Shiz Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (164)

Chronologie

Langue

en108
de44
zh8
fr2
es2

De campagne

de44
us30
cn8
ir2
vn2

Acteurs

Ramnit10
Chthonic2
Shiz2
Noon1
XLoader1

Activités

Intérêt

Chronologie

Taper

Not Defined82
Router Operating System6
Operating System6
Smartphone Operating System6
Domain Name Software6

Fournisseur

Not Defined42
SourceCodester24
Microsoft6
Google6
OpenCV4

Produit

SourceCodester Online Exam System8
Google Android6
Dnsmasq6
PHP4
OpenCV wechat_qrcode Module4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1D-Link DIR-846 QoS POST elévation de privilèges8.88.5$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000640.07CVE-2023-6580
2SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.05CVE-2023-2642
3SourceCodester Online Internship Management System POST Parameter login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.00CVE-2023-2641
4OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment dénie de service6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.16CVE-2023-2618
5OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment dénie de service5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.07CVE-2023-2617
6SourceCodester Online Reviewer System GET Parameter user-update.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.04CVE-2023-2596
7SourceCodester Billing Management System POST Parameter ajax_service.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.02CVE-2023-2595
8SourceCodester Food Ordering Management System Registration sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.04CVE-2023-2594
9SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000620.02CVE-2023-2565
10jja8 NewBingGoGo cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2023-2560
11External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.05CVE-2017-20183
12SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.03CVE-2023-2619
13PHP-Login POST Parameter class.loginscript.php checkLogin sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000590.12CVE-2016-15031
14Dnsmasq Pending Request elévation de privilèges4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.005360.05CVE-2020-25686
15RRJ Nueva Ecija Engineer Online Portal Quiz add_quiz.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000510.05CVE-2024-0190
16Apache ActiveMQ elévation de privilèges7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001260.00CVE-2022-41678
17D-Link DIR-846 HNAP1 Privilege Escalation8.07.9$5k-$25k$5k-$25kNot DefinedNot Defined0.005770.00CVE-2023-33735
18PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
19DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.42CVE-2010-0966
20Dnsmasq DNSSEC elévation de privilèges7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002840.02CVE-2017-15107

