Pykspa Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (541)

Chronologie

Langue

es434
en102
fr2
de2
it2

De campagne

es476
us40
cn10
ce8

Acteurs

Pykspa1
Ramnit1

Activités

Intérêt

Chronologie

Taper

Not Defined150
Smartphone Operating System28
Groupware Software20
Web Server18
SCADA Software18

Fournisseur

Not Defined108
Microsoft38
Samsung18
Apple18
Schneider Electric12

Produit

Microsoft Exchange Server16
Samsung Smart Phone16
Microsoft Windows16
Apple iOS10
Apple iPadOS10

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Keycloak Login elévation de privilèges5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.06CVE-2022-2232
2Boa Terminal elévation de privilèges5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.023950.02CVE-2009-4496
3polkit pkexec elévation de privilèges8.88.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.000460.04CVE-2021-4034
4SnakeYAML YAML File Parser buffer overflow5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.003450.05CVE-2022-38752
5Facebook WhatsApp/WhatsApp Business/WhatsApp Desktop Call buffer overflow7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.02CVE-2021-24042
6HPE Arcsight Logger Stored cross site scripting5.05.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000590.00CVE-2019-3485
7Technicolor TC7200.TH2v2 Credentials elévation de privilèges7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.004060.07CVE-2018-20393
8Facebook WhatsApp/WhatsApp Business Video Call buffer overflow7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.003100.00CVE-2020-1909
9EmbedThis HTTP Library/Appweb httpLib.c authCondition authentification faible7.77.5$0-$5k$0-$5kHighOfficial Fix0.009270.04CVE-2018-8715
10Zeus Zeus Web Server buffer overflow10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.158870.02CVE-2010-0359
11SnakeYAML Constructor elévation de privilèges8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.008110.04CVE-2022-1471
12Velneo vClient authentification faible5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001210.00CVE-2021-45035
13Zyxel USG/ZyWALL authentification faible9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.080150.02CVE-2022-0342
14Microsoft Exchange Server Remote Code Execution7.37.0$5k-$25k$0-$5kHighOfficial Fix0.716520.29CVE-2021-26857
15Meta WhatsApp/WhatsApp Business Image Blurring buffer overflow8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002010.00CVE-2021-24041
16Acme Mini HTTPd Terminal elévation de privilèges5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003030.04CVE-2009-4490
17OpenSSL Stitched Ciphersuite d1_pkt.c SSL_shutdown divulgation de l'information5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.008050.00CVE-2019-1559
18Zeus Zeus Web Server Admin Server cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001010.04CVE-2010-0363
19Keycloak Account Lockout dénie de service3.63.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000430.00CVE-2024-1722
20Fortinet FortiOS SSL-VPN buffer overflow9.89.6$25k-$100k$25k-$100kHighOfficial Fix0.018420.04CVE-2024-21762

