Satori Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (180)

Chronologie

Langue

en166
es12
ru2

De campagne

us100
ru28
es10
se6
io6

Acteurs

Satori6
FIN74
Ostap3
FIN63
Satori / Okiru3

Activités

Intérêt

Chronologie

Taper

Not Defined66
Content Management System12
Router Operating System8
Web Browser8
Web Server6

Fournisseur

Not Defined56
Cisco12
Oracle10
Google6
Apache4

Produit

Cisco Registered Envelope Service6
phpMyAdmin4
Google Chrome4
LimeSurvey2
OpenSSH2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.71CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25kCalculateurHighWorkaround0.020160.00CVE-2007-1192
3Online Book Store admin_add.php elévation de privilèges6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.035330.00CVE-2020-19113
4Campcodes Online Thesis Archiving System manage_user.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001460.00CVE-2023-2149
5GFI Kerio Control Login Page DOM-Based cross site scripting6.16.0$0-$5k$0-$5kFunctionalNot Defined0.002000.04CVE-2019-16414
6OpenSSH Authentication Username divulgation de l'information5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.18CVE-2016-6210
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.12CVE-2017-0055
8Progress MOVEit Automation Web Admin Application cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004350.02CVE-2020-12677
9phpMyAdmin grab_globals.lib.php directory traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023340.15CVE-2005-3299
10Redis redis-cli buffer overflow7.16.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005840.05CVE-2018-12326
11Wazzum Wazzum Dating Software profile_view.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2009-0293
12LimeSurvey File Upload directory traversal7.16.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002850.02CVE-2018-1000659
13Apache HTTP Server ap_some_auth_required elévation de privilèges3.73.2$25k-$100k$0-$5kUnprovenOfficial Fix0.005220.00CVE-2015-3185
14Synacor Zimbra Collaboration XML External Entity8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.00CVE-2016-9924
15Samba Shared Library is_known_pipename SambaCry elévation de privilèges9.89.6$25k-$100k$0-$5kHighOfficial Fix0.972640.07CVE-2017-7494
16Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.38
17CodeAstro Vehicle Booking System User Registration usr-register.php cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.18CVE-2024-0345
18MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.68CVE-2007-0354
19MikroTik RouterOS Winbox/HTTP Interface elévation de privilèges7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000550.09CVE-2023-30799
20Oracle WebLogic Server jQuery cross site scripting6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.006600.02CVE-2015-9251

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • CVE-2014-8361 / CVE 2017-17215