IOC - Indicator of Compromise (36)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
113.107.21.200Shiz06/11/2021verifiedÉlevé
213.107.22.200Shiz06/11/2021verifiedÉlevé
323.56.9.181a23-56-9-181.deploy.static.akamaitechnologies.comShiz06/11/2021verifiedÉlevé
423.253.126.58Shiz06/11/2021verifiedÉlevé
527.86.106.68mx01.au.comShiz11/05/2022verifiedÉlevé
635.229.93.4646.93.229.35.bc.googleusercontent.comShiz14/04/2022verifiedMoyen
735.231.151.77.151.231.35.bc.googleusercontent.comShiz06/11/2021verifiedMoyen
845.33.2.79li956-79.members.linode.comShiz06/11/2021verifiedÉlevé
9XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
10XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
11XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
12XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
13XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxx.xxXxxx06/11/2021verifiedÉlevé
15XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
16XX.XX.XXX.XXXxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
17XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
18XX.XX.XXX.XXXXxxx25/06/2022verifiedÉlevé
19XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
20XXX.XXX.XXX.XXxxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxx06/05/2022verifiedÉlevé
21XXX.XXX.XXX.XXXXxxx06/11/2021verifiedÉlevé
22XXX.XXX.XX.XXXx-xxxx.xx-xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
23XXX.XX.XX.XXXxxx06/11/2021verifiedÉlevé
24XXX.XX.XX.XXXxxx06/11/2021verifiedÉlevé
25XXX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
26XXX.XXX.XXX.XXXXxxx06/05/2022verifiedÉlevé
27XXX.X.XXX.XXxxxxxx.xx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx11/05/2022verifiedÉlevé
28XXX.XX.XXX.XXXxxx06/05/2022verifiedÉlevé
29XXX.XXX.XXX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx20/02/2023verifiedÉlevé
30XXX.XX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx06/11/2021verifiedÉlevé
31XXX.XXX.XX.XXXXxxx14/04/2022verifiedÉlevé
32XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxx14/04/2022verifiedÉlevé
33XXX.XX.XXX.XXXXxxx06/05/2022verifiedÉlevé
34XXX.XX.XXX.XXXxxx06/05/2022verifiedÉlevé
35XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxx06/11/2021verifiedÉlevé
36XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxx14/04/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveÉlevé
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
15TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveÉlevé
16TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveÉlevé
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
19TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
20TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (131)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/.htpasswdpredictiveMoyen
2File/admin/budget/manage_budget.phppredictiveÉlevé
3File/admin/edit_subject.phppredictiveÉlevé
4File/admin/save_teacher.phppredictiveÉlevé
5File/admin/service.phppredictiveÉlevé
6File/api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequestpredictiveÉlevé
7File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveÉlevé
8File/cas/logoutpredictiveMoyen
9File/cgi-bin/nasset.cgipredictiveÉlevé
10File/changeimage.phppredictiveÉlevé
11File/dosen/datapredictiveMoyen
12File/HNAP1predictiveFaible
13File/HNAP1/predictiveFaible
14File/index.php/weblinks-categoriespredictiveÉlevé
15File/jurusan/datapredictiveÉlevé
16File/kelas/datapredictiveMoyen
17File/xxxxxxxxxx/xxxxpredictiveÉlevé
18File/xxx/xxxxx?xxxxx=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&xxxxx=xxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
19File/xxxxxxxxx/xxxxpredictiveÉlevé
20File/xxxx/xxxxx-xx-x/predictiveÉlevé
21File/xxxxxxxxx/xxxxxx.xxxpredictiveÉlevé
22File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictiveÉlevé
23File/xxxx_xxxxx.xxx?xxxxxxxxx=xxxxxxxpredictiveÉlevé
24File/xxxxxxxx-xxxx/xxx_xx/xxxxxx.xxxxpredictiveÉlevé
25File/xxxxxxx/predictiveMoyen
26File/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveÉlevé
27Filexxx_xxxx.xxxpredictiveMoyen
28Filexxxxx/predictiveFaible
29Filexxxxx/?xxxx=xxxxxxxxxx/xxxxxx_xxxxxxxxpredictiveÉlevé
30Filexxxxx/xxxxx.xxxpredictiveÉlevé
31Filexxxxx/xxxxxxxx_xxxxx_xxxx.xxxpredictiveÉlevé
32Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveÉlevé
