DNSpionage Analyse

IOB - Indicator of Behavior (20)

Chronologie

Langue

en14
de4
pl2

De campagne

us16
fr2
ua2

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

Thomas R. Pasawicz HyperBook Guestbook2
AOL ICQ2
Roundcube Webmail2
PHP Link Directory2
Apache Struts2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1Microsoft PowerPoint buffer overflow6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.24904CVE-2017-8743
2Joomla CMS sql injection7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.00264CVE-2013-1453
3PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.460.00374CVE-2007-0529
4Phplinkdirectory PHP Link Directory conf_users_edit.php cross site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00526CVE-2011-0643
5AlienVault Open Source Security Information Management elévation de privilèges9.89.4$0-$5k$0-$5kHighOfficial Fix0.020.95527CVE-2014-3804
6Intelliants Subrion CMS Members Administrator cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00150CVE-2020-18326
7SonicWALL SMA 100/SMA 200/SMA 210/SMA 400/SMA 410/SMA 500v File Path elévation de privilèges6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.78714CVE-2021-20034
8HGiga OAKlouds Mobile Portal Network Interface Card Setting Page elévation de privilèges9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00336CVE-2021-37913
9Siemens Cerberus DMS/Desigo CC Compact/Desigo CC CCOM Communication elévation de privilèges6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00478CVE-2021-37181
10Apache Struts OGNL Evaluation Privilege Escalation6.36.3$5k-$25k$5k-$25kProof-of-ConceptOfficial Fix0.040.97232CVE-2020-17530
11Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
12OSClass index.php findBySlug sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00589CVE-2012-0973
13AOL ICQ MCRegEx__Search buffer overflow7.36.4$25k-$100kCalculateurProof-of-ConceptOfficial Fix0.050.35348CVE-2006-4662
14GitLab Enterprise Edition Access Control elévation de privilèges6.76.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00064CVE-2019-16170
15Joomla CMS index.php elévation de privilèges7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.02958CVE-2012-1563
16Zemanta Search Everything index.php sql injection7.37.0$0-$5kCalculateurHighOfficial Fix0.000.00279CVE-2014-2316
17Roundcube Webmail rcube_washtml.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00489CVE-2015-1433
18WordPress Password Reset wp-login.php mail elévation de privilèges6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.02827CVE-2017-8295

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • Middle East

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1185.20.184.138185.20.184.138.deltahost-ptrDNSpionageMiddle East27/03/2022verifiedÉlevé
2XXX.XX.XXX.Xxxx.xx.xxx.x.xxxxxxxxx-xxxXxxxxxxxxxXxxxxx Xxxx27/03/2022verifiedÉlevé
3XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxxxxxxXxxxxx Xxxx27/03/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1059CWE-94Argument InjectionpredictiveÉlevé
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1Fileadmin/conf_users_edit.phppredictiveÉlevé
2Filedata/gbconfiguration.datpredictiveÉlevé
3Filexxxxx.xxxxpredictiveMoyen
4Filexxxxx.xxxpredictiveMoyen
5Filexx-xxxxx.xxxpredictiveMoyen
6Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveÉlevé
7ArgumentxxxxxxxxxpredictiveMoyen
8ArgumentxxxxpredictiveFaible
9Argumentxxxx xxxxxxxpredictiveMoyen
10Argumentxxxxx[xxxxxx]predictiveÉlevé
11ArgumentxxxxxxxxxpredictiveMoyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!