsense Access Control elévation de privilèges6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000510.00CVE-2018-18958
2Apple macOS Kernel elévation de privilèges5.45.3$0-$5k$0-$5kHighOfficial Fix0.003400.00CVE-2023-38606
3Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx elévation de privilèges8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2023-6099
4EmpireCMS AdClass.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001720.04CVE-2022-28585
5Apache HTTP Server HTTP/2 Request elévation de privilèges6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006060.04CVE-2020-9490
6Qualcomm Snapdragon Auto SIP sigcomp Message buffer overflow7.67.6$5k-$25k$5k-$25kNot DefinedOfficial Fix0.001880.00CVE-2020-3639
7OPNsense Login Page Redirect5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001790.01CVE-2020-23015
8TOTOLINK A800R/A810R/A830R/A950RG/A3000RU/A3100R setWebWlanIdx elévation de privilèges5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.017020.00CVE-2022-26208
9Cisco RV340/RV345 Web-based Management Interface buffer overflow4.74.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.002110.00CVE-2022-20753
10Wowza Streaming Engine Password File admin.password chiffrement faible3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2021-31539
11Cisco IOS/IOS XE DHCP Relay elévation de privilèges9.89.7$25k-$100k$5k-$25kHighOfficial Fix0.051780.00CVE-2017-12240
12Freeware Advanced Audio Coder huff2.c huffcode buffer overflow4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2018-19890
13Open Whisper Signal cross site scripting5.25.2$5k-$25k$0-$5kNot DefinedNot Defined0.001860.00CVE-2018-11101
14phpBB Admin Control Panel file_exists elévation de privilèges5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.720770.06CVE-2018-19274
15phpBB divulgation de l'information9.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002690.00CVE-2008-1766
16Microsoft Exchange Server Privilege Escalation8.87.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.012580.00CVE-2021-28482
17Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.04CVE-2018-19464
18Pulse Secure Pulse Connect Secure End User Portal custompage.cgi cross site scripting3.63.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2017-17947

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1194.156.98.51vm1867589.stark-industries.solutionsCryptoWire19/03/2024verifiedÉlevé

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveÉlevé
2T1068CAPEC-122CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveÉlevé
3TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
4TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
6TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/SystemMng.ashxpredictiveÉlevé
2FileAdClass.phppredictiveMoyen
3Filexxxxx.xxxpredictiveMoyen
4Filexxxx/xxxxx.xxxxxxxxpredictiveÉlevé
5Filexxxxxxxxxx.xxxpredictiveÉlevé
6Filexxxxxxx/xxxxx.xpredictiveÉlevé
7ArgumentxxxxxxxxxxxxpredictiveMoyen
8Argumentxxxxxx/xxxxxx/xxxpredictiveÉlevé
9ArgumentxxxxxxxxpredictiveMoyen
10ArgumentxxxpredictiveFaible
11ArgumentxxxxxxxxxxpredictiveMoyen
12Input ValuexxpredictiveFaible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!