33Filexxxxx_xxx.xxx?xxxxxx=xxxpredictiveÉlevé
34Filexxxx.xxxpredictiveMoyen
35Filexxxx_xxxxxxx.xxxpredictiveÉlevé
36Filexxxx/xxx/xx.xpredictiveÉlevé
37Filex:\xxxxxxxx.xxxpredictiveÉlevé
38Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveÉlevé
39Filexxx.xpredictiveFaible
40Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxpredictiveÉlevé
41Filexxxxx.xxxpredictiveMoyen
42Filexxxxxxxx.xxxpredictiveMoyen
43Filexxxxxxxxxx_xxxxxx.xxxpredictiveÉlevé
44Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
45Filexxxxxxxx-xxxxx-xxxxxxx-xxxxxx.xxxpredictiveÉlevé
46Filexxxxxxxxxxxx.xxxpredictiveÉlevé
47Filexx_xxxxxxx.xxxpredictiveÉlevé
48Filexxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
49Filexxxxxxxxxx.xxxxx.xxxpredictiveÉlevé
50Filexxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
51Filexxx/xxxxxx.xxxpredictiveÉlevé
52Filexxxxx.xxx?x=xxxxxxxxpredictiveÉlevé
53Filexxxxx/xxxx.xxxpredictiveÉlevé
54Filexxxxxx.xxpredictiveMoyen
55Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictiveÉlevé
56Filexxx_xxxx.xxxpredictiveMoyen
57Filexxxxxx_xxxxxxx.xxxpredictiveÉlevé
58Filexxxxxx.xpredictiveMoyen
59Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveÉlevé
60Filexxxxxxxx.xxxpredictiveMoyen
61Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveÉlevé
62Filexxxxxxx.xpredictiveMoyen
63Filexxxx/xxx/xxx_xxxx.xpredictiveÉlevé
64Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveÉlevé
65Filexxxx_xxxx.xxxpredictiveÉlevé
66Filexxxxxx_xxxx.xxxpredictiveÉlevé
67Filexxxxxxxx.xxxpredictiveMoyen
68Filexxxxx.xxxpredictiveMoyen
69Filexxxxx/xxxx_xxxx.xxxpredictiveÉlevé
70Filexxxx_xxxxxx.xxxpredictiveÉlevé
71Filexxxxxx.xxxpredictiveMoyen
72Filexxxxxxx.xxxxpredictiveMoyen
73Filexxxx.xxpredictiveFaible
74Library/xxxxxxxxxx.xxx.xxxpredictiveÉlevé
75Libraryxxx/xxxxxxxx.xxxpredictiveÉlevé
76Libraryxxxxx.xxxpredictiveMoyen
77Argument$_xxxxxx['xxxxx_xxxxxx']predictiveÉlevé
78Argumentxxxxxxxx_xxxxpredictiveÉlevé
79ArgumentxxxxxxxxpredictiveMoyen
80ArgumentxxxxxxpredictiveFaible
81ArgumentxxxxxxxxpredictiveMoyen
82ArgumentxxxxxxxxxxpredictiveMoyen
83Argumentxx_xxpredictiveFaible
84Argumentxxxxxx_xxpredictiveMoyen
85Argumentxxxx_xxpredictiveFaible
86Argumentxxxxxxx[x][xxxx]predictiveÉlevé
87Argumentxxxxxxxxx_xxxxpredictiveÉlevé
88Argumentxxxx_xxxxxxxxpredictiveÉlevé
89ArgumentxxxxxpredictiveFaible
90Argumentxxxx_xxxxxxx_xxxxpredictiveÉlevé
91ArgumentxxxxxxxxpredictiveMoyen
92ArgumentxxxxxxpredictiveFaible
93Argumentxxxxxxxx/xxxxxxx/xxxxxxxpredictiveÉlevé
94ArgumentxxpredictiveFaible
95ArgumentxxxxxpredictiveFaible
96ArgumentxxxxxxxpredictiveFaible
97ArgumentxxxxxxxxxxpredictiveMoyen
98ArgumentxxxxpredictiveFaible
99ArgumentxxxxxxpredictiveFaible
100ArgumentxxxxxxpredictiveFaible
101Argumentxxx_xxxxxxxxpredictiveMoyen
102ArgumentxxxxpredictiveFaible
103Argumentxxxxxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxxpredictiveÉlevé
104ArgumentxxxxxxxxpredictiveMoyen
105Argumentxxxx xxxxx/xxxx xxxxxxxxxxxpredictiveÉlevé
106ArgumentxxxxxxxpredictiveFaible
107ArgumentxxxxxxxpredictiveFaible
108Argumentxxxx/xxxxpredictiveMoyen
109ArgumentxxxxpredictiveFaible
110Argumentxxxxxxxx_xxxxxxx_xxxxxxx/xxxxxxxx_xxxxxx_xxxxxxxpredictiveÉlevé
111ArgumentxxxxxxpredictiveFaible
112Argumentxxxxxxxxxx_xxxx_xxxxxxxpredictiveÉlevé
113ArgumentxxxpredictiveFaible
114Argumentxxx/xxxxx/xxxxx/xxxxxx/xxxx-xxxxpredictiveÉlevé
115ArgumentxxxxxxxxpredictiveMoyen
116Argumentxxxxxxxx-xxxx-xxpredictiveÉlevé
117Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
118Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
119Argumentxxxx_xxpredictiveFaible
120Input Value-xpredictiveFaible
121Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveÉlevé
122Input ValuexxxxxxpredictiveFaible
123Input Value</xxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveÉlevé
124Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveÉlevé
125Input ValuexxxxxpredictiveFaible
126Input ValuexxxxxxpredictiveFaible
127Input Valuexxxxxxxxxx:xxxxxxxxxpredictiveÉlevé
128Pattern|xx|predictiveFaible
129Network Portxxx/xx (xxx xxxxxxxx)predictiveÉlevé
130Network Portxxx/xxxxxpredictiveMoyen
131Network Portxxx xxxxxx xxxxpredictiveÉlevé

Références (7)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!