Shamoon 2 Analyse

IOB - Indicator of Behavior (54)

Chronologie

Langue

en46
ru8

De campagne

us44
ru10

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

LibTIFF8
IBM Rational Collaborative Lifecycle Management6
IBM Rational Quality Manager6
IBM Rational Team Concert6
IBM Rational DOORS Next Generation6

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1ClamAV Antivirus AutoIt Module dénie de service7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00063CVE-2023-20212
2Microsoft SharePoint elévation de privilèges6.15.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00471CVE-2017-8569
3Ditty Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00100CVE-2022-0533
4Moxa TN-4900/TN-5900 elévation de privilèges7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-34217
5D-Link DAP-2660 GET Request adv_resource buffer overflow5.55.3$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00082CVE-2023-39749
6TP-LINK TL-WR841N/TL-WR940N/TL-WR941ND WlanSecurityRpm buffer overflow7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00046CVE-2023-39747
7TP-LINK TL-WR841N/TL-WR940N/TL-WR941ND GET Request AccessCtrlAccessRulesRpm buffer overflow5.55.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-39745
8TP-LINK TL-WR1041N V2 GET Request NetworkCfgRpm dénie de service5.55.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-39748
9Private Internet Access elévation de privilèges8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00044CVE-2022-27092
10ASUS RT-AC88U Download Master Title elévation de privilèges5.95.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00073CVE-2020-29655
11Mole Adult Portal Script profile.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.020.00129CVE-2009-4673
124images categories.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00187CVE-2015-7708
134homepages 4images member.php cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.000.00111CVE-2009-2131
14Kentico CMS CMS Administration Dashboard install.aspx elévation de privilèges8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.14830CVE-2017-17736
15FileZilla Server PORT elévation de privilèges4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00052CVE-2015-10003
16Microsoft SharePoint Content elévation de privilèges6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01887CVE-2015-1700
17Microsoft SharePoint Server cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01072CVE-2017-0107
18Microsoft SharePoint Server cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00187CVE-2017-8654
19Microsoft Excel buffer overflow7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.48559CVE-2016-7236
20ownCloud scan.php divulgation de l'information8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00439CVE-2016-1499

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1040CWE-294Authentication Bypass by Capture-replaypredictiveÉlevé
2T1055CWE-74InjectionpredictiveÉlevé
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveÉlevé
5TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/adv_resourcepredictiveÉlevé
2File/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asppredictiveÉlevé
3File/userRpm/AccessCtrlAccessRulesRpmpredictiveÉlevé
4File/userRpm/NetworkCfgRpmpredictiveÉlevé
5File/xxxxxxx/xxxxxxxxxxxxxxxpredictiveÉlevé
6File/xxxxxx/xx/xxxxxxxxxxx.xxxpredictiveÉlevé
7Filexxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
8Filexxxxxxxx.xxxpredictiveMoyen
9Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveÉlevé
10Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveÉlevé
11Filexxxxxx.xxxpredictiveMoyen
12Filexxxxxxx.xxxpredictiveMoyen
13Filexxx.xxx~xxxxxxxxxxxxxx!xxx/xxxxxxxxxpredictiveÉlevé
14Filexxx.xxx~xx~xxxx~xxx~xxxxxxx~xxxxxxxx~xxx/xxxxxxxxxxxpredictiveÉlevé
15Filexxx_xxxxxxxx.xpredictiveÉlevé
16Filexxx_xxxxxxx.xpredictiveÉlevé
17Filexxx_xxxxx.xpredictiveMoyen
18Filexxxxx/xxxxxxxx.xpredictiveÉlevé
19Filexxxxx/xxxxxx.xpredictiveÉlevé
20Filexxxxx/xxxxxxxx.xpredictiveÉlevé
21Argumentxxx_xxxxxxxxxxxpredictiveÉlevé
22ArgumentxxxpredictiveFaible
23ArgumentxxxxxpredictiveFaible
24ArgumentxxxxpredictiveFaible
25ArgumentxxxxxxxxxxxpredictiveMoyen
26ArgumentxxxxxxxxxxxxpredictiveMoyen
27Argumentxxxx_xxxxxxxxpredictiveÉlevé
28Argumentxxxx_xxpredictiveFaible
29Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveÉlevé
30Network Portxxx/xxxxpredictiveMoyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!