Prometei Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (191)

Langue

en	190
it	2

De campagne

us	190
id	2

Acteurs

Prometei	2
Dridex	1

Intérêt

Taper

Not Defined	40
Content Management System	6
Communications System	4
Forum Software	2
Medical Device Software	2

Fournisseur

Not Defined	20
SourceCodester	6
Sierra Wireless	4
WAVLINK	2
oretnom23	2

Produit

Sierra Wireless AirLink GX400	4
Sierra Wireless AirLink GX440	4
Sierra Wireless AirLink GX450	4
Sierra Wireless AirLink ES450	4
Sierra Wireless AirLink RV50	4

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	2.10
2	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.13	CVE-2008-5928
3	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.04	CVE-2018-6200
4	Vunet VU Web Visitor Analyst redir.asp sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.00119	0.30	CVE-2010-2338
5	Bitrix Site Manager redirect.php elévation de privilèges	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00113	0.03	CVE-2008-2052
6	Openads adclick.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01871	0.26	CVE-2007-2046
7	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.86	CVE-2007-0354
8	GetSimpleCMS index.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00123	0.00	CVE-2019-9915
9	OpenX adclick.php Redirect	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00440	0.56	CVE-2014-2230
10	phpPgAds adclick.php vulnérabilité inconnue	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00317	0.64	CVE-2005-3791
11	DZCP deV!L`z Clanportal config.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.33	CVE-2010-0966
12	Sangoma FreePBX/PBXact restapps Privilege Escalation	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00716	0.00	CVE-2020-10666
13	Issabel PBX Create New Rate cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.03	CVE-2021-34190
14	Issabel PBX cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2021-46558
15	DZCP deV!L`z Clanportal browser.php divulgation de l'information	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.73	CVE-2007-1167
16	My Link Trader out.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
17	WordPress AdServe adclick.php sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.04	CVE-2008-0507
18	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.03	CVE-2015-4134
19	Asterisk PBX SIP Invite res_pjsip_session dénie de service	4.8	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00114	0.00	CVE-2020-28327
20	Tiki Admin Password tiki-login.php authentification faible	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	4.55	CVE-2020-15906

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	23.148.145.237	henhariden.info	Prometei	23/03/2023	verified	Élevé
2	69.84.240.57		Prometei	23/03/2023	verified	Élevé
3	103.40.123.34	ip-34.123.40.jogjaringan.net.id	Prometei	23/03/2023	verified	Élevé
4	XXX.XX.XXX.XX	xx.xxx.xx.xx-xxxx.xxxx	Xxxxxxxx	23/03/2023	verified	Élevé
5	XXX.XXX.XXX.XXX		Xxxxxxxx	23/03/2023	verified	Élevé
6	XXX.XXX.XXX.XXX		Xxxxxxxx	23/03/2023	verified	Élevé
7	XXX.XX.XXX.XX		Xxxxxxxx	23/03/2023	verified	Élevé
8	XXX.XX.XX.XX	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxxx	08/01/2024	verified	Élevé
9	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	23/03/2023	verified	Élevé
10	XXX.XXX.XX.XX	xxxxxx.xxx-xxx-xx-xx.xxxx.xxx	Xxxxxxxx	23/03/2023	verified	Élevé
11	XXX.XXX.XXX.XXX		Xxxxxxxx	23/03/2023	verified	Élevé

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Élevé
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CAPEC-49	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
9	TXXXX.XXX	CAPEC-112	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Élevé

IOA - Indicator of Attack (53)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/admin/inquiries/view_details.php	predictive	Élevé
2	File	/admin/maintenance/view_designation.php	predictive	Élevé
3	File	/cgi-bin/touchlist_sync.cgi	predictive	Élevé
4	File	/forum/away.php	predictive	Élevé
5	File	/LogoStore/search.php	predictive	Élevé
6	File	/mhds/clinic/view_details.php	predictive	Élevé
7	File	/newsDia.php	predictive	Moyen
8	File	/out.php	predictive	Moyen
9	File	/xxxxxxxx-xxxxxxx.xxx	predictive	Élevé
10	File	/xxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Élevé
11	File	xxxxxxx.xxx	predictive	Moyen
12	File	xxxxx/xxxxxx.xxx	predictive	Élevé
13	File	xxxxx/xxxx_xxxxx_xxxx.xxx	predictive	Élevé
14	File	xxxxx/xxxxx.xxx	predictive	Élevé
15	File	xxxxxxxx_xxxxxxxxxxxxxxxxx.xxx	predictive	Élevé
16	File	xxxxx.xxx	predictive	Moyen
17	File	xxxx.xxx	predictive	Moyen
18	File	xxxx.xxx	predictive	Moyen
19	File	xxx/xxxxxx.xxx	predictive	Élevé
20	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Élevé
21	File	xxxxx.xxx?xxxx=xxxxxxx_xxxxx	predictive	Élevé
22	File	xxxxxxx/xxx.xxx	predictive	Élevé
23	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	Élevé
24	File	xxxx.xxx	predictive	Moyen
25	File	xxxxx.xxx	predictive	Moyen
26	File	xxxxx.xxx	predictive	Moyen
27	File	xxxxxxxx.xxx	predictive	Moyen
28	File	xxxxxxxxxx.xxx	predictive	Élevé
29	File	xxxx-xxxxxxxxxx.xxx	predictive	Élevé
30	File	xxxx-xxxxx.xxx	predictive	Élevé
31	File	xxxxx/xxxxxxxx_xxxxxx/xxxxxx_xxxxxxxx_xxxxx.xxx	predictive	Élevé
32	File	xxxxxxx.xxx	predictive	Moyen
33	File	xxxx.xx	predictive	Faible
34	Argument	xxxxxxxx	predictive	Moyen
35	Argument	xxxxxxxx	predictive	Moyen
36	Argument	xxxxx	predictive	Faible
37	Argument	xxx	predictive	Faible
38	Argument	xxxxxxxxxxx	predictive	Moyen
39	Argument	xxxx	predictive	Faible
40	Argument	xxxx	predictive	Faible
41	Argument	xxxx	predictive	Faible
42	Argument	xx	predictive	Faible
43	Argument	xxxxxxxxx	predictive	Moyen
44	Argument	xx	predictive	Faible
45	Argument	xxxx/xxxxxx	predictive	Moyen
46	Argument	xxxxxxxx	predictive	Moyen
47	Argument	xxxxx	predictive	Faible
48	Argument	xxxxxxxx	predictive	Moyen
49	Argument	xxx	predictive	Faible
50	Argument	xxx	predictive	Faible
51	Argument	xxxxxxxx/xxxxxxxx	predictive	Élevé
52	Input Value	xxxx' xxxxx xxx xxxxxx xxxxxx(xxxxxx('xxxxx','xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'),'xxxxx'),xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx-- xxxx&xxxxxx=	predictive	Élevé
53	Pattern	\|xx\|	predictive	Faible

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!