Eternity Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (310)

Chronologie

Langue

en230
ru28
de12
ja12
pl6

De campagne

ru100
cn26
us24
es2
gb2

Acteurs

Lilith3
RedLine Stealer3
Sliver2
CredStealer1
TeamTNT1

Activités

Intérêt

Chronologie

Taper

Not Defined132
Operating System22
WordPress Plugin20
Content Management System14
Virtualization Software8

Fournisseur

Not Defined102
Apple10
Apache8
Google8
Cisco8

Produit

Apple macOS10
PHPWind4
Google Chrome4
Perl4
QEMU4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.17CVE-2010-0966
2MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.89CVE-2007-0354
3Atlassian Bitbucket Server and Data Center Environment Variable elévation de privilèges7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.610940.02CVE-2022-43781
4Atlassian Bitbucket Data Center/Bitbucket Server Privilege Escalation8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.05CVE-2023-22513
5Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash elévation de privilèges6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.04CVE-2017-6342
6Cyr to Lat Plugin sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.03CVE-2022-4290
7nophp index.php elévation de privilèges7.47.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.03CVE-2023-28854
8SourceCodester Simple Task Allocation System manage_user.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001320.04CVE-2023-1791
9SourceCodester Young Entrepreneur E-Negosyo System login.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.001350.14CVE-2023-1737
10Lighthouse Development Squirrelcart cart_content.php elévation de privilèges6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.027310.00CVE-2006-2483
11Jelsoft impex ImpExData.php elévation de privilèges7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.043170.04CVE-2006-1382
12phpBG forum.php elévation de privilèges7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.222280.04CVE-2007-4636
13Linux Foundation Xen EFLAGS Register SYSENTER elévation de privilèges6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
14PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.09CVE-2015-4134
15HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.02CVE-2020-7132
16xwikisas macro-pdfviewer PDF Viewer Macro divulgation de l'information6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-30263
17Moises Heberle WooCommerce Bookings Calendar Plugin cross site scripting5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
18Foxit PDF Reader AcroForm buffer overflow6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-30354
19Tenda AC10 SetStaticRouteCfg fromSetRouteStatic buffer overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-2581
20MediaTek MT8798 Lk buffer overflow6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-20022

