Sload Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (454)

Chronologie

Langue

en448
pl2
es2
de2

De campagne

us6
ir2
gb2
de2

Acteurs

Sload4
Baldr1
Nemty1
GandCrab v51
CoinMiner1

Activités

Intérêt

Chronologie

Taper

Not Defined134
Web Browser50
Operating System26
Forum Software24
Smartphone Operating System24

Fournisseur

Not Defined164
Microsoft38
Oracle24
Google24
IBM22

Produit

Google Android20
Mozilla Firefox16
vBulletin12
Microsoft Windows12
Microsoft Edge12

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1TAP Plugin directory traversal7.06.8$0-$5k$0-$5kNot DefinedOfficial Fix0.004060.00CVE-2016-4986
2Moodle Administration Page sql injection7.27.2$5k-$25k$5k-$25kNot DefinedNot Defined0.001510.00CVE-2022-40315
3Oracle BI Publisher BI Publisher Security Local Privilege Escalation7.27.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.945640.01CVE-2019-2616
4Chamilo LMS File Upload lp_upload.php import_package elévation de privilèges8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.007430.00CVE-2019-13082
5Phplinkdirectory PHP Link Directory conf_users_edit.php cross site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
6Apache Kylin Restful API authentification faible4.84.8$5k-$25k$5k-$25kNot DefinedNot Defined0.974210.00CVE-2020-13937
7vBulletin decodeArguments elévation de privilèges7.37.3$0-$5k$0-$5kHighNot Defined0.742370.00CVE-2015-7808
8vBulletin cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.011460.00CVE-2004-1824
9Tapatalk Plugin XMLRPC API unsubscribe_forum.php sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002420.00CVE-2014-2023
10phpBB Perl ucp_pm_options.php message_options cross site request forgery6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003350.02CVE-2015-1432
11vBulletin sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002140.00CVE-2014-5102
12PunBB cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001990.00CVE-2010-0455
13vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.09CVE-2018-6200
14vBulletin Vbulletin Forum Remote Code Execution9.88.5$0-$5k$0-$5kUnprovenOfficial Fix0.006200.00CVE-2012-4328
15phpBB install.php elévation de privilèges5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.006420.03CVE-2002-1707
16PunBB register.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005430.00CVE-2005-0569
17vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.01CVE-2016-6195
18vBulletin XMLRPC API breadcrumbs_create.php sql injection6.36.3$0-$5k$0-$5kHighUnavailable0.001020.02CVE-2014-2022
19vBulletin visitormessage.php elévation de privilèges7.57.4$0-$5k$0-$5kHighUnavailable0.031040.02CVE-2014-9463
20PunBB Password Reset moderate.php elévation de privilèges4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.022830.00CVE-2008-1484

