MsAttacker Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (12)

Chronologie

Langue

en10
zh2

De campagne

cn8
us4

Acteurs

MsAttacker2
APT411
MyKings1

Activités

Intérêt

Chronologie

Taper

Operating System6
Not Defined4
Forum Software2

Fournisseur

Not Defined8
Orange2
Webwizguide2

Produit

FreeBSD6
FineCMS2
Orange Livebox2
Webwizguide Web Wiz Forums2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1PHP Scripts Mall hotel-booking-script cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00058CVE-2018-15190
2guzzlehttp psr7 Header Parser elévation de privilèges6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00095CVE-2022-24775
3DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.670.00943CVE-2010-0966
4Webwizguide Web Wiz Forums Filters functions_filters.asp formatSQLInput sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00369CVE-2007-1548
5Orange Livebox Service Port 8080 get_getnetworkconf.cgi elévation de privilèges8.58.3$0-$5k$0-$5kNot DefinedWorkaround0.020.02105CVE-2018-20377
6FreeBSD sendmsg(2) elévation de privilèges7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00070CVE-2016-1887
7FreeBSD portsnap elévation de privilèges7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00000
8FreeBSD setgroups Syscall elévation de privilèges7.87.3$5k-$25k$0-$5kUnprovenOfficial Fix0.020.00042CVE-2016-1881
9FineCMS Redirector Weixin.php6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.070.00121CVE-2017-11586
10Oracle WebLogic Server vulnérabilité inconnue5.34.6$25k-$100k$0-$5kUnprovenOfficial Fix0.020.01156CVE-2014-4241
11CodeIgniter Sendmail Email.php elévation de privilèges8.58.1$0-$5k$0-$5kNot DefinedOfficial Fix0.130.04920CVE-2016-10131

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
123.27.127.200MsAttacker24/12/2020verifiedÉlevé
2XXX.XX.XXX.XXxxxxxxxxx24/12/2020verifiedÉlevé
3XXX.XX.XXX.XXXxxxxxxxxx24/12/2020verifiedÉlevé
4XXX.XX.XXX.XXXXxxxxxxxxx24/12/2020verifiedÉlevé

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
2T1059CWE-94Argument InjectionpredictiveÉlevé
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/get_getnetworkconf.cgipredictiveÉlevé
2Filecontrollers/Weixin.phppredictiveÉlevé
3Filexxxxxxxxx/xxxxxxxxx_xxxxxxx.xxxpredictiveÉlevé
4Filexxx/xxxxxx.xxxpredictiveÉlevé
5Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveÉlevé
6ArgumentxxxxxxxxpredictiveMoyen
7Argumentxxxxx->xxxxpredictiveMoyen
8Argumentxxxxx xxxx/xxxx xxxx/xxxxxxx xxxxxpredictiveÉlevé
9ArgumentxxxxpredictiveFaible
10ArgumentxxxpredictiveFaible
11Network Portxxx/xxxxpredictiveMoyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!