PoshC2 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (509)

Chronologie

Langue

en374
de110
zh12
es8
pl4

De campagne

us396
cn20
ru12
es6
th2

Acteurs

PoshC214
Cobalt Strike3
RecordBreaker2
KingMiner1
PLEASE_READ_ME_VVV1

Activités

Intérêt

Chronologie

Taper

Not Defined102
Forum Software20
Operating System18
Content Management System12
Web Server10

Fournisseur

Not Defined72
Microsoft16
Apple14
Apache12
Asus10

Produit

Microsoft Windows10
Apple QuickTime6
HP Support Assistant4
Apache Tomcat4
PHP4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.12CVE-2010-0966
3TikiWiki tiki-register.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010092.97CVE-2006-6168
4FreeBSD FPU x87 Register divulgation de l'information4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
5Russcom Network Loginphp register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.006770.02CVE-2006-2160
6Jelsoft vBulletin register.php dénie de service7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.015620.00CVE-2006-4272
7CONTROLzx HMS register_domain.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
8Ultimate PHP Board register.php vulnérabilité inconnue5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.00CVE-2006-3206
9SloughFlash SF-Users register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.005870.00CVE-2006-2167
10Linux Kernel FXSAVE x87 Register chiffrement faible4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001010.05CVE-2006-1056
11MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.02CVE-2007-0354
12Cisco AnyConnect Secure Mobility Client Profile Editor XML External Entity4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000740.00CVE-2018-0100
13Citrix Workspace App Automatic Updater Service elévation de privilèges7.57.5$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000880.03CVE-2020-8207
14X7 Group X7 Chat register.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006150.02CVE-2006-2282
15Kailash Nadh boastMachine Admin Interface register.php cross site scripting4.33.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.008070.02CVE-2006-3826
16GeoClassifieds Enterprise register.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
17PhotoPost PHP register.php elévation de privilèges5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
18Tritanium Bulletin Board register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.006770.03CVE-2006-1815
19nginx elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.87CVE-2020-12440
20Asus RT-AX82U HTTP Request get_IFTTTTtoken.cgi Remote Code Execution8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.002180.04CVE-2022-35401