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
12.59.117.6server4.poyrazhosting.comSload06/05/2022verifiedÉlevé
251.77.231.185vps-06fdbf53.vps.ovh.netSload06/05/2022verifiedÉlevé
351.254.205.8484.ip-51-254-205.euSload06/05/2022verifiedÉlevé
4XX.XXX.XXX.XXXXxxxx12/04/2022verifiedÉlevé
5XX.XXX.XXX.XXxxx.xxXxxxx06/05/2022verifiedÉlevé
6XX.XX.XXX.XXXXxxxx12/04/2022verifiedÉlevé
7XXX.XXX.XXX.XXxxxx.xxxx.xxxXxxxx06/05/2022verifiedÉlevé
8XXX.XXX.XXX.XXXXxxxx06/05/2022verifiedÉlevé
9XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx06/05/2022verifiedÉlevé
10XXX.XXX.XX.XXxxx-xx-xxxx.xxxxx.xxxXxxxx12/04/2022verifiedÉlevé
11XXX.XXX.XXX.XXxxxxxxxxxxxxxxxx.xxxxxxxx.xxxXxxxx06/05/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CAPEC-126CWE-22Path TraversalpredictiveÉlevé
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CAPEC-242CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCAPEC-0CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
10TXXXXCAPEC-0CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
13TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
15TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveÉlevé
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
17TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
18TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
19TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (183)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/adminpredictiveFaible
2File/admin/launch_message.phppredictiveÉlevé
3File/admin/send_message.phppredictiveÉlevé
4File/categoriesServletpredictiveÉlevé
5File/category.phppredictiveÉlevé
6File/cgi-bin/login_action.cgipredictiveÉlevé
7File/dev/datum/predictiveMoyen
8File/forms/web_runScriptpredictiveÉlevé
9File/getImagepredictiveMoyen
10File/html/feed.phppredictiveÉlevé
11File/includes/rrdtool.inc.phppredictiveÉlevé
12File/job/(job-name)/apipredictiveÉlevé
13File/multi-vendor-shopping-script/product-list.phppredictiveÉlevé
14File/plugin/extended-choice-parameter/js/predictiveÉlevé
15File/src/basic/fs-util.cpredictiveÉlevé
16File/wfo/control/emp_selector_pupredictiveÉlevé
17Fileadmin/conf_users_edit.phppredictiveÉlevé
18Fileadmin/settings/update/predictiveÉlevé
19Fileadmin/tags.phppredictiveÉlevé
20Fileadministrator.cfcpredictiveÉlevé
21Fileajax/api/hook/decodeArgumentspredictiveÉlevé
22Filexxxxxxxx/xxxxxxxx/xxxx/xxxx.xxpredictiveÉlevé
23Filexx_xxxxxxxxxx.xxxpredictiveÉlevé
24Filexxxxxxx_xxxxxx.xpredictiveÉlevé
25Filexxxxxx_xx.xpredictiveMoyen
26Filexxxxxxxxxxx_xxxxxx.xxxpredictiveÉlevé
27Filexxxx_xxxx.xpredictiveMoyen
28Filexxxxxx/xxx.xpredictiveMoyen
29Filexxxxxx/xxxx.xpredictiveÉlevé
30Filexxxxxxxxxxx/xxxxxx/xxx.xxxpredictiveÉlevé
31Filexxxxxxx.xpredictiveMoyen
32Filexxx/xxxx/xxxxxxx/xx/xxxx.xxxpredictiveÉlevé
33Filexxxxxx/xxxxx.xpredictiveÉlevé
34Filexxxxxx/xx/xxxxx_xxxx.xpredictiveÉlevé
35Filexxx_xx_xxx.xpredictiveMoyen
36Filexxx_xx_xxxxxx.xpredictiveÉlevé
37Filexxx_xxx.xpredictiveMoyen
38Filexxxx-xxxxx/xxxxxxx-xxxxx.xpredictiveÉlevé
