Packrat Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

Chronologie

Langue

en64
pt16
es6

De campagne

br42
es8
cl4
us2

Acteurs

Packrat3

Activités

Intérêt

Chronologie

Taper

Not Defined16
Operating System10
Office Suite Software8
SSH Server Software2
Smartphone Operating System2

Fournisseur

Microsoft16
Not Defined12
Sun4
DZCP2
Google2

Produit

Microsoft Windows6
Microsoft Office6
Sun Solaris4
DZCP deV!L`z Clanportal2
Dropbear SSH2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Dropbear SSH elévation de privilèges8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.029110.04CVE-2016-7406
2OpenSSL Non-prime Moduli BN_mod_sqrt dénie de service6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.013420.00CVE-2022-0778
3VMware ESXi Host Client Stored cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000760.00CVE-2017-4940
4HP Integrated Lights-Out IPMI Protocol elévation de privilèges8.28.0$5k-$25k$0-$5kHighWorkaround0.271960.02CVE-2013-4786
5Apache HTTP Server mod_reqtimeout dénie de service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.00CVE-2007-6750
6Linux Kernel Socket Buffer virtio_bt.c dénie de service5.75.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.02CVE-2022-26878
7Microsoft Windows LSA divulgation de l'information6.45.9$25k-$100k$5k-$25kFunctionalOfficial Fix0.852870.03CVE-2021-36942
8Dropbear SSH dbclient/server Memory divulgation de l'information4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.01CVE-2016-7409
9Dropbear SSH dropbearconvert elévation de privilèges8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009560.02CVE-2016-7407
10phpMyAdmin grab_globals.lib.php directory traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023340.12CVE-2005-3299
11Ietf MD5 chiffrement faible5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.012240.00CVE-2004-2761
12Sun Solaris Authentication authentification faible9.89.6$5k-$25k$0-$5kHighWorkaround0.012970.02CVE-1999-0502
13TP-LINK TL-WR840N buffer overflow5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000920.00CVE-2022-26642
14HP Intelligent Management Center tftpserver.exe elévation de privilèges10.09.5$25k-$100kCalculateurNot DefinedOfficial Fix0.057500.00CVE-2011-1853
15Microsoft Windows SMB Processor EducatedScholar dénie de service7.37.0$5k-$25k$0-$5kHighOfficial Fix0.972880.00CVE-2009-3103
16avahi socket.c dénie de service5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.075140.00CVE-2011-1002
17OpenSSL EC divulgation de l'information3.13.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002720.00CVE-2021-4160
18Linux Kernel KVM elévation de privilèges7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000560.03CVE-2021-3653
19Fortinet FortiMail directory traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000930.00CVE-2021-24013
20Fortinet FortiMail Identity-Based Encryption Service chiffrement faible4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.00CVE-2021-26099

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
146.246.89.246joana.homework.spacePackrat24/12/2020verifiedÉlevé
250.62.133.49ip-50-62-133-49.ip.secureserver.netPackrat24/12/2020verifiedÉlevé
3XXX.XXX.X.XXxxxxxxxx.xxxxxx.xxx.xxXxxxxxx24/12/2020verifiedÉlevé
4XXX.XXX.XX.XXxxxxxxxx.xxxxxx.xxx.xxXxxxxxx24/12/2020verifiedÉlevé
5XXX.XXX.XXX.XXXxxxxxxxx.xxxxxx.xxx.xxXxxxxxx24/12/2020verifiedÉlevé
6XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxxxxxxx.xxXxxxxxx24/12/2020verifiedÉlevé
7XXX.XXX.XXX.XXXxxxxxxxx-xxxxxx-xxx-xxx-xxx.xxxxxxxxxxxxx.xxxXxxxxxx24/12/2020verifiedÉlevé
8XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxx24/12/2020verifiedÉlevé
9XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxx24/12/2020verifiedÉlevé

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1059CWE-94Argument InjectionpredictiveÉlevé
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1Fileapi/sms_check.phppredictiveÉlevé
2Fileavahi-core/socket.cpredictiveÉlevé
3Filechmextract.cpredictiveMoyen
4Filexxxxxxx/xxxxxxxxx/xxxxxx_xx.xpredictiveÉlevé
5Filexxxx_xxxxxxx.xxx.xxxpredictiveÉlevé
6Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
7Filexxxxx.xxxpredictiveMoyen
8Filexxxxxx_xxx.xpredictiveMoyen
9Filexxxxx-xxx.xpredictiveMoyen
10Filexxxxxxxxxx.xxxpredictiveÉlevé
11Libraryxxxxxxxx.xxxpredictiveMoyen
12Argument-xpredictiveFaible
13ArgumentxxxxpredictiveFaible
14Argumentxxx_xxxpredictiveFaible
15ArgumentxxxxxpredictiveFaible
16ArgumentxxxxxxxxpredictiveMoyen
17ArgumentxxxxxxxxpredictiveMoyen
18ArgumentxxxxpredictiveFaible
19Argumentxxxxxxxx/xxxxpredictiveÉlevé
20Argumentx_xx_xxxxxxxxxxxxxxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!