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • PoshC2

IOC - Indicator of Compromise (37)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
13.120.209.174ec2-3-120-209-174.eu-central-1.compute.amazonaws.comPoshC216/01/2024verifiedMoyen
23.253.77.60ec2-3-253-77-60.eu-west-1.compute.amazonaws.comPoshC227/10/2023verifiedMoyen
313.48.77.144ec2-13-48-77-144.eu-north-1.compute.amazonaws.comPoshC201/11/2023verifiedMoyen
413.78.10.244PoshC213/02/2024verifiedÉlevé
518.134.14.164ec2-18-134-14-164.eu-west-2.compute.amazonaws.comPoshC211/10/2023verifiedMoyen
635.80.38.180ec2-35-80-38-180.us-west-2.compute.amazonaws.comPoshC202/01/2024verifiedMoyen
735.202.253.4545.253.202.35.bc.googleusercontent.comPoshC227/03/2022verifiedMoyen
845.79.196.20345-79-196-203.ip.linodeusercontent.comPoshC219/10/2023verifiedÉlevé
9XX.XXX.XXX.XXXXxxxxx27/01/2024verifiedÉlevé
10XX.XXX.XXX.XXXXxxxxx22/06/2021verifiedÉlevé
11XX.XXX.XX.XXXxxxxx22/11/2023verifiedÉlevé
12XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxx04/01/2024verifiedÉlevé
13XX.XXX.XXX.XXXXxxxxx15/11/2023verifiedÉlevé
14XX.XX.XXX.XXxxxxxxxxxxxxxxxxx.xx.xxxxxxxxx.xxxXxxxxx10/12/2023verifiedÉlevé
15XX.XXX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx11/11/2023verifiedÉlevé
16XX.XXX.X.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx16/10/2023verifiedÉlevé
17XX.XX.XXX.XXxxxxxxxx.xx-xx-xx-xxx.xxXxxxxx26/10/2023verifiedÉlevé
18XX.XXX.XX.XXXxxxxxxx.xxxxxx.xxxXxxxxx09/10/2023verifiedÉlevé
19XX.XXX.XXX.XXXXxxxxx17/10/2022verifiedÉlevé
20XXX.XX.XXX.XXXXxxxxx22/06/2021verifiedÉlevé
21XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx22/11/2023verifiedÉlevé
22XXX.XXX.XXX.XXXxxxxx07/11/2023verifiedÉlevé
23XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxx02/01/2024verifiedÉlevé
24XXX.XXX.XXX.XXXxxxx-xxx.xxx.xxx.xxx-xxxxxx.xxxxxx.xxxXxxxxx03/04/2024verifiedÉlevé
25XXX.XXX.XXX.XXXxxxxx10/12/2023verifiedÉlevé
26XXX.XXX.XX.XXXXxxxxx19/10/2023verifiedÉlevé
27XXX.XX.XX.XXXXxxxxx09/01/2024verifiedÉlevé
28XXX.XX.XXX.XXXxxxxx20/02/2024verifiedÉlevé
29XXX.XXX.XXX.XXXXxxxxx25/01/2024verifiedÉlevé
30XXX.XXX.XX.XXxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx15/12/2023verifiedÉlevé
31XXX.XX.XXX.XXxxx-xxx-xx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx09/11/2023verifiedMoyen
32XXX.XXX.XX.XXXxxxxx26/01/2024verifiedÉlevé
33XXX.XXX.XXX.XXXxxxxx17/10/2023verifiedÉlevé
34XXX.XXX.XX.XXXxxxxx22/06/2021verifiedÉlevé
35XXX.XXX.XXX.XXXXxxxxx09/10/2023verifiedÉlevé
36XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx20/10/2023verifiedÉlevé
37XXX.XXX.XXX.XXXxxxxXxxxxx31/05/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (114)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/config/uploadicon.phppredictiveÉlevé
2File/admin/del_feedback.phppredictiveÉlevé
3File/cms/category/listpredictiveÉlevé
4File/inquiries/view_inquiry.phppredictiveÉlevé
5File/LoginpredictiveFaible
6File/product/savenewproduct.php?flag=1predictiveÉlevé
7File/searchpredictiveFaible
8File/start_apply.htmpredictiveÉlevé
9File/sysmanage/updatelib.phppredictiveÉlevé
10File/thruk/#cgi-bin/extinfo.cgi?type=2predictiveÉlevé
11File/var/log/nginxpredictiveÉlevé
12Filebooking.phppredictiveMoyen
13Filebrowse-category.phppredictiveÉlevé
14FileBSW_cxttongr.htmpredictiveÉlevé
15Filecat.asppredictiveFaible
16Filexxxxxxxx.xxxpredictiveMoyen
17Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveÉlevé
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
19Filexxxxxxxx.xxxpredictiveMoyen
20Filexxxxxxxxxxx.xxxpredictiveÉlevé
21Filexxxxxxxx.xxxpredictiveMoyen