39Filexxxxxx.xxxpredictiveMoyen
40Filexxxxxxxxx.xxxpredictiveÉlevé
41Filexxxxxxx/xxx/xxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveÉlevé
42Filexxxxxxx/xxxxxxxxxx/xxx/xxxx/xx_xxxx.xpredictiveÉlevé
43Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxx-xxx-xxxxxxxx.xpredictiveÉlevé
44Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveÉlevé
45Filexxxxxxx/xxx/xxx/xxxxxxx.xpredictiveÉlevé
46Filexxxxxxx/xxxxxxxxx/xxxxxxxxx.xpredictiveÉlevé
47Filexxxxx_xxx_xxxxxx.xpredictiveÉlevé
48Filexx_xxxxxxx.xpredictiveMoyen
49Filexxxxx.xxxpredictiveMoyen
50Filexxx/xxxxxxxx/xxx.xpredictiveÉlevé
51Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveÉlevé
52Filexxx/xxxx/xxxx.xpredictiveÉlevé
53Filexxxxx.xpredictiveFaible
54Filexxxxxxxxxx.xxxpredictiveÉlevé
55Filexxxx.xpredictiveFaible
56Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
57Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
58Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
59Filexxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
60Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveÉlevé
61Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
62Filexx/xxxxxx/xxxxxx.xpredictiveÉlevé
63Filexx/xxxx/xxxxx.xpredictiveÉlevé
64Filexxxxx.xxxpredictiveMoyen
65Filexxxxxx/xxxxxxxxxxxxxxpredictiveÉlevé
66Filexxxxxx.xxxpredictiveMoyen
67Filexxxxx.xxxpredictiveMoyen
68Filexxx/xxxxxxxxx-xxxpredictiveÉlevé
69Filexx/xxxx/xx.xpredictiveMoyen
70Filexx/xxx/xxxxxxxx.xpredictiveÉlevé
71Filexx/xxx/xxx-xxxx.xpredictiveÉlevé
72Filexxxxx.xxxx.xxx_xxxxxxpredictiveÉlevé
73Filexxx/xx/xxxx/xxxxx.xxxxxpredictiveÉlevé
74Filexxxxxxx/xxxxx/xxxx_xxxx.xpredictiveÉlevé
75Filexxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
76Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictiveÉlevé
77Filexxxxxxx.xxxpredictiveMoyen
78Filexxxxxxxxx.xxxpredictiveÉlevé
79Filexxx-xxxx.xpredictiveMoyen
80Filexxxxxx_xxxx.xpredictiveÉlevé
81Filexxx.x/xxxxxx.xpredictiveÉlevé
82Filexxxxxx/xxxxxxxx.xxpredictiveÉlevé
83Filexxxxx.xxxpredictiveMoyen
84Filexxxxxxxx.xxxpredictiveMoyen
85Filexxx_xxxxx_xxxxxx.xxxpredictiveÉlevé
86Filexx_xxxxxx.xxxpredictiveÉlevé
87Filexxxxxx/xxxxxx.xpredictiveÉlevé
88Filexxxxxxxxxx/xx.xpredictiveÉlevé
89Filexxxx.xxxpredictiveMoyen
90Filexxxxxx.xxpredictiveMoyen
91Filexxxxx.xxxpredictiveMoyen
92Filexxxxxxxx.xxxpredictiveMoyen
93Filexxxxxxx/xxxxxx.xpredictiveÉlevé
94Filexxxxxxx.xxxpredictiveMoyen
95Filexxxxxx_xxx.xpredictiveMoyen
96Filexxxxxxxxxxx.xxxpredictiveÉlevé
97Filexxxxxxxx.xxxpredictiveMoyen
98Filexxx.xpredictiveFaible
99Filexxxxxxxxx.xxxpredictiveÉlevé
100Filexxxxxxx.xxxpredictiveMoyen
101Filexxxxxxxxxx.xxxpredictiveÉlevé
102Filexxxxxxxx.xxxpredictiveMoyen
103Filexxxx/xxxx/predictiveMoyen
104Filexxxxxxx.xpredictiveMoyen
105Filexxxxxx.xpredictiveMoyen
106Filexxxxxx.xxxpredictiveMoyen
107Filexxxxxxxxxx.xxxpredictiveÉlevé
108Filexxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xxpredictiveÉlevé
109Filexxxxxxxxxxx_xxxxx.xxxpredictiveÉlevé
