DEV-0322 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (87)

Chronologie

Langue

en60
zh16
es4
de2
fr2

De campagne

cn44
us42

Acteurs

DEV-03228
Cobalt Strike4

Activités

Intérêt

Chronologie

Taper

Not Defined40
Operating System6
Smartphone Operating System4
Router Operating System4
JavaScript Library4

Fournisseur

Not Defined34
Adobe6
Microsoft6
D-Link4
MailEnable2

Produit

Adobe Magento Commerce6
Next.js4
Microsoft Windows4
MailEnable Enterprise Premium2
Google Android2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.64CVE-2007-0354
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3VMware Horizon Client/Horizon Message Framework Library divulgation de l'information6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.003790.03CVE-2018-6970
4D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi elévation de privilèges7.36.7$5k-$25k$0-$5kProof-of-ConceptWorkaround0.004710.77CVE-2024-3273
5Sustainsys.Saml2 vulnérabilité inconnue6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.05CVE-2023-41890
6WeiYe-Jing datax-web HTTP POST Request killJob elévation de privilèges7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002560.05CVE-2023-7116
7cskefu elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.000840.02CVE-2022-36521
8Apple macOS AppleMobileFileIntegrity divulgation de l'information3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.00CVE-2023-23499
9Tesla Model 3 Mobile App Phone Key Authentication authentification faible6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000470.07CVE-2022-37709
10SSH SSH-1 Protocol chiffrement faible7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002580.03CVE-2001-1473
11Laravel PendingBroadcast.php __destruct elévation de privilèges6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2022-31279
12EmdedThis GoAhead elévation de privilèges5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.034180.00CVE-2021-42342
13Next.js URL dénie de service6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003740.03CVE-2021-43803
14Next.js _error.js Redirect5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2021-37699
15Swagger UI CSS elévation de privilèges7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.017410.05CVE-2019-17495
16OpenSSL c_rehash elévation de privilèges5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.097380.02CVE-2022-1292
17Hikvision Product Message elévation de privilèges5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.974930.02CVE-2021-36260
18HD-Network Real-time Monitoring System Parameter lang directory traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.054040.02CVE-2021-45043
19CodeIgniter HTTP Request elévation de privilèges8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001950.02CVE-2022-24711
20jwt-go Access Restriction elévation de privilèges7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001930.01CVE-2020-26160

Campagnes (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
124.64.36.238mail.target-realty.comDEV-0322ManageEngine ADSelfService Plus11/11/2021verifiedÉlevé
245.63.62.10945.63.62.109.vultr.comDEV-0322ManageEngine ADSelfService Plus11/11/2021verifiedMoyen
345.76.173.10345.76.173.103.vultr.comDEV-0322ManageEngine ADSelfService Plus11/11/2021verifiedMoyen
4XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxx.xxxXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedMoyen
5XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedMoyen
6XX.XXX.XXX.XXxxxxxxx-xxx-xxx-xx-xxx-xxx-xx.xxxxxx.xxXxx-xxxxXxx-xxxx-xxxxx14/07/2021verifiedÉlevé
7XX.XX.XX.XXxxxx-xx-xx-xx-xx.xx.xxx.xx.xxxXxx-xxxxXxx-xxxx-xxxxx14/07/2021verifiedÉlevé
8XX.XXX.XXX.XXxxxx-xxx-xxx-xx.xx.xx.xxx.xxxXxx-xxxxXxx-xxxx-xxxxx14/07/2021verifiedÉlevé
9XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedMoyen
10XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxx.xxxXxx-xxxxXxx-xxxx-xxxxx14/07/2021verifiedÉlevé
11XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedMoyen
12XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedMoyen
13XXX.XXX.XX.XXXXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedÉlevé
14XXX.XXX.XX.XXxx.xx.xxx.xxx.xxxxxx.xxxx.xxxxx.xxXxx-xxxxXxx-xxxx-xxxxx14/07/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
10TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/api/log/killJobpredictiveÉlevé
2File/cgi-bin/nas_sharing.cgipredictiveÉlevé
3File/language/langpredictiveÉlevé
4Fileadmin/conf_users_edit.phppredictiveÉlevé
5Filec_rehashpredictiveMoyen
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
7Filexxxxx.xxxpredictiveMoyen
8Filexxxx.xxxpredictiveMoyen
9Filexxxxxx/xxxxxxxxxxxxpredictiveÉlevé
10Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
11Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
12Filexxxxx_xxxxxxx.xxxpredictiveÉlevé
13Filexxxxxxx.xpredictiveMoyen
14Filexxxxxxx.xxxpredictiveMoyen
15Filexxxxx/_xxxxx.xxpredictiveÉlevé
16Filexxxxx.xxxpredictiveMoyen
17Filexxxxxxxx.xxxpredictiveMoyen
18Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveÉlevé
19Filexxxxxxxx_xxxx.xxxpredictiveÉlevé
20Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveÉlevé
21Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveÉlevé
22Filexx/xxxxxxxxx/xxpredictiveÉlevé
23Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
24Filexxx/xxx-xxxxxxxxxx/xxxx-xxxxxx/xxxxxx.xxxpredictiveÉlevé
25Filexx-xxxxx.xxxpredictiveMoyen
26Filexx/xx/xxxxxpredictiveMoyen
27Argument--xxxxxx/--xxxxxxxxpredictiveÉlevé
28ArgumentxxxxxxxxxxpredictiveMoyen
29Argumentxxxxx_xxxxxxpredictiveMoyen
30ArgumentxxpredictiveFaible
31ArgumentxxpredictiveFaible
32ArgumentxxxxxpredictiveFaible
33Argumentxxxxxxx_xxxpredictiveMoyen
34ArgumentxxxxxxxxxpredictiveMoyen
35Argumentxxxxxx_xxxpredictiveMoyen
36ArgumentxxxxxxpredictiveFaible
37Argumentx_xxxxxxxxpredictiveMoyen
38Argumentxxxxxxx.xx-xxxxx-xxxxpredictiveÉlevé
39Input Value/../predictiveFaible
40Input Value[]xxxxxx{}/x["xxx"]predictiveÉlevé
41PatternxxxxxxxxxxxpredictiveMoyen
42Network Portxxx/xxxxpredictiveMoyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!