Sednit Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (95)

Langue

en	72
es	6
ru	6
de	6
fr	4

De campagne

us	48
ru	10
fr	4
kp	4
gb	4

Acteurs

Grizzly Steppe	5
Cobalt Strike	3
APT28	3
Mirai	2
Zeus	2

Intérêt

Taper

Not Defined	32
Operating System	10
Content Management System	10
Groupware Software	6
Router Operating System	4

Fournisseur

Not Defined	30
Microsoft	8
Cisco	6
Apple	4
D-Link	4

Produit

Host	4
Apple macOS	4
Microsoft Exchange Server	4
Cisco IP Phone 6800	4
Cisco IP Phone 7800	4

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Apple macOS Sudo buffer overflow	6.5	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.97051	0.00	CVE-2021-3156
2	Microsoft IIS FastCGI buffer overflow	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.28264	0.08	CVE-2010-2730
3	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.21	CVE-2017-0055
4	Apache HTTP Server mod_cgid dénie de service	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.24715	0.02	CVE-2014-0231
5	Drupal sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00135	0.00	CVE-2008-2999
6	Nuked-Klan Partenaires module clic.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00134	0.03	CVE-2010-4925
7	Contest Gallery Photos and Files Plugin cross site request forgery	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.04	CVE-2024-24887
8	MariaDB init_expr_cache_tracker buffer overflow	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00095	0.00	CVE-2022-32083
9	TikiWiki tiki-register.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.70	CVE-2006-6168
10	Django Admin Interface debug.py cross site scripting	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00370	0.03	CVE-2016-6186
11	Mendelson OFTP2 Upload Directory directory traversal	4.6	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00090	0.00	CVE-2022-27906
12	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 dénie de service	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00172	0.03	CVE-2023-20079
13	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 elévation de privilèges	9.8	9.7	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00287	0.00	CVE-2023-20078
14	Serendipity exit.php elévation de privilèges	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.30
15	Bitrix Site Manager redirect.php elévation de privilèges	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00113	0.03	CVE-2008-2052
16	OpenBB read.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00250	0.00	CVE-2005-1612
17	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.04	CVE-2015-4134
18	eSyndicat Directory Software suggest-listing.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.21
19	iRZ RUH2 Firmware Patch authentification faible	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00226	0.00	CVE-2016-2309
20	Joomla sql injection	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00142	0.02	CVE-2022-23797

Campagnes (1)

These are the campaigns that can be associated with the actor:

Sednit

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	5.135.183.154	ns3290077.ip-5-135-183.eu	APT28	Sednit	15/12/2020	verified	Élevé
2	31.7.62.103		Sednit		05/03/2022	verified	Élevé
3	XX.XXX.XX.XX		Xxxxx	Xxxxxx	15/12/2020	verified	Élevé
4	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxxx.xxxxxxxxx.xxx	Xxxxx	Xxxxxx	15/12/2020	verified	Élevé
5	XX.XX.XX.X	xxxxxx-xx.xxxxxxxxxxxxxxxx.xxx	Xxxxx	Xxxxxx	15/12/2020	verified	Élevé
6	XX.XXX.XX.XXX		Xxxxx	Xxxxxx	15/12/2020	verified	Élevé
7	XX.XXX.XX.XXX	xxxx.xxxxxxxxxxxxxx.xxx	Xxxxx	Xxxxxx	15/12/2020	verified	Élevé
8	XXX.XX.XXX.XXX		Xxxxx	Xxxxxx	15/12/2020	verified	Élevé
9	XXX.XXX.XXX.XXX	xxxx.xxxxxxxxxxxxx.xxx	Xxxxx	Xxxxxx	15/12/2020	verified	Élevé

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-21, CWE-22	Path Traversal	predictive	Élevé
2	T1059	CWE-94	Argument Injection	predictive	Élevé
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
9	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Élevé
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
11	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (48)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/+CSCOE+/logon.html	predictive	Élevé
2	File	/etc/config/image_sign	predictive	Élevé
3	File	/home/httpd/cgi-bin/cgi.cgi	predictive	Élevé
4	File	/htdocs/web/getcfg.php	predictive	Élevé
5	File	/uncpath/	predictive	Moyen
6	File	admin/admin.shtml	predictive	Élevé
7	File	xxxxx/xxxxxxxx.xxx	predictive	Élevé
8	File	xxxxx/xxxxxxxxx.xxx	predictive	Élevé
9	File	xxxx.xxx	predictive	Moyen
10	File	xxxx.xxx	predictive	Moyen
11	File	xxx/xxxx/xxx/xxxxx_xxxx.x	predictive	Élevé
12	File	xxx/xxxx/xxxx.x	predictive	Élevé
13	File	xxx/xxxxxxxx/xxxx_xxxxx.x	predictive	Élevé
14	File	xxxx.xxx	predictive	Moyen
15	File	xxxxxxxxxxxxxx.xxx	predictive	Élevé
16	File	xxxxx.xxx	predictive	Moyen
17	File	xxxxx.xxx?x=/xxxx/xxxxxxxx	predictive	Élevé
18	File	xxxxxx.x	predictive	Moyen
19	File	xxx/xxxx/xxxx.x	predictive	Élevé
20	File	xxxxx:xxxxxxxxxxx.xx	predictive	Élevé
21	File	xxxx.xxx	predictive	Moyen
22	File	xxxxxxxx.xxx	predictive	Moyen
23	File	xxxxxxxx.xxx	predictive	Moyen
24	File	xx-xxxxxxx.xxx	predictive	Élevé
25	File	xxx.xxx	predictive	Faible
26	File	xxxxxxxxxxx.x	predictive	Élevé
27	File	xxxxxx_xxxxxxxxxx_xxxxxxxx_xxxxxxx_xxxxxxxx.x	predictive	Élevé
28	File	xxxxxxx-xxxxxxx.xxx	predictive	Élevé
29	File	xxxx-xxxxxxxx.xxx	predictive	Élevé
30	File	xxx.xxx	predictive	Faible
31	File	xxxxx/xxxxx.xx	predictive	Élevé
32	File	xxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxx	predictive	Élevé
33	File	xxxxxxx.xxx	predictive	Moyen
34	Argument	xxxx	predictive	Faible
35	Argument	xx	predictive	Faible
36	Argument	xxxxxxxxx	predictive	Moyen
37	Argument	xxxxxxxx	predictive	Moyen
38	Argument	xxxxxx/xxxxx	predictive	Moyen
39	Argument	xxx	predictive	Faible
40	Argument	xxx	predictive	Faible
41	Argument	xxxxxxx	predictive	Faible
42	Argument	xxx	predictive	Faible
43	Argument	xxxxx	predictive	Faible
44	Argument	xxx	predictive	Faible
45	Argument	xxxx_xxxxxxxxx/xxxx_xxxxxxxx	predictive	Élevé
46	Argument	x=/	predictive	Faible
47	Input Value	xxxxxx/**/xxxx.	predictive	Élevé
48	Input Value	…/.	predictive	Faible

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!