Retefe Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (233)

Chronologie

Langue

en174
ru26
sv20
pl4
zh4

De campagne

ru92
us88
cn10
me8
ca4

Acteurs

Retefe8
RedLine Stealer5
TrickBot4
Locky2
Tofsee1

Activités

Intérêt

Chronologie

Taper

Not Defined74
Web Server12
Content Management System12
Firewall Software10
Operating System8

Fournisseur

Not Defined64
Microsoft10
Apache10
SourceCodester6
IBM4

Produit

Apache HTTP Server6
SourceCodester Online Computer and Laptop Store6
Microsoft IIS4
WordPress4
Linux Kernel4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.230.00108CVE-2009-4935
3Htmly Blog Post cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00149CVE-2022-25022
4Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.110.00000
5WordPress Private Post divulgation de l'information4.94.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00065CVE-2021-39203
6HP Router/Switch SNMP divulgation de l'information3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00285CVE-2012-3268
7Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.040.00209CVE-2009-2441
8nginx elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.310.00241CVE-2020-12440
9Apache Struts ExceptionDelegator elévation de privilèges8.88.4$5k-$25kCalculateurHighOfficial Fix0.020.36440CVE-2012-0391
10Apache HTTP Server ap_get_basic_auth_pw authentification faible8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01399CVE-2017-3167
11Schneider Electric Vijeo Designer directory traversal5.55.3$0-$5kCalculateurNot DefinedOfficial Fix0.000.00246CVE-2021-22704
12Tiki Admin Password tiki-login.php authentification faible8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix4.010.00936CVE-2020-15906
13vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.150.00141CVE-2018-6200
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.800.01302CVE-2007-0354
15Hscripts PHP File Browser Script index.php directory traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00153CVE-2018-16549
16Microsoft IIS IP/Domain Restriction elévation de privilèges6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.040.00817CVE-2014-4078
17ISC BIND DS Record resume_dslookup dénie de service7.57.0$5k-$25k$0-$5kFunctionalOfficial Fix0.000.00097CVE-2022-0667
18Django Template Language divulgation de l'information3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00127CVE-2021-45116
19Video Downloader for TikTok Plugin elévation de privilèges5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00222CVE-2020-24142
20Microsoft Windows Win32k Privilege Escalation8.37.7$100k et plus$0-$5kFunctionalOfficial Fix0.000.00148CVE-2021-40449

