Necro Analyse

IOB - Indicator of Behavior (182)

Chronologie

Langue

en172
ru4
de4
pl2

De campagne

us44
ru12
de6
pl4
jp2

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

Cryptocat12
Uniqkey Password Manager6
Sricam IP CCTV Camera4
Solare Solar-Log4
V-Zug Combi-Steam MSLQ4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1Symantec Endpoint Protection Manager Management Console secars.dll buffer overflow9.68.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.00680CVE-2013-1612
2OpenSSH Key Exchange Initialization kex_input_kexinit dénie de service7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.78351CVE-2016-8858
3FileZilla Server PORT elévation de privilèges4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.160.00052CVE-2015-10003
4vsftpd deny_file vulnérabilité inconnue3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00312CVE-2015-1419
5Oracle PeopleSoft Enterprise PeopleTools Rich Text Editor elévation de privilèges6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00322CVE-2018-3132
6WordPress URL elévation de privilèges8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01530CVE-2019-17669
7Moodle sql injection7.17.1$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00070CVE-2023-28329
8BrotherScripts Business Directory articlesdetails.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00122CVE-2010-4969
9SourceCodester Medical Hub Directory Site view_details.php sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00190CVE-2022-28533
10pdfkit URL elévation de privilèges8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.020.28060CVE-2022-25765
11nginx elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.100.00241CVE-2020-12440
12D-Link Router alpha_auth_check elévation de privilèges9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.01314CVE-2013-6026
13OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00250CVE-2005-1612
14package nested-object-assign Prototype elévation de privilèges7.36.6$0-$5kCalculateurProof-of-ConceptOfficial Fix0.000.00101CVE-2021-23329
15Backdoor.Win32.Anaptix.bd elévation de privilèges6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
16Apple Safari WebRTC buffer overflow6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.01152CVE-2022-2294
17ISS BlackICE PC Protection Cross Site Scripting Detection elévation de privilèges5.34.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.050.00186CVE-2003-5001
18ISS BlackICE PC Protection Update cross site scripting5.04.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.070.00067CVE-2003-5003
19ISS BlackICE PC Protection Update chiffrement faible3.73.7$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00067CVE-2003-5002
20Mozilla Firefox String vulnérabilité inconnue4.34.1$25k-$100k$0-$5kProof-of-ConceptUnavailable0.040.00202CVE-2005-2602

