Esfury Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

Chronologie

Langue

en98
de8
ru2
fr2

De campagne

us36
de8
ru2
gb2
ca2

Acteurs

Chthonic2
Expiro1
Liberty Front Press1
Esfury1
Razy1

Activités

Intérêt

Chronologie

Taper

Not Defined48
Content Management System6
Programming Language Software4
Image Processing Software4
Web Server2

Fournisseur

SourceCodester28
Not Defined20
Microsoft4
OpenCV4
Kishore Asokan2

Produit

SourceCodester Online Exam System6
SourceCodester Lost and Found Information System4
SourceCodester Class Scheduling System4
OpenCV wechat_qrcode Module4
Microsoft IIS2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1TikiWiki tiki-register.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010092.38CVE-2006-6168
2Phplinkdirectory PHP Link Directory conf_users_edit.php cross site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.14CVE-2011-0643
3SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.04CVE-2023-2642
4SourceCodester Online Internship Management System POST Parameter login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.05CVE-2023-2641
5OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment dénie de service6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.09CVE-2023-2618
6OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment dénie de service5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.09CVE-2023-2617
7SourceCodester Online Reviewer System GET Parameter user-update.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.05CVE-2023-2596
8SourceCodester Billing Management System POST Parameter ajax_service.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.04CVE-2023-2595
9SourceCodester Food Ordering Management System Registration sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.05CVE-2023-2594
10SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000620.05CVE-2023-2565
11jja8 NewBingGoGo cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.09CVE-2023-2560
12External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.04CVE-2017-20183
13SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.14CVE-2023-2619
14PHP-Login POST Parameter class.loginscript.php checkLogin sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000590.09CVE-2016-15031
15PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.79CVE-2007-0529
16TikiWiki tiki-index.php directory traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014140.42CVE-2007-5684
17AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.06CVE-2006-3681
18vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.03CVE-2007-6138
19LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.08
20Suricata Rule directory traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.02CVE-2023-35852