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
15.45.68.98Retefe09/11/2021verifiedÉlevé
25.45.70.63Retefe09/11/2021verifiedÉlevé
35.196.200.228a228.porelune.comRetefe09/11/2021verifiedÉlevé
4X.XXX.XXX.XXXxxxx.xxxxxxxx.xxxXxxxxx09/11/2021verifiedÉlevé
5XX.X.XXX.XXxxxxxx.xxxxxxx.xxxXxxxxx09/11/2021verifiedÉlevé
6XX.XXX.XXX.XXxxxxxxxxx.xxxxXxxxxx09/11/2021verifiedÉlevé
7XX.XXX.XXX.XXXXxxxxx09/11/2021verifiedÉlevé
8XXX.XXX.XX.XXXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx09/11/2021verifiedÉlevé
9XXX.XXX.XX.XXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx09/11/2021verifiedÉlevé
10XXX.X.XXX.XXXxxxxx09/11/2021verifiedÉlevé
11XXX.XX.XX.XXxxxxxxxxx.xxXxxxxx09/11/2021verifiedÉlevé
12XXX.XX.XX.XXXxxxxxxxx.xxxxxxx.xxXxxxxx09/11/2021verifiedÉlevé
13XXX.XX.XX.XXXxxxxx-xxxxxxx.xxxXxxxxx09/11/2021verifiedÉlevé
14XXX.XX.XX.XXXxxxx.xxXxxxxx09/11/2021verifiedÉlevé
15XXX.XX.XX.XXXxxx-xxxxxx.xxxxxx-xx-xxxxx.xxxXxxxxx09/11/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94, CWE-1321Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
10TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/config.php?display=disa&view=formpredictiveÉlevé
2File/api/baskets/{name}predictiveÉlevé
3File/cgi-bin/wlogin.cgipredictiveÉlevé
4File/index.phppredictiveMoyen
5File/members/view_member.phppredictiveÉlevé
6File/mhds/clinic/view_details.phppredictiveÉlevé
7File/owa/auth/logon.aspxpredictiveÉlevé
8File/product.phppredictiveMoyen
9File/rest/api/latest/projectvalidate/keypredictiveÉlevé
10File/SSOPOST/metaAlias/%realm%/idpv2predictiveÉlevé
11File/uncpath/predictiveMoyen
12Fileadclick.phppredictiveMoyen
13Fileadmin.jcomments.phppredictiveÉlevé
14Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictiveÉlevé
15Filexxx/xxx.xxxpredictiveMoyen
16Filexxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxx/xxxx/xxxx_xxxxxxxx/xxxxxx.xxpredictiveÉlevé
17Filexxxxxx.xxxpredictiveMoyen
18Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveÉlevé
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
20Filexx.xxxpredictiveFaible
21Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveÉlevé
22Filexxxxx.xxxpredictiveMoyen
23Filexxxxxxx.xxxpredictiveMoyen
24Filexxx/xxxx/xxxx.xpredictiveÉlevé
25Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
26Filexxxx.xxxpredictiveMoyen
27Filexxxxxxx.xxxxxx.xxxpredictiveÉlevé
28Filexxxxx.xxxxpredictiveMoyen
29Filexxx/xxxxxx.xxxpredictiveÉlevé
30Filexxxxx.xxxpredictiveMoyen
31Filexxxxxxxx/xx/xxxx.xxpredictiveÉlevé
32Filexx.xxxpredictiveFaible
33Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveÉlevé
34Filexxxxxxxxxxxx.xxxpredictiveÉlevé
35Filexxxxxxxxxxx.xxxpredictiveÉlevé
36Filexxxxxxxxxx_xxxxxxx.xxxpredictiveÉlevé
37Filexxx/xxxxxpredictiveMoyen
38Filexxx_xxxx.xxxpredictiveMoyen
39Filexxxxx_xxxxxxxx_xxxxx.xxxpredictiveÉlevé
40Filexxxxx_xxxx_xxxxxx.xxxpredictiveÉlevé
41Filexxxxxx_xxxxxxxxxx_xxxxx.xxxpredictiveÉlevé
42Filexxxxxxxx.xxxpredictiveMoyen
43Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveÉlevé
44Filexxxx.xxxpredictiveMoyen
45Filexxxxx.xxxpredictiveMoyen
46Filexxxxxxxxxx.xxxpredictiveÉlevé
47Filexxxxxxxx.xxxpredictiveMoyen
48Filexxxx-xxxxx.xxxpredictiveÉlevé
49Filexxx.xpredictiveFaible
50Filexxxxxxxx/xxxxxxxxpredictiveÉlevé
51Filexx-xxxx.xxxpredictiveMoyen
52Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
53Library/_xxx_xxx/xxxxx.xxxpredictiveÉlevé
54Libraryxxxxxx/xxxxxxx/xxx/xxx/xxxxx/xxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
55Libraryxxx/xxxxxx.xpredictiveMoyen
56LibraryxxxxxxxxxpredictiveMoyen
57Argumentxx/xxpredictiveFaible
58Argumentxxxxxxx_xxxxxxpredictiveÉlevé
59Argumentxxx_xxxxpredictiveMoyen
60ArgumentxxxxxxxxpredictiveMoyen
61ArgumentxxxxxxxxxpredictiveMoyen
62ArgumentxxxxxxxpredictiveFaible
63ArgumentxxxxxxxxxxxxxxxxpredictiveÉlevé
64ArgumentxxxxpredictiveFaible
65ArgumentxxxxxxxpredictiveFaible
66ArgumentxxxxxpredictiveFaible
67ArgumentxxxxpredictiveFaible
68Argumentxx_xxpredictiveFaible
69ArgumentxxxxxxpredictiveFaible
70ArgumentxxxxxxpredictiveFaible
71ArgumentxxxxxxpredictiveFaible
72ArgumentxxxxpredictiveFaible
73ArgumentxxxxpredictiveFaible
74ArgumentxxpredictiveFaible
75ArgumentxxxxpredictiveFaible
76ArgumentxxxpredictiveFaible
77ArgumentxxxxpredictiveFaible
78Argumentxxx-xx-xxxxxxxx-xxxxxpredictiveÉlevé
79ArgumentxxxxxxxpredictiveFaible
80ArgumentxxxxxxxxpredictiveMoyen
81ArgumentxxxxpredictiveFaible
82ArgumentxxxxxxxpredictiveFaible
83Argumentxxxxxxx_xxpredictiveMoyen
84ArgumentxxxxxxpredictiveFaible
85ArgumentxxxxxxxxxxxpredictiveMoyen
86ArgumentxxxxxxpredictiveFaible
87Argumentxxx:xxxpredictiveFaible
88ArgumentxxxpredictiveFaible
89Argumentxxxxx/xxxxxxxxxxxpredictiveÉlevé
90ArgumentxxxpredictiveFaible
91ArgumentxxxpredictiveFaible
92ArgumentxxxxxxxxpredictiveMoyen
93Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveÉlevé
94ArgumentxxxxxpredictiveFaible
95Argumentx-xxxxxxxxx-xxxxxxpredictiveÉlevé
96Input Value../predictiveFaible
97Input Valuexxxxxxxxx--><xxxxxx%xx>xxxxx(xxxx)</xxxxxx><!--predictiveÉlevé
98Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveÉlevé
99Input Valuexxxxxxx xxxxx'"()&%<xxx><xxxxxx >xxxxx(xxxx)</xxxxxx>predictiveÉlevé
100Network Portxxx/xxx (xxxx)predictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!