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
140.255.0.62Pykspa13/06/2021verifiedÉlevé
2XX.XX.XXX.XXxxxxxx.xxxx-xxxxxx.xxXxxxxx13/06/2021verifiedÉlevé
3XXX.XX.XX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx13/06/2021verifiedÉlevé
4XXX.XX.XXX.XXxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxx13/06/2021verifiedÉlevé
5XXX.XXX.XXX.XXXxxxxx13/06/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveÉlevé
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CWE-94, CWE-1321Argument InjectionpredictiveÉlevé
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveÉlevé
10TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
14TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveÉlevé
15TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveÉlevé
16TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
18TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveÉlevé
19TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
20TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
21TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveÉlevé
22TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
23TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
24TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (122)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/.ssh/authorized_keyspredictiveÉlevé
2File//etc/RT2870STA.datpredictiveÉlevé
3File/cgi-bin/luci;stok=/localepredictiveÉlevé
4File/cgi-bin/wapopenpredictiveÉlevé
5File/classes/Users.php?f=savepredictiveÉlevé
6File/HNAP1predictiveFaible
7File/index.phppredictiveMoyen
8File/mgmt/tm/util/bashpredictiveÉlevé
9File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveÉlevé
10File/setSystemAdminpredictiveÉlevé
11File/sp/ListSp.phppredictiveÉlevé
12File/updown/upload.cgipredictiveÉlevé
13File/usr/bin/pkexecpredictiveÉlevé
14File?x=xxxxxxxxx/xxxxxxxx/xxxxxxxxpredictiveÉlevé
15Filexxx.xpredictiveFaible
16Filexxxxx.xpredictiveFaible
17Filexxx/xxxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
18Filexxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
19Filexxx/xxxxxxxxx/xxxxxxx/xxxxxx-xxxxxx.xxxpredictiveÉlevé
20Filexxx/xxxxx/xxxxxxxxx.xxxpredictiveÉlevé
21Filexxx/xxxxxxxx/xxxxxxx_xxxxxx_xxxxxxx.xxpredictiveÉlevé
22Filexxx_xxxxxxxxx.xxxpredictiveÉlevé
23Filexxxx-xxxx.xpredictiveMoyen
24Filexxxx.xxxpredictiveMoyen
25Filexxxxxxxx/xx.xpredictiveÉlevé
26Filexxxxx_xxxxxxxx.xpredictiveÉlevé
27FilexxxxxpredictiveFaible
28Filexxx-xxx/xx_xxxxxx_xxxxxx.xxxpredictiveÉlevé
29Filexxxxxxxxxx.xxxpredictiveÉlevé
30Filexxx/xxxxxxx/xx/xxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
31Filexxxxxx.xxxpredictiveMoyen
32Filex_xxxxxxpredictiveMoyen
33Filexxxxxx_x_x.xxxpredictiveÉlevé
34Filexxxxx.xpredictiveFaible
35Filexxxx_xxx_xxxx.xxxpredictiveÉlevé
36Filexxxxxxxx.xxxpredictiveMoyen
37Filexxxxxxxxxx.xxxpredictiveÉlevé
38Filexxx_xxxxxx.xxxpredictiveÉlevé
39Filexxx/xxxxx.xpredictiveMoyen
40Filexxxx.xpredictiveFaible
41Filexxxx/xxxpredictiveMoyen
42Filexxxx/xxxxxxx.xxxxpredictiveÉlevé
43Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
44Filexxxxx.xxxpredictiveMoyen
45Filexxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxxpredictiveÉlevé
46Filexxxxxxx.xpredictiveMoyen
47Filexxxxxxxxxx/xxxx.xpredictiveÉlevé