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • LilithBot

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
145.9.148.203EternityLilithBot09/10/2022verifiedÉlevé
2XX.XX.XXX.XXXxxxxxxxXxxxxxxxx09/10/2022verifiedÉlevé
3XX.XXX.XX.XXXXxxxxxxxXxxxxxxxx09/10/2022verifiedÉlevé
4XXX.X.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxXxxxxxxxx09/10/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22, CWE-425Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveÉlevé
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxxpredictiveÉlevé
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
20TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (173)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin.php/admin/art/data.htmlpredictiveÉlevé
2File/ajax.php?action=read_msgpredictiveÉlevé
3File/debug/pprofpredictiveMoyen
4File/desktop_app/file.ajax.php?action=uploadfilepredictiveÉlevé
5File/envpredictiveFaible
6File/forum/away.phppredictiveÉlevé
7File/goform/SetNetControlListpredictiveÉlevé
8File/goform/SetStaticRouteCfgpredictiveÉlevé
9File/librarian/bookdetails.phppredictiveÉlevé
10File/ptipupgrade.cgipredictiveÉlevé
11File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveÉlevé
12File/src/chatbotapp/chatWindow.javapredictiveÉlevé
13File/staff/bookdetails.phppredictiveÉlevé
14Fileabout.phppredictiveMoyen
15Fileadmin.color.phppredictiveÉlevé
16Fileadmin/addons/archive/archive.phppredictiveÉlevé
17Fileadmin/categories_industry.phppredictiveÉlevé
18Fileadmin/class-woo-popup-admin.phppredictiveÉlevé
19Fileadmin/content/postcategorypredictiveÉlevé
20Fileadmincp/auth/secure.phppredictiveÉlevé
21Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveÉlevé
22Filexxxxxxxxx.xxxpredictiveÉlevé
23Filexxxxx.xxxpredictiveMoyen
24Filexxx_xx_xxx_xxx.xxxpredictiveÉlevé
25Filexxxxxxx/xxxx.xxxpredictiveÉlevé
26Filexxxxxxxx.xxxpredictiveMoyen
27Filexxxxxxxx.xxxxxxx.xxxpredictiveÉlevé
28Filexxxx_xxxxxxxx.xxxpredictiveÉlevé
29Filexxx.xpredictiveFaible
30Filexxxxx.xxxpredictiveMoyen
31Filexxxx_xxxxxxx.xxxpredictiveÉlevé
32Filexxxxxxxx.xxxpredictiveMoyen
33FilexxxpredictiveFaible
34Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveÉlevé
35Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
36Filexxxxxxxxx/xx_xxxxx.xxxxx.xxxpredictiveÉlevé
37Filexxxxxx.xxxpredictiveMoyen
38Filexxxxxxx/xxx/xxx-xx.xpredictiveÉlevé
39Filexxx_xxxx.xpredictiveMoyen
40Filexxxxx.xxxpredictiveMoyen
41Filexxx/xxxxx.xxxxxpredictiveÉlevé
42Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictiveÉlevé
43Filexxxxxxxxxxxx_xxxx.xxxpredictiveÉlevé
44Filexxxx.xxxpredictiveMoyen
45Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveÉlevé
46Filexxxxxx.xxxpredictiveMoyen
47Filexxxxxxxxx.xxxpredictiveÉlevé
48Filexxx/xxxxxx.xxxpredictiveÉlevé
49Filexxxxxxx/xxxxx.xxx.xxxpredictiveÉlevé
50Filexxxxxxx/xxxxxx.xxxpredictiveÉlevé
51Filexxxxxxxx/xxxx.xxxpredictiveÉlevé
52Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictiveÉlevé
53Filexxxxx.xxxxpredictiveMoyen
54Filexxxxx.xxxpredictiveMoyen
55Filexxxxxx/xxxxxx/xxxxx.xxxpredictiveÉlevé
56Filexx_xxxxx.xpredictiveMoyen
57Filexxxxx_xxxxx.xpredictiveÉlevé
58Filexxxxxx/xxx/xxxxxxxx.xpredictiveÉlevé
59Filexxxxxxxx.xxx.xxxpredictiveÉlevé
60Filexxxxxxxx/xxxx_xxxxxxx/xxxx_xxxx_xxxxx.xxxpredictiveÉlevé
61Filexxxx.xxxpredictiveMoyen
62Filexxxxx.xxxpredictiveMoyen
63Filexxxxx.xxxpredictiveMoyen
64Filexxxxxx_xxxx.xxxpredictiveÉlevé
65Filexxxxxx.xxxpredictiveMoyen
66Filexxxxxxxx.xxxpredictiveMoyen
67Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveÉlevé
68Filexxx/xxxxxxxxx/xx_xxx_xxxxxx.xpredictiveÉlevé
69Filexxxx_xxxxxx.xxxpredictiveÉlevé
70Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
71Filexxxxxxxxxxx-xxxx.xxpredictiveÉlevé
72Filexxxxxxxxx.xxx.xxxpredictiveÉlevé
73Filexxxxxxxxx/xxxxx.xxxxxpredictiveÉlevé
74Filexxxxxxxxxxxxxx.xxxpredictiveÉlevé
75Filexxxxx/xxxxx.xxxxxpredictiveÉlevé
