FakeCrack Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (259)

Chronologie

Langue

en230
ru12
zh10
de4
fr2

De campagne

us78
cn30
tr26
ru4
gb2

Acteurs

FTP Info Stealer6
Cobalt Strike5
RedLine Stealer3
RedLine2
BazarBackdoor2

Activités

Intérêt

Chronologie

Taper

Not Defined122
Content Management System18
Operating System16
WordPress Plugin12
Bug Tracking Software10

Fournisseur

Not Defined98
Google12
GitLab8
Asus6
Linux6

Produit

GitLab Enterprise Edition8
Google Android8
Linux Kernel6
Cacti4
Netgear Nighthawk R67004

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1DeDeCMS Backend file_class.php elévation de privilèges6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.05CVE-2023-7212
2Microsoft Office Word Remote Code Execution7.06.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.013500.02CVE-2023-28311
3Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.973190.00CVE-2021-34473
4ThinkPHP elévation de privilèges8.58.4$0-$5k$0-$5kHighOfficial Fix0.974550.00CVE-2019-9082
5SmarterTools SmarterMail directory traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.04CVE-2019-7213
6cumin Server Certificate Validator authentification faible7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000900.04CVE-2013-0264
7kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.09CVE-2021-4438
8Campcodes House Rental Management System ajax.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-3719
9Linux Kernel BlueZ jlink.c jlink_init dénie de service3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2022-3637
10Huawei HG8245H URL divulgation de l'information7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001670.06CVE-2017-15328
11DeDeCMS co_do.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001900.02CVE-2018-19061
12DedeCMS selectimages.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000460.03CVE-2023-49493
13DeDeCMS select_images_post.php elévation de privilèges7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.019580.00CVE-2018-20129
14DedeCMS article_allowurl_edit.php elévation de privilèges6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000940.09CVE-2023-2928
15DeDeCMS downmix.inc.php Path divulgation de l'information5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.024220.02CVE-2018-6910
16Plesk Obsidian Login Page elévation de privilèges5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.001740.19CVE-2023-24044
17Tenda AC10U fromAddressNat buffer overflow6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.09CVE-2024-0927
18Xen Orchestra elévation de privilèges6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2021-36383
19Tiki Admin Password tiki-login.php authentification faible8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.02CVE-2020-15906
20Unisoc T760/T770/T820/S8000 Sim Service elévation de privilèges5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2023-42655