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
15.79.71.205Esfury28/04/2022verifiedÉlevé
25.79.71.225Esfury28/04/2022verifiedÉlevé
335.229.93.4646.93.229.35.bc.googleusercontent.comEsfury28/04/2022verifiedMoyen
4XX.XXX.XXX.Xx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx28/04/2022verifiedMoyen
5XX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx28/04/2022verifiedÉlevé
6XX.XXX.XX.XXxxxxx.xxXxxxxx28/04/2022verifiedÉlevé
7XX.XXX.XX.XXxxxxx.xxXxxxxx28/04/2022verifiedÉlevé
8XX.XXX.XX.XXxxxxx.xxXxxxxx28/04/2022verifiedÉlevé
9XXX.XX.XX.XXXXxxxxx28/04/2022verifiedÉlevé
10XXX.XX.XX.XXXXxxxxx28/04/2022verifiedÉlevé
11XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx28/04/2022verifiedÉlevé
12XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx28/04/2022verifiedÉlevé
13XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxx28/04/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1059CWE-94Argument InjectionpredictiveÉlevé
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
4T1068CWE-264, CWE-269Execution with Unnecessary PrivilegespredictiveÉlevé
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveÉlevé
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
12TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveÉlevé
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (111)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/budget/manage_budget.phppredictiveÉlevé
2File/admin/edit_subject.phppredictiveÉlevé
3File/admin/save_teacher.phppredictiveÉlevé
4File/admin/service.phppredictiveÉlevé
5File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveÉlevé
6File/cas/logoutpredictiveMoyen
7File/changeimage.phppredictiveÉlevé
8File/dosen/datapredictiveMoyen
9File/forum/away.phppredictiveÉlevé
10File/jurusan/datapredictiveÉlevé
11File/kelas/datapredictiveMoyen
12File/kelasdosen/datapredictiveÉlevé
13File/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05predictiveÉlevé
14File/mahasiswa/datapredictiveÉlevé
15File/xxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveÉlevé
16File/xxxxxxxxx/xxxxxx.xxxpredictiveÉlevé
17File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictiveÉlevé
18File/xxxx_xxxxx.xxx?xxxxxxxxx=xxxxxxxpredictiveÉlevé
19File/xxxxxxxx-xxxx/xxx_xx/xxxxxx.xxxxpredictiveÉlevé
20File/xxxxxxx/predictiveMoyen
21File/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveÉlevé
22Filexxxxx/predictiveFaible
23Filexxxxx/?xxxx=xxxxxxxxxx/xxxxxx_xxxxxxxxpredictiveÉlevé
24Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveÉlevé
25Filexxxxx/xxxxx.xxxpredictiveÉlevé
26Filexxxxx/xxxxxxxx_xxxxx_xxxx.xxxpredictiveÉlevé
27Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveÉlevé
28Filexxxxx_xxx.xxx?xxxxxx=xxxpredictiveÉlevé
29Filexxxx.xxxpredictiveMoyen
30Filexxxx_xxxxxxx.xxxpredictiveÉlevé
31Filexxxxxxx.xxpredictiveMoyen
32Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveÉlevé
33Filexxx.xpredictiveFaible
34Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxpredictiveÉlevé
35Filexxxxx.xxxpredictiveMoyen
36Filexxxxxxxx.xxxpredictiveMoyen
37Filexxxxxxxxxx_xxxxxx.xxxpredictiveÉlevé
38Filexxxxxxxx.xxxpredictiveMoyen
39Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
40Filexxxxxxxx-xxxxx-xxxxxxx-xxxxxx.xxxpredictiveÉlevé
41Filexxxxxxxxxxx.xxxpredictiveÉlevé
42Filexxxxxxxxxxxx.xxxpredictiveÉlevé
43Filexx_xxxxxxx.xxxpredictiveÉlevé
44Filexxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
45Filexxxxxxxxxx.xxxxx.xxxpredictiveÉlevé
46Filexxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
47Filexxxxx.xxxxpredictiveMoyen
48Filexxxxx/xxxx.xxxpredictiveÉlevé
49Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictiveÉlevé
50Filexxxxxx_xxxxxxx.xxxpredictiveÉlevé
51Filexxxx.xxxxxxxxxx.xxxpredictiveÉlevé
52Filexxxxxx.xpredictiveMoyen
53Filexxxxx-xxxx.xxxpredictiveÉlevé
54Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveÉlevé
55Filexxxxx.xxxpredictiveMoyen
56Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveÉlevé
57Filexxxx/xxx/xxx_xxxx.xpredictiveÉlevé
58Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveÉlevé
59Filexxxx_xxxx.xxxpredictiveÉlevé
60Filexxxxxxxx.xxxpredictiveMoyen
61Filexxxx-xxxxx.xxxpredictiveÉlevé
62Filexxxx-xxxxxxxx.xxxpredictiveÉlevé
63Filexxxxx/xxxx_xxxx.xxxpredictiveÉlevé
64Filexxxx_xxxxxx.xxxpredictiveÉlevé
65Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveÉlevé
66Filexxxxxxx.xxxxpredictiveMoyen
67Argument$_xxxxxx['xxxxx_xxxxxx']predictiveÉlevé
68Argumentxxxxxxxx_xxxxpredictiveÉlevé
69ArgumentxxxxxxpredictiveFaible
70ArgumentxxxxxxxxpredictiveMoyen
71ArgumentxxxxxxxxxxpredictiveMoyen
72Argumentxx_xxpredictiveFaible
73Argumentxxxxxx_xxpredictiveMoyen
74Argumentxxxx_xxpredictiveFaible
75Argumentxxxxxxx[x][xxxx]predictiveÉlevé
76Argumentxxxxxxxxx_xxxxpredictiveÉlevé
77ArgumentxxxxxxpredictiveFaible
78Argumentxxxx_xxxxxxxxpredictiveÉlevé
79ArgumentxxxxxpredictiveFaible
80ArgumentxxxxxxxxpredictiveMoyen
81ArgumentxxxxxxpredictiveFaible
82Argumentxxxxxxxx/xxxxxxx/xxxxxxxpredictiveÉlevé
83ArgumentxxpredictiveFaible
84Argumentxxx_xxxxxxxxpredictiveMoyen
85ArgumentxxxxxpredictiveFaible
86ArgumentxxxxxxxpredictiveFaible
87ArgumentxxxxpredictiveFaible
88ArgumentxxxxxxxxxxpredictiveMoyen
89ArgumentxxxxpredictiveFaible
90ArgumentxxxxxxpredictiveFaible
91Argumentxxx_xxxxxxxxpredictiveMoyen
92ArgumentxxxxpredictiveFaible
93ArgumentxxxxxxxxpredictiveMoyen
94ArgumentxxxxxxxpredictiveFaible
95ArgumentxxxxxxxpredictiveFaible
96Argumentxxxx/xxxxpredictiveMoyen
97ArgumentxxxxxxpredictiveFaible
98ArgumentxxxpredictiveFaible
99Argumentxxx/xxxxx/xxxxx/xxxxxx/xxxx-xxxxpredictiveÉlevé
100ArgumentxxxxxxxxpredictiveMoyen
101Argumentxxxxxxxx-xxxx-xxpredictiveÉlevé
102Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
103ArgumentxxxxxxxxpredictiveMoyen
104Argumentxxxx_xxpredictiveFaible
105Input Value-xpredictiveFaible
106Input ValuexxxxxxpredictiveFaible
107Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveÉlevé
108Input ValuexxxxxpredictiveFaible
109Input ValuexxxxxxpredictiveFaible
110Network Portxxx/xx (xxx xxxxxxxx)predictiveÉlevé
111Network Portxxx xxxxxx xxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!