KillSomeOne Analyse

IOB - Indicator of Behavior (378)

Chronologie

Langue

en298
de64
es6
fr4
ko2

De campagne

us152
gb2

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

Microsoft Windows8
Apple iOS2
Apple iPadOS2
ZenPhoto2
ZyXEL NAS 3262

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.680.00943CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3jforum User elévation de privilèges5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00289CVE-2019-7550
4MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.560.01302CVE-2007-0354
5Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.000.00784CVE-2006-3347
6DZCP deV!L`z Clanportal browser.php divulgation de l'information5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined1.360.02733CVE-2007-1167
7Devilz Clanportal File Upload vulnérabilité inconnue5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.05362CVE-2006-6338
8Lars Ellingsen Guestserver guestserver.cgi elévation de privilèges9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00266CVE-2001-0180
9YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01240CVE-2004-2402
10Tiki Admin Password tiki-login.php authentification faible8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix2.800.00936CVE-2020-15906
11jforum cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00118CVE-2012-5337
12Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.150.00169CVE-2005-4222
13WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.00804CVE-2006-5509
14PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.02101CVE-2007-1287
15Microsoft Windows Runtime Remote Code Execution8.17.4$100k et plus$5k-$25kUnprovenOfficial Fix0.000.40206CVE-2022-21971
16Jasper imginfo bmp_dec.c bmp_getdata dénie de service5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00314CVE-2016-8690
17Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000.00684CVE-2006-6339
18ZyXEL NAS 326 Python Web Server elévation de privilèges7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00197CVE-2019-10633
19ZenPhoto elévation de privilèges5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00391CVE-2018-0610
20Microsoft Windows Kernel-Mode Driver win32k elévation de privilèges7.06.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.00056CVE-2016-3309

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1160.20.147.254KillSomeOne31/05/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1059CWE-94Argument InjectionpredictiveÉlevé
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1Fileaddentry.phppredictiveMoyen
2Fileadmin_add.phppredictiveÉlevé
3Fileassets/add/registrar-accounts.phppredictiveÉlevé
4Filedata/gbconfiguration.datpredictiveÉlevé
5Filexxxxx.xxxpredictiveMoyen
6Filexxxxxxxxx.xxxpredictiveÉlevé
7Filexxxxxxxxxxx.xxxpredictiveÉlevé
8Filexxx/xxxxxx.xxxpredictiveÉlevé
9Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
10Filexxxxx.xxxpredictiveMoyen
11Filexxxxxxxxx/xxx/xxx_xxx.xpredictiveÉlevé
12Filexxxx.xxxpredictiveMoyen
13Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveÉlevé
14Filexxxx-xxxxx.xxxpredictiveÉlevé
15Filexxxxx.xxxpredictiveMoyen
16Filexxxx.xxpredictiveFaible
17LibraryxxxxxxpredictiveFaible
18Argumentxx_xxxxx_xxx_xxxxpredictiveÉlevé
19ArgumentxxxxxxxxpredictiveMoyen
20ArgumentxxxxxpredictiveFaible
21ArgumentxxxxxpredictiveFaible
22ArgumentxxxxpredictiveFaible
23ArgumentxxpredictiveFaible
24ArgumentxxxpredictiveFaible
25ArgumentxxxpredictiveFaible
26Argumentxxxxxxxx/xxxxxxxx xx/xxxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!