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
137.221.67.219FakeCrack30/07/2022verifiedÉlevé
245.135.134.211mail.hhllk.cnFakeCrack30/07/2022verifiedÉlevé
3XX.XXX.XXX.XXXXxxxxxxxx30/07/2022verifiedÉlevé
4XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx30/07/2022verifiedÉlevé
5XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxx30/07/2022verifiedMoyen
6XXX.XXX.XXX.XXxxxxxxxxx.xx.xxXxxxxxxxx30/07/2022verifiedÉlevé
7XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxx30/07/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22Path TraversalpredictiveÉlevé
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CWE-88, CWE-94Argument InjectionpredictiveÉlevé
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveÉlevé
13TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
17TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveÉlevé
18TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
19TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveÉlevé
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
21TXXXX.XXXCWE-XXXXxxxxxxxpredictiveÉlevé
22TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
23TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
24TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/acms/classes/Master.php?f=delete_cargopredictiveÉlevé
2File/admin.php/news/admin/topic/savepredictiveÉlevé
3File/admin/comn/service/update.jsonpredictiveÉlevé
4File/api/files/predictiveMoyen
5File/cgi-bin/touchlist_sync.cgipredictiveÉlevé
6File/dev/shmpredictiveMoyen
7File/dl/dl_print.phppredictiveÉlevé
8File/getcfg.phppredictiveMoyen
9File/ofcms/company-c-47predictiveÉlevé
10File/usr/sbin/httpdpredictiveÉlevé
11File/util/print.cpredictiveÉlevé
12File/web/MCmsAction.javapredictiveÉlevé
13Fileabc-pcie.cpredictiveMoyen
14Fileaccounts/payment_history.phppredictiveÉlevé
15Filexxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxxpredictiveÉlevé
16Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveÉlevé
17Filexxxx.xxxpredictiveMoyen
18Filexxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxpredictiveÉlevé
19Filexxxxxxxx.xxxpredictiveMoyen
20Filexxx-xxxx.xxxpredictiveMoyen
21Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
22Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
23Filexxxx_xxxxx.xxxpredictiveÉlevé
24Filexxxxxxxxx.xpredictiveMoyen
25Filexxxx\xx_xx.xxxpredictiveÉlevé
26Filexxxxxxx.xxxpredictiveMoyen
27Filexxxxxxx/xxx/xxx-xxx.xpredictiveÉlevé
28Filexxxxxxx/xxx/xx/xxxxxxxxxx.xpredictiveÉlevé
29Filexxxxxxxx.xxxpredictiveMoyen
30Filexxxx_xxxxx.xxxpredictiveÉlevé
31Filexxxxxxx_x.xpredictiveMoyen
32Filexxxxx_xxxxxxxx.xxxpredictiveÉlevé
33Filexxxxxx_xx.xpredictiveMoyen
34Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
35Filexxxxxxx/xxxxxxx.xxx.xxxpredictiveÉlevé
36Filexxxxx.xxxpredictiveMoyen
37Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveÉlevé
38Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveÉlevé
39Filexxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxxpredictiveÉlevé
40Filexxxxxxxx/xxxx_xxxx.xpredictiveÉlevé
41Filexxx_xxxxxx_xxxxxx.xxpredictiveÉlevé
42Filexxxx_xxxxxxxx_xxxxxxx.xxxpredictiveÉlevé
43Filexxxxxx/xxxxxxxx/xxx.xxxpredictiveÉlevé
44Filexxx_xxxxx.xpredictiveMoyen
45Filexxxxxxx/xxxxx.xpredictiveÉlevé
46Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveÉlevé
47Filexxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
48Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
49Filexxx_xxxxxxx.xpredictiveÉlevé
50Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveÉlevé
51Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictiveÉlevé
52Filexxxxxxx.xxxpredictiveMoyen
53Filexxxxx.xxxpredictiveMoyen
54Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveÉlevé
55Filexxxxxxx.xxxpredictiveMoyen
56Filexxxxxxxxxxxx.xxxpredictiveÉlevé
57Filexxxx.xxxpredictiveMoyen
58Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
59Filexx_xxxx/xx_xxxxxx.xpredictiveÉlevé
60Filexxx_xxxxxxxx.xpredictiveÉlevé
61Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
62Filexxxxxx/xxx/xx/xxx.xpredictiveÉlevé
63Filexxxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
64Filexxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxxpredictiveÉlevé
65Filexxxx-xxxxx.xxxpredictiveÉlevé
66Filexxxxxxx/xxxxx.xxxpredictiveÉlevé
67Filexxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxxpredictiveÉlevé
68Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveÉlevé
69Filexxxxxx.xxxpredictiveMoyen
70Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictiveÉlevé
71Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveÉlevé
72Filexxxxxxxx/xxxxxxxxpredictiveÉlevé
73Filexxxxx/xxxxx.xxpredictiveÉlevé
74Filexxxxx.xxxpredictiveMoyen
75Filexxxxxx/xx/xxxx.xxxpredictiveÉlevé
76Filexxxxxxxxx.xxxpredictiveÉlevé
77Libraryxxxxx.xxxpredictiveMoyen
78Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveÉlevé
79Argument$_xxxxxxx["xxx"]predictiveÉlevé
80Argumentxx_xxxxx_xxx_xxxxpredictiveÉlevé
81ArgumentxxxxxxxpredictiveFaible
82Argumentxxx_xxxxxxxxxxpredictiveÉlevé
83Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveÉlevé
84Argumentxxxxxx_xxxxpredictiveMoyen
85ArgumentxxxxxxxxxpredictiveMoyen
86ArgumentxxxpredictiveFaible
87ArgumentxxxxxxxxxxxxxxxpredictiveÉlevé
88ArgumentxxxxxxxxxpredictiveMoyen
89ArgumentxxxxxxxxxpredictiveMoyen
90Argumentxxxxxx x xxx xxxxxxxxxxpredictiveÉlevé
91Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveÉlevé
92Argumentxxxxx/xxxxxxxxpredictiveÉlevé
93Argumentxxxxxx_xxxx_xxxxxxxxpredictiveÉlevé
94Argumentxxxxxx/xxxxxxxxxxxx/xxxxpredictiveÉlevé
95ArgumentxxxxxxxxxpredictiveMoyen
96ArgumentxxxxpredictiveFaible
97ArgumentxxxxpredictiveFaible
98ArgumentxxpredictiveFaible
99ArgumentxxxxxxxxxpredictiveMoyen
100ArgumentxxxpredictiveFaible
101ArgumentxxxpredictiveFaible
102ArgumentxxxxxxxxxpredictiveMoyen
103ArgumentxxpredictiveFaible
104ArgumentxxxxpredictiveFaible
105ArgumentxxxxxxpredictiveFaible
106ArgumentxxxxxxxpredictiveFaible
107ArgumentxxxxxxxxpredictiveMoyen
108ArgumentxxxxxpredictiveFaible
109Argumentx_xxpredictiveFaible
110Argumentxxxxxx xxxxpredictiveMoyen
111ArgumentxxxxpredictiveFaible
112Argumentxxxx_xxpredictiveFaible
113ArgumentxxxxpredictiveFaible
114ArgumentxxxxxxxxxpredictiveMoyen
115ArgumentxxxxxxxxpredictiveMoyen
116ArgumentxxxxxxxxpredictiveMoyen
117ArgumentxxxxxxxxpredictiveMoyen
118ArgumentxxxxxpredictiveFaible
119ArgumentxxxxxpredictiveFaible
120Input Value../predictiveFaible
121Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveÉlevé
122Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveÉlevé
123Network Portxxx/xxxpredictiveFaible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!