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CWE-94Argument InjectionpredictiveÉlevé
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (92)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/adminpredictiveFaible
2File/admin/conferences/get-all-status/predictiveÉlevé
3File/admin/conferences/list/predictiveÉlevé
4File/admin/countrymanagement.phppredictiveÉlevé
5File/admin/general/change-langpredictiveÉlevé
6File/admin/group/list/predictiveÉlevé
7File/admin/renewaldue.phppredictiveÉlevé
8File/admin/usermanagement.phppredictiveÉlevé
9File/artist-display.phppredictiveÉlevé
10File/backups/predictiveMoyen
11File/catcompany.phppredictiveÉlevé
12File/xxx-xxx/xxxxxxxxxxxxpredictiveÉlevé
13File/xxxx-xxxxxx.xxxpredictiveÉlevé
14File/xxxxx/xxxxxxxx-xxxxxxx.xxxpredictiveÉlevé
15File/xxxxxxxxx.xxxpredictiveÉlevé
16File/xxxx/xxxxxx/xxxx_xxxxxxx.xxxpredictiveÉlevé
17File/xxxxxxx/xxxxxxx/xxxxx.xxxpredictiveÉlevé
18File/xxxxx.xxxpredictiveMoyen
19File/xxxx-xxxxxx-xxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveÉlevé
20File/xxxxxxxxx/xxxxx.xxxpredictiveÉlevé
21File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
22File/xxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveÉlevé
23File/xxx/xxxx/_xxxxxxxx/xxxxxxxxxxxxx.xxx.xxxpredictiveÉlevé
24File/xxxxxx/xxxx.xxxpredictiveÉlevé
25File/xxxxxxx/?/xxxxx/xxxx/xxxpredictiveÉlevé
26Filexxxxx/xxx/xxxxxxxxxxxxpredictiveÉlevé
27Filexxxxx/xxxxxx-xxxxxx.xxxpredictiveÉlevé
28Filexxxxxxxxxxxxxxx.xxxpredictiveÉlevé
29Filexxxxxxxxxxxxxx/xxxx/xxxx/xx.xxxxxxxxxx.xx_xxxx/xxx.xxx.xxx.xxxxxxxxx.xxxxxxx/xxx_xx_xxxx_xxxx_xxx/xxx_xx_xxxx_xxxx_xxx.xxx/xxxxpredictiveÉlevé
30Filexxxxxxxxx.xpredictiveMoyen
31Filexxxx.xxxpredictiveMoyen
32Filex:\predictiveFaible
33Filexxx-xxx/xxx/xxxxxxxx_xxx.xxxpredictiveÉlevé
34Filexxxxxxx.xxxpredictiveMoyen
35Filexxxxxxxxx.xxpredictiveMoyen
36Filexxx_xxxxxx_xxxx_xxxxxx.xpredictiveÉlevé
37Filexxxx_xxxxxxx.xxx.xxxpredictiveÉlevé
38Filexxxxx.xxxpredictiveMoyen
39Filexx-xxx-xxxxxxxxx.xpredictiveÉlevé
40Filexxxx_xxxx.xxxpredictiveÉlevé
41Filexx/xxxx.xxxpredictiveMoyen
42Filexxx/xxxxxx/xx_xxxxxx.xpredictiveÉlevé
43Filexxx/xxxxxxx/xxxxxxx/xxxxxxx.xxxxpredictiveÉlevé
44Filexxxx.xxxpredictiveMoyen
45Filexxxxxxxxx.xxxxpredictiveÉlevé
46Filexxxxx.xxxpredictiveMoyen
47Filexxxxxxx.xxpredictiveMoyen
48Filexxxx/xxx-xxx.xxxpredictiveÉlevé
49Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveÉlevé
50Filexxxxxxxxx.xxxpredictiveÉlevé
51Filexxxxxxx/xxxxx/xxxxx.xxxxpredictiveÉlevé
52Filexx-xxxxx/xxxxx.xxxpredictiveÉlevé
53Filexxxxx.xpredictiveFaible
54Libraryxxxxxxxxxxx.xxxpredictiveÉlevé
55Libraryxxxxxx.xxxpredictiveMoyen
56Argument--xx xxxpredictiveMoyen
57ArgumentxxxpredictiveFaible
58ArgumentxxpredictiveFaible
59Argumentxxxxxxx_xxxxx_xxpredictiveÉlevé
60Argumentxxxx_xxpredictiveFaible
61Argumentxxxxxxxxxxxx/xxxxxxxpredictiveÉlevé
62ArgumentxxxxpredictiveFaible
63ArgumentxxxxxpredictiveFaible
64ArgumentxxxxxxpredictiveFaible
65Argumentxxxx/xxxxxx/xxxpredictiveÉlevé
66ArgumentxxpredictiveFaible
67Argumentxxxx[]predictiveFaible
68ArgumentxxxxpredictiveFaible
69ArgumentxxxxpredictiveFaible
70Argumentxxxxx_xx/xxxxxpredictiveÉlevé
71ArgumentxxxxxxxpredictiveFaible
72Argumentxxxxxxxx_xxxpredictiveMoyen
73Argumentxxxxxxxx_xxxpredictiveMoyen
74ArgumentxxxxxxpredictiveFaible
75ArgumentxxxxxxpredictiveFaible
76ArgumentxxxpredictiveFaible
77ArgumentxxxpredictiveFaible
78ArgumentxxxxxpredictiveFaible
79Argumentxxxxxx_xxxpredictiveMoyen
80ArgumentxxxxxxxxpredictiveMoyen
81Argumentxxx_xxxxxpredictiveMoyen
82Argument_xpredictiveFaible
83Input Value/'-xxxxx(xxxxxxxx.xxxxxx)-'x/x/x/predictiveÉlevé
84Input Valuex' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveÉlevé
85Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveÉlevé
86Input ValuexxxxxxxxxxxxxxxxpredictiveÉlevé
87Input Value</xxxxx><xxx xxx=xx xxxxxxx=xxxxx(x)>predictiveÉlevé
88Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveÉlevé
89Input Valuexxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)predictiveÉlevé
90Input ValuexxxxxxxxpredictiveMoyen
91Input Valuexxxxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
92Network Portxxx xxxxxx xxxxpredictiveÉlevé

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!