Downeks Analyse

IOB - Indicator of Behavior (13)

Chronologie

Langue

en14

De campagne

us12
ru2

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

OpenWrt4
ABBYY FineReader2
LEDE2
Juniper Web Device Manager2
AnyMacro AnyMacro Mail System2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1Alt-N MDaemon Worldclient elévation de privilèges4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00090CVE-2021-27182
2ABBYY FineReader License Server elévation de privilèges6.56.3$0-$5kCalculateurNot DefinedOfficial Fix0.040.00042CVE-2019-20383
3FileZilla Server PORT elévation de privilèges4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.140.00052CVE-2015-10003
4FUSE fusermount elévation de privilèges6.56.7$0-$5kCalculateurProof-of-ConceptOfficial Fix0.020.00134CVE-2018-10906
5AnyMacro AnyMacro Mail System directory traversal5.35.3$0-$5kCalculateurNot DefinedNot Defined0.020.00179CVE-2011-2468
6IBM FileNet Workplace XT File Upload elévation de privilèges7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00898CVE-2016-8921
7phpMyAdmin import.php elévation de privilèges7.16.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00131CVE-2013-4729
8OpenWrt/LEDE uhttpd cgi_handle_request Reflected cross site scripting5.25.2$0-$5kCalculateurNot DefinedNot Defined0.020.00082CVE-2018-19630
9OpenWrt Access Control rpcd elévation de privilèges7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00230CVE-2018-11116
10PunBB profile.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00162CVE-2005-1051
11Juniper Web Device Manager Authentication authentification faible9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000.00000
12PHP FastCGI Process Manager php-fpm.conf.in elévation de privilèges5.95.2$25k-$100k$0-$5kUnprovenOfficial Fix0.000.00045CVE-2014-0185
13phpMyAdmin server_privileges.lib.php cross site scripting6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00306CVE-2016-2560

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1185.141.25.68Downeks23/12/2020verifiedÉlevé

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/etc/config/rpcdpredictiveÉlevé
2Filecgi-bin/predictiveMoyen
3Filexxxxxx.xxxpredictiveMoyen
4Filexxx-xxx.xxxx.xxpredictiveÉlevé
5Filexxxxxxx.xxxpredictiveMoyen
6Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxx.xxx.xxxpredictiveÉlevé
7ArgumentxxxxxxxxxxxxxpredictiveÉlevé
8ArgumentxxpredictiveFaible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!