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
195.211.123.69Satori12/02/2022verifiedÉlevé
295.215.62.169169-62-215-95.cust.briod.netSatori11/02/2022verifiedÉlevé
3123.207.251.95Satori11/02/2022verifiedÉlevé
4XXX.XXX.XXX.XXXXxxxxx12/02/2022verifiedÉlevé
5XXX.XX.XX.XXXXxxxxx12/02/2022verifiedÉlevé
6XXX.XXX.XX.XXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx02/09/2021verifiedÉlevé
7XXX.XXX.XXX.XXXXxxxxx11/02/2022verifiedÉlevé
8XXX.XX.XX.XXXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx02/09/2021verifiedÉlevé
9XXX.XX.XXX.XXXxxxx.xxxxxXxxxxx11/02/2022verifiedÉlevé
10XXX.XXX.XX.XXXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx02/09/2021verifiedÉlevé
11XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx02/09/2021verifiedÉlevé
12XXX.X.XX.XXXXxxxxx12/02/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CAPEC-126CWE-22Path TraversalpredictiveÉlevé
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CAPEC-242CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
10TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
13TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveÉlevé
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
15TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (90)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/user/manage_user.phppredictiveÉlevé
2File/anony/mjpg.cgipredictiveÉlevé
3File/plainpredictiveFaible
4File/public/login.htmpredictiveÉlevé
5File/uncpath/predictiveMoyen
6File/wbms/classes/Master.php?f=delete_clientpredictiveÉlevé
7File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveÉlevé
8Fileadmin_add.phppredictiveÉlevé
9Fileawstats.plpredictiveMoyen
10Filebooks.phppredictiveMoyen
11Filec-client/imap4r1.cpredictiveÉlevé
12Filexxxx/xxxxxx/xxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveÉlevé
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
14Filexxxxx/xxxxxxxx.xxxpredictiveÉlevé
15Filexxxxxxxxx.xxxpredictiveÉlevé
16Filexxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
17Filexxxxx.xxxpredictiveMoyen
18Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
19Filexxxxx_xxx_xxxxx.xxxpredictiveÉlevé
20Filexxxx_xxxxxxx.xxx.xxxpredictiveÉlevé
21Filexxx/xxxxxx.xxxpredictiveÉlevé
22Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
23Filexxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
24Filexxxxx.xxxpredictiveMoyen
25Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictiveÉlevé
26Filexxxx_xxxx.xxxpredictiveÉlevé
27Filexxxxxx/xxxxxx/xxxx.xpredictiveÉlevé
28Filexxxxxxxxx/xxxxxxx.xpredictiveÉlevé
29Filexxxxxxxxx.xxxpredictiveÉlevé
30Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveÉlevé
31Filexxx_xxxxx_xxxxx.xpredictiveÉlevé
32Filexxxxxxxx.xxxxxpredictiveÉlevé
33Filexxxxxxx.xxxpredictiveMoyen
34Filexxxxxxx.xxxpredictiveMoyen
35Filexxxxxxxx.xxxpredictiveMoyen
36Filexxxxxxx_xxxxxxx.xxxpredictiveÉlevé
37Filexxxxxxx_xxxx.xxxpredictiveÉlevé
38Filexxxxx_xxxxxxx.xxxpredictiveÉlevé
39Filexxxxxxxxx.xxxxpredictiveÉlevé
40Filexxxxx.xxxpredictiveMoyen
41Filexxxxx-xxxx.xxxpredictiveÉlevé
42Filexxxxxxxxx.xxxpredictiveÉlevé
43Filexxx/xxx-xxxxxxxx.xxxpredictiveÉlevé
44Filexxxxxxxx/xxxxxx.xxxxxxxxpredictiveÉlevé
45Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveÉlevé
46Filexx-xxxxx.xxxpredictiveMoyen
47Filexxxxxxx.xxxpredictiveMoyen
48Library/xxx/xxxxx/xxxxxxxxx.xxpredictiveÉlevé
49Libraryxxx.xxxpredictiveFaible
50Libraryxxxxx/xxxxxx/xxx/xxxxx/xxxxx.xxxxx_xx.xxxpredictiveÉlevé
51Libraryxxx/xxx/xxxx/predictiveÉlevé
52Libraryxx-xxxxxxx/xxxxxxx/xxxxxx/xxx_xxxx.xxxpredictiveÉlevé
53Argument-xpredictiveFaible
54Argument-xxxxxxxxxxxxxpredictiveÉlevé
55Argument-xpredictiveFaible
56ArgumentxxxxxxxxpredictiveMoyen
57ArgumentxxxxxxpredictiveFaible
58ArgumentxxxpredictiveFaible
59Argumentxxxx_xxpredictiveFaible
60ArgumentxxxxxxxpredictiveFaible
61ArgumentxxxxxxpredictiveFaible
62ArgumentxxxxxxxxxxxpredictiveMoyen
63Argumentxxxxxxxxx_xxxxxx_xxxxpredictiveÉlevé
64ArgumentxxxxpredictiveFaible
65Argumentxxxx_xxxx/xxxx_xxxx/xxxxxxxpredictiveÉlevé
66ArgumentxxxxpredictiveFaible
67ArgumentxxxxxxxxpredictiveMoyen
68ArgumentxxpredictiveFaible
69ArgumentxxxpredictiveFaible
70ArgumentxxxxxxpredictiveFaible
71ArgumentxxxxxxxpredictiveFaible
72ArgumentxxxpredictiveFaible
73ArgumentxxxxxxxxxpredictiveMoyen
74ArgumentxxxxxpredictiveFaible
75ArgumentxxxxpredictiveFaible
76ArgumentxxxxxpredictiveFaible
77ArgumentxxxxpredictiveFaible
78ArgumentxxxxxxxxpredictiveMoyen
79ArgumentxxxxxxxpredictiveFaible
80ArgumentxxxpredictiveFaible
81Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveÉlevé
82Argumentxxxx_xxpredictiveFaible
83ArgumentxxxxxxpredictiveFaible
84Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
85Input Value../predictiveFaible
86Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveÉlevé
87Network Portxxx/xxxpredictiveFaible
88Network Portxxx/xxxxpredictiveMoyen
89Network Portxxx/xxx (xxx)predictiveÉlevé
90Network Portxxx xxxxxx xxxxpredictiveÉlevé

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!