Ruskill Analyse

IOB - Indicator of Behavior (23)

Chronologie

Langue

en20
fr4

De campagne

us18
cn4
gb2

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

Donglify2
Trend Micro Threat Discovery Appliance2
MetInfo2
PHP2
Craft2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1Sophos Anti-Virus RAR Archive rarvm.hpp buffer overflow7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.00000
2Donglify IOCTL buffer overflow8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2021-42994
3Donglify IOCTL buffer overflow7.87.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2021-42996
4Microsoft Windows Desired State Configuration divulgation de l'information5.14.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00043CVE-2022-30148
5Microsoft Windows Access Restriction elévation de privilèges4.44.4$25k-$100k$5k-$25kNot DefinedNot Defined0.000.00057CVE-2011-4434
6BeyondTrust Secure Remote Access Base Software cross site request forgery6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00286CVE-2021-31589
7Craft EXIF Data Location divulgation de l'information5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02064CVE-2019-14280
8MetInfo sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00220CVE-2019-17553
9SAP NetWeaver/ABAP Platform ABAP Server elévation de privilèges7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00104CVE-2020-6296
10E-topbiz Online Store index.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.020.00137CVE-2008-5802
11Alibabaclone Alibaba Clone B2B countrydetails.php sql injection7.36.9$0-$5kCalculateurProof-of-ConceptNot Defined0.020.00112CVE-2010-4849
12OpenSSH X11 Authentication Credential xauth elévation de privilèges6.36.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.02329CVE-2016-3115
13PHP Session Name session.c elévation de privilèges7.57.3$5k-$25kCalculateurNot DefinedOfficial Fix0.000.00577CVE-2016-7125
14Trend Micro Threat Discovery Appliance log_query_dlp.cgi elévation de privilèges8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00334CVE-2016-8590
15CakePHP security.php unserialize elévation de privilèges5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00000
16osTicket file.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00205CVE-2017-14396
17CS-Cart Administration files elévation de privilèges5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.030.00099CVE-2017-15673
18phpMyAdmin db_central_columns.php cross site scripting4.44.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00208CVE-2018-7260
19cmsimple index.php directory traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.06344CVE-2008-2650
20Django Media directory traversal5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.020.00626CVE-2009-2659

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveÉlevé
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/appliance/users?action=editpredictiveÉlevé
2Fileadmin/?n=tags&c=index&a=doSaveTagspredictiveÉlevé
3Filecountrydetails.phppredictiveÉlevé
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
5Filexx_xxxxxxx_xxxxxxx.xxxpredictiveÉlevé
6Filexxx/xxxxxxx/xxxxxxx.xpredictiveÉlevé
7Filexxxx.xxxpredictiveMoyen
8Filexxxxx.xxxpredictiveMoyen
9Filexxx_xxxxx_xxx.xxxpredictiveÉlevé
10Filexxxxx.xxxpredictiveMoyen
11Libraryxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxx/xxxxxxxx.xxxpredictiveÉlevé
12Argumentxxxxx_xxpredictiveMoyen
13Argumentxxx_xxpredictiveFaible
14Argumentxx_xxpredictiveFaible
15ArgumentxxxpredictiveFaible
16ArgumentxxpredictiveFaible

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!