76Filexxxxxxx.xpredictiveMoyen
77Filexxxxxxxx.xxxpredictiveMoyen
78Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
79Filexx_xxxx.xxpredictiveMoyen
80Filexxxxxx-xxxxxx.xxxpredictiveÉlevé
81Filexxxxxx_xxx_xxxxxx.xxxpredictiveÉlevé
82Filexxxx_xxxxxxxxx.xxxpredictiveÉlevé
83Filexxxxxxxxxxxx.xxxpredictiveÉlevé
84Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveÉlevé
85Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveÉlevé
86Filexxxxxxxxx/xxxxxxxx.xxxpredictiveÉlevé
87Filexxx.xpredictiveFaible
88FilexxxxxxxxxxxxxxxxpredictiveÉlevé
89Filexxxxxxx_xxxxxxx.xxxpredictiveÉlevé
90Filexxxxxxxxx-xx-xxxxxxxx.xxxpredictiveÉlevé
91Filexxxxxxxxxx.xxxpredictiveÉlevé
92Filexxx-xxxxxxx-xxx.xxpredictiveÉlevé
93Filexxxx-xxxxx.xxxpredictiveÉlevé
94Filexxxxxxxxxxxxxxx.xxxpredictiveÉlevé
95Filexxxxxxx.xpredictiveMoyen
96Filexxxxxxxxx.xxxpredictiveÉlevé
97Filexxx.xxxpredictiveFaible
98Filexx-xxxxx-xxxxxx.xxxpredictiveÉlevé
99Filexx-xxxxxxxxx.xxxpredictiveÉlevé
100File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveÉlevé
101Library/xxx/xxx/xxx/x.x/xxxx/xxxxxxxxxx/xxx.xxxpredictiveÉlevé
102Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
103Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveÉlevé
104Libraryxxxxxxx.xxxpredictiveMoyen
105Libraryxxxxx.xxxpredictiveMoyen
106Libraryxxxxxxxxxxxxx.xxx)predictiveÉlevé
107ArgumentxxxxxxpredictiveFaible
108ArgumentxxxxxxxxxxxpredictiveMoyen
109ArgumentxxxpredictiveFaible
110Argumentxxxxxxx_xxxxpredictiveMoyen
111Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveÉlevé
112ArgumentxxxxxxpredictiveFaible
113ArgumentxxxxxxxxpredictiveMoyen
114ArgumentxxxxxxpredictiveFaible
115Argumentx:\xxxxxxx\xpredictiveMoyen
116Argumentxxxxx_xxxxpredictiveMoyen
117Argumentxxxx_xxx_xxxxpredictiveÉlevé
118Argumentxxx_xxpredictiveFaible
119ArgumentxxxxxxxxxxpredictiveMoyen
120ArgumentxxxpredictiveFaible
121Argumentxxxxx_xxpredictiveMoyen
122ArgumentxxxxxxxxpredictiveMoyen
123ArgumentxxxxxxxxxxxxxxxxxpredictiveÉlevé
124Argumentxxx_xxxpredictiveFaible
125Argumentxxxxx_xxxx_xxxxpredictiveÉlevé
126ArgumentxxxxpredictiveFaible
127ArgumentxxxxpredictiveFaible
128Argumentxxxx_xxxxxpredictiveMoyen
129ArgumentxxxxxxxxpredictiveMoyen
130Argumentxxxxxx_xxxpredictiveMoyen
131ArgumentxxxxpredictiveFaible
132ArgumentxxpredictiveFaible
133ArgumentxxxxxxxxxpredictiveMoyen
134Argumentxxx_xxxpredictiveFaible
135ArgumentxxxxxxxpredictiveFaible
136ArgumentxxxxxxpredictiveFaible
137Argumentxxxxx_xxxpredictiveMoyen
138ArgumentxxxxxxxxpredictiveMoyen
139ArgumentxxxxpredictiveFaible
140ArgumentxxxxpredictiveFaible
141Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveÉlevé
142Argumentxxxxxxxxx_xxxx_xxxxpredictiveÉlevé
143ArgumentxxxxxpredictiveFaible
144ArgumentxxpredictiveFaible
145Argumentxxxxxx xxxxxxpredictiveÉlevé
146Argumentxxxx_xxpredictiveFaible
147ArgumentxxxxpredictiveFaible
148ArgumentxxxxxxxxxpredictiveMoyen
149Argumentxxxxx_xxxx_xxxxpredictiveÉlevé
150Argumentxxxxx_xxxxxxx_xxxxpredictiveÉlevé
151ArgumentxxxpredictiveFaible
152ArgumentxxxxxxxxxpredictiveMoyen
153ArgumentxxxxxxxpredictiveFaible
154Argumentxxx_xxxxpredictiveMoyen
155Argumentx_xxxxpredictiveFaible
156ArgumentxxxxxxxpredictiveFaible
157Argumentxxxxxx/xxxxxx_xxxxxxpredictiveÉlevé
158Argumentxxxxxx/xxxxxpredictiveMoyen
159ArgumentxxxpredictiveFaible
160ArgumentxxxxxpredictiveFaible
161Argumentxxx_xxxxxxxxxxxxpredictiveÉlevé
162ArgumentxxxxxxxxxxpredictiveMoyen
163Argumentxx_xxpredictiveFaible
164ArgumentxxxxxxxxxxxpredictiveMoyen
165ArgumentxxpredictiveFaible
166ArgumentxxxpredictiveFaible
167ArgumentxxxxxxpredictiveFaible
168ArgumentxxxxxxxxpredictiveMoyen
169Argumentx_xxxxxxxxpredictiveMoyen
170Argumentx-xxxxxxxxx-xxxxpredictiveÉlevé
171Argument\xxx\predictiveFaible
172Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveÉlevé
173Input Value//xxx//xxxxxxx.xxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!