110Filexxxxxx.xxxpredictiveMoyen
111Filexxxxxxxxxxxxxx.xxxpredictiveÉlevé
112Filexxxxx_xxxxxxx.xpredictiveÉlevé
113Filexxxxx_xxxxxxxx.xpredictiveÉlevé
114Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxxx.xxxpredictiveÉlevé
115Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
116Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveÉlevé
117Filexx-xxxx.xxxpredictiveMoyen
118Filexxx/xxxxx/xxxxx.xxxpredictiveÉlevé
119Filexx_xxxxxxx.xpredictiveMoyen
120Libraryxxx/xxxxxx.xpredictiveMoyen
121Libraryxxxxxx.xxxpredictiveMoyen
122Libraryxxxxxxxx.xxxpredictiveMoyen
123Libraryxxxxxx.xxxpredictiveMoyen
124Libraryxxx.xxxpredictiveFaible
125Argument-xpredictiveFaible
126Argument/xxx/xxxxxxxxxxx/xxxxxx/xx_xxxxxxxxxx.xxx?xxx=<xxxxx-xxx>/xxxxxxxx=x/xxxxxxxpredictiveÉlevé
127ArgumentxxxxxxxxxpredictiveMoyen
128Argumentxxxxx_xxpredictiveMoyen
129ArgumentxxxxpredictiveFaible
130ArgumentxxxxxxxxxpredictiveMoyen
131Argumentxxxxxxxxxxxx$xxxxxxpredictiveÉlevé
132Argumentxxxx_xxxpredictiveMoyen
133ArgumentxxxxxpredictiveFaible
134ArgumentxxxpredictiveFaible
135ArgumentxxxxxxxxpredictiveMoyen
136Argumentxxx_xxxxpredictiveMoyen
137Argumentxxxx_xxxxpredictiveMoyen
138ArgumentxxpredictiveFaible
139Argumentxx/xxxxpredictiveFaible
140Argumentxxxxxxxx/xxxpredictiveMoyen
141Argumentxx_xxxxxxx_xxxxpredictiveÉlevé
142ArgumentxxxxxxpredictiveFaible
143Argumentxx_xxxxxxxpredictiveMoyen
144ArgumentxxxxxxxxpredictiveMoyen
145ArgumentxxxxxxpredictiveFaible
146ArgumentxxxxpredictiveFaible
147Argumentx_xxx/xxxxpredictiveMoyen
148ArgumentxxxxxxpredictiveFaible
149Argumentxxxx_xxxxpredictiveMoyen
150Argumentxxxxx_xxxx_xxxpredictiveÉlevé
151ArgumentxxxpredictiveFaible
152ArgumentxxpredictiveFaible
153ArgumentxxxxxxxpredictiveFaible
154Argumentx/xxxxxpredictiveFaible
155Argumentxxx.xx.xxx_xxxpredictiveÉlevé
156ArgumentxxxxxxxxxpredictiveMoyen
157ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
158Argumentxxxxxx_xxxxpredictiveMoyen
159Argumentxxxxxx_xxxxxxpredictiveÉlevé
160Argumentxxxxxxxxxx/xxxxxx/xxxxxxxx/xxxxxx_xxxxx/xxxxxx_xxxpredictiveÉlevé
161ArgumentxxxxpredictiveFaible
162ArgumentxxpredictiveFaible
163ArgumentxxxxxxxxxxxxxxxxpredictiveÉlevé
164ArgumentxxxxxpredictiveFaible
165Argumentxxx_xxx_xxxxpredictiveMoyen
166ArgumentxxxxpredictiveFaible
167ArgumentxxpredictiveFaible
168ArgumentxxxxxxxxxxxxpredictiveMoyen
169ArgumentxxxxxpredictiveFaible
170Argumentxxxxx/xxxxxxxxpredictiveÉlevé
171ArgumentxxxxxxpredictiveFaible
172ArgumentxxxpredictiveFaible
173ArgumentxxxpredictiveFaible
174Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
175ArgumentxxxxxpredictiveFaible
176Argumentxxxxx/xxxxxxpredictiveMoyen
177Argumentx/xpredictiveFaible
178Input Value%x[xx]predictiveFaible
179Input Value..\predictiveFaible
180Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictiveÉlevé
181Input ValuexxxxpredictiveFaible
182Network Portxxx/xx (xxx)predictiveMoyen
183Network Portxxx/xx (xxxxxx)predictiveÉlevé

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!