22Filexxxxx.xxxpredictiveMoyen
23Filexxxxxxxxxxxx.xxxpredictiveÉlevé
24Filexxxx.xxxpredictiveMoyen
25Filexxx_xxxxxxxxxxx.xxxpredictiveÉlevé
26Filexxxx.xxxpredictiveMoyen
27Filexxx/xxxxxx.xxxpredictiveÉlevé
28Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
29Filexxxxx.xxxpredictiveMoyen
30Filexxxxx.xxxpredictiveMoyen
31Filexxxxx.xxx?xx=xxxxxxxxxx&xxxxpredictiveÉlevé
32Filexxxxxxx.xpredictiveMoyen
33Filexxxxxxxxxxx-xxxxxxx-xxxx.xxxx.xxxpredictiveÉlevé
34Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveÉlevé
35Filexxxx.xxxpredictiveMoyen
36Filexxxxx.xxxpredictiveMoyen
37Filexxxxxxx.xxxpredictiveMoyen
38Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveÉlevé
39Filexxx_xxxx.xxxpredictiveMoyen
40Filexxxx_xxxxxxx.xxxpredictiveÉlevé
41Filexxxxx_xxx.xxxpredictiveÉlevé
42Filexxxxx.xxxpredictiveMoyen
43Filexxxxx.xxxpredictiveMoyen
44Filexxxxxxxxxx.xxxpredictiveÉlevé
45Filexxxxxxxx.xxxxpredictiveÉlevé
46Filexxxxxxxx.xxxpredictiveMoyen
47Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveÉlevé
48Filexxxxxxxx_xxxxxx.xxxpredictiveÉlevé
49Filexxxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
50Filexxxxxx.xxpredictiveMoyen
51Filexxxxxxx/xxxxxxxx.xxxpredictiveÉlevé
52Filexxxxx.xxxpredictiveMoyen
53Filexxxxxx.xxxpredictiveMoyen
54Filexxxxxx-xxxxxx.xxxpredictiveÉlevé
55Filexxxx-xxxxxxxx.xxxpredictiveÉlevé
56Filexxxxx_xxxxxx.xxxpredictiveÉlevé
57Filexxxxxx.xxxpredictiveMoyen
58Filexx-xxxxx/xxxxx-xxx.xxx?xxxxxxx-xxxxxxxxpredictiveÉlevé
59Filexxxx.xxpredictiveFaible
60File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveÉlevé
61File~/xxx-xxx-xxxx.xxxpredictiveÉlevé
62Libraryxxxxxxxx.xxxpredictiveMoyen
63Libraryxxxxxx.xxxxx.xxxxxxxpredictiveÉlevé
64Argumentxx_xxxx_xxxxpredictiveMoyen
65ArgumentxxxxxxxpredictiveFaible
66ArgumentxxxxxxxxxpredictiveMoyen
67ArgumentxxxxxxpredictiveFaible
68ArgumentxxxxxxxxpredictiveMoyen
69ArgumentxxxpredictiveFaible
70ArgumentxxxpredictiveFaible
71Argumentxxx/xxxxx_xxxx/xxxxxx_xxxx/xxxxxxx_x/xxxxxxxpredictiveÉlevé
72Argumentxxxxxxx_xxxxxpredictiveÉlevé
73Argumentxxxxxxx/xxxx/xxxxx_xxxxx_xxpredictiveÉlevé
74Argumentx[xxxxx]predictiveMoyen
75ArgumentxxxxxxxpredictiveFaible
76ArgumentxxxxxxxxpredictiveMoyen
77Argumentxxxxxxx=xxxxxxxxpredictiveÉlevé
78Argumentxx_xxxxxpredictiveMoyen
79ArgumentxxxxpredictiveFaible
80ArgumentxxxxxxxxpredictiveMoyen
81Argumentxxxx_xxxxxxpredictiveMoyen
82ArgumentxxxxxxxxxxpredictiveMoyen
83Argumentxxxx/xxxxxxx/xxxxxxxpredictiveÉlevé
84Argumentxxxx_xxpredictiveFaible
85ArgumentxxxxpredictiveFaible
86ArgumentxxpredictiveFaible
87Argumentxx_xxxxxpredictiveMoyen
88ArgumentxxxxxpredictiveFaible
89ArgumentxxxxxxxxpredictiveMoyen
90ArgumentxxxxxpredictiveFaible
91ArgumentxxxxxxxxxxxpredictiveMoyen
92Argumentxxxx-xxx-xxxxxxxxxpredictiveÉlevé
93Argumentxxxxx_xxpredictiveMoyen
94ArgumentxxxxpredictiveFaible
95Argumentxxxx_xxxxxpredictiveMoyen
96Argumentxxxxxxx_xxxpredictiveMoyen
97ArgumentxxxxxxxxpredictiveMoyen
98Argumentxx_xxxxpredictiveFaible
99Argumentxxxxxxx_xxxxpredictiveMoyen
100ArgumentxxxxxxpredictiveFaible
101ArgumentxxxpredictiveFaible
102ArgumentxxxpredictiveFaible
103ArgumentxxxxxxxxpredictiveMoyen
104Argumentxxxxx/xxxpredictiveMoyen
105ArgumentxxxxxxpredictiveFaible
106ArgumentxxxxxxxpredictiveFaible
107ArgumentxxxxxpredictiveFaible
108ArgumentxxxxxpredictiveFaible
109ArgumentxxxxxxpredictiveFaible
110ArgumentxxxpredictiveFaible
111ArgumentxxxpredictiveFaible
112ArgumentxxxxxxxxpredictiveMoyen
113ArgumentxxxpredictiveFaible
114Pattern|xx|predictiveFaible

Références (30)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!