48Filexxxx.xxxxpredictiveMoyen
49Filexxxxxxx.xxxpredictiveMoyen
50Filexx_xxxxxxxxxxxxxx.xpredictiveÉlevé
51Filexxxxxxx/xxxx-xxxx/xxxxx/xxxxxxxxxx.xxpredictiveÉlevé
52Filexxxxxxx.xpredictiveMoyen
53Filexxxxxx.xxpredictiveMoyen
54Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
55Filexxxxxxx/xxxxxxxx/xxxxxx-xxxxxx.xpredictiveÉlevé
56Filexxxxx.xpredictiveFaible
57Filexxxxxxxxxxxx.xxxpredictiveÉlevé
58Filexxxxxx.xpredictiveMoyen
59Filexxxx_xxx_xx.xpredictiveÉlevé
60Filexxx.xpredictiveFaible
61Filexxxxxx.xpredictiveMoyen
62Filexxxx-xxxxxx.xpredictiveÉlevé
63Filexxxxxxxxxxxxxxx/xxxxxxxxxxxx.xxxpredictiveÉlevé
64Filexxx/xx_xxx.xpredictiveMoyen
65Filexxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
66Filexxxx.xxxpredictiveMoyen
67Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveÉlevé
68Filexxxx.xxxpredictiveMoyen
69Filexxxxxxx.xxxpredictiveMoyen
70Filexxxxxxxx.xxxpredictiveMoyen
71Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
72Filexxxx/xxxx_xxxxxx.xpredictiveÉlevé
73Library/xxxxxxx/xxxxxxx.xxxpredictiveÉlevé
74Libraryxxxx/xxxxxxx.xpredictiveÉlevé
75LibraryxxxxxxxxxpredictiveMoyen
76Libraryxxxxxxxx.xxxpredictiveMoyen
77Libraryxxxxx.xxxpredictiveMoyen
78Libraryxxxxxxx.xxxpredictiveMoyen
79Argument-xxpredictiveFaible
80ArgumentxxxxxxxpredictiveFaible
81ArgumentxxxxxxxpredictiveFaible
82ArgumentxxxxxxpredictiveFaible
83ArgumentxxxxxxxpredictiveFaible
84ArgumentxxxxxxxpredictiveFaible
85ArgumentxxxxxxxxxxpredictiveMoyen
86Argumentxxxx_xxxpredictiveMoyen
87ArgumentxxxxxxxxxxxpredictiveMoyen
88ArgumentxxxxxxxxxxxpredictiveMoyen
89ArgumentxxxxxxxpredictiveFaible
90Argumentxxxxxx_xxxxxxxxpredictiveÉlevé
91Argumentxxxxxxxxxxx xxxx/xxxxxxxxxxx xxxx/xxxxxxxxxxx xxxx/xxxxxxx/xxxxxxx/xxxxxxx/xxxxxxx/xxxxxx/xxxxxx/xxxxx xx/xxxxxxxxxx x xxx x xxxxxx xxxxxxxx/xxxxxxxxxx xxx xx xxxxxx xxxxxxxx/xxxxxxxxxx xxx+ xx xxxxxx xxxxxxxxpredictiveÉlevé
92ArgumentxxxxxxxxxxpredictiveMoyen
93ArgumentxxpredictiveFaible
94ArgumentxxpredictiveFaible
95Argumentxxx_xxxxpredictiveMoyen
96ArgumentxxxxxpredictiveFaible
97Argumentxxxxxxx_xxx_xxxxxx/xxxxxxxxxx_xxxxxxxxxxpredictiveÉlevé
98ArgumentxxxxxxxxpredictiveMoyen
99ArgumentxxxxxxxxxxxxpredictiveMoyen
100Argumentxxxxxx_xxxxpredictiveMoyen
101Argumentxxxxxxx_xxxxpredictiveMoyen
102Argumentxxxxxx_xxxx_xxxxpredictiveÉlevé
103ArgumentxxxxxxxxxpredictiveMoyen
104ArgumentxxxxpredictiveFaible
105ArgumentxxxxxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
106Argumentxxxx_xxxxxxpredictiveMoyen
107ArgumentxxxxxxxxpredictiveMoyen
108Argumentxxxx_xxxxxx_xxxxpredictiveÉlevé
109ArgumentxxxxxxxxpredictiveMoyen
110Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
111ArgumentxxxxxxxxxxxxpredictiveMoyen
112ArgumentxxxxpredictiveFaible
113ArgumentxxxxxxxxxxxxxpredictiveÉlevé
114ArgumentxxxxxpredictiveFaible
115Argumentx-xxxxxxxxx-xxxpredictiveÉlevé
116Argumentx-xxxx-xxxxxpredictiveMoyen
117Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveÉlevé
118Input Value../..predictiveFaible
119Input Valuexxxx%xx%xxxxx%xx(xxxxxx%xxxxxx%xxxxxx%xx(xxxxxx(xxxxx(x)))xxxx)%xxxxx%xx%xxxxxx%xx=%xxxxxxpredictiveÉlevé
120Network Portxxx/xxxxpredictiveMoyen
121Network Portxxx/xxxxpredictiveMoyen
122Network Portxxx/xxxxxpredictiveMoyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!