TA428 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (150)

Chronologie

Langue

en120
zh20
ko4
fr2
ar2

De campagne

cn50
us48
ir2
fr2

Acteurs

TA4287
RedLine Stealer1
Cobalt Strike1
Mirai1
TA5051

Activités

Intérêt

Chronologie

Taper

Not Defined48
Content Management System12
Programming Language Software6
WordPress Plugin6
Router Operating System6

Fournisseur

Not Defined58
Microsoft16
Google10
Qualcomm4
GNU4

Produit

Microsoft Windows6
Google Chrome4
Microsoft IIS4
CMS Made Simple4
Qualcomm Snapdragon Auto4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25kCalculateurHighWorkaround0.020160.02CVE-2007-1192
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.15CVE-2017-0055
3Sir GNUboard sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2014-2339
4Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.08CVE-2006-6339
5WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
6Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001920.05CVE-2014-2120
7Microsoft Windows Registry Password divulgation de l'information3.73.6$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
8Brocade Fabric OS CLI Local Privilege Escalation7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-33182
9WordPress Password Reset wp-login.php mail elévation de privilèges6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.028270.00CVE-2017-8295
10PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.02CVE-2022-24663
11Microsoft Windows ICMP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.028180.04CVE-2023-23415
12Microsoft Windows Win32k Local Privilege Escalation7.87.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.001590.04CVE-2023-29336
13Google WebP libwebp buffer overflow7.57.4$5k-$25k$0-$5kHighOfficial Fix0.680010.05CVE-2023-4863
14RARLabs WinRAR ZIP Archive Remote Code Execution6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.443730.05CVE-2023-38831
15SourceCodester Doctors Appointment System login.php sql injection7.47.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.05CVE-2023-4219
16Microsoft Excel Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.001130.00CVE-2023-33158
17Microsoft Visual Studio vulnérabilité inconnue5.14.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000780.00CVE-2023-28299
18Microsoft Office Local Privilege Escalation7.06.4$0-$5k$0-$5kUnprovenOfficial Fix0.004110.02CVE-2023-33146
19Th3-822 Rapidleech zip.php zip_go cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.09CVE-2021-4312
20Google Chrome Blink elévation de privilèges6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001310.00CVE-2022-3315

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
15.180.174.10TA42816/08/2022verifiedÉlevé
245.63.27.16245.63.27.162.vultrusercontent.comTA42816/08/2022verifiedÉlevé
3XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx16/02/2024verifiedÉlevé
4XX.XXX.XXX.XXXXxxxx16/08/2022verifiedÉlevé
5XX.XX.XXX.XXXxxx-xxxxxxxx.xxx.xxx.xxxXxxxx16/08/2022verifiedÉlevé
6XX.XXX.XXX.XXxxxxxxxxxx.xxXxxxx16/02/2024verifiedÉlevé
7XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx16/02/2024verifiedÉlevé
8XXX.XXX.XXX.XXXxxxxxxxxx.xxxxx.xxxXxxxx16/08/2022verifiedÉlevé
9XXX.XXX.XX.XXxxx-xxx-xx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxx16/02/2024verifiedÉlevé
10XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx16/08/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CAPEC-126CWE-22Path TraversalpredictiveÉlevé
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CAPEC-242CWE-94Argument InjectionpredictiveÉlevé
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
12TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
14TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveÉlevé
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveÉlevé
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
18TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/+CSCOE+/logon.htmlpredictiveÉlevé
2File/api/adduserspredictiveÉlevé
3File/debug/pprofpredictiveMoyen
4File/forum/away.phppredictiveÉlevé
5File/uncpath/predictiveMoyen
6Fileadclick.phppredictiveMoyen
7Fileadmin.cgi?action=%spredictiveÉlevé
8Filexxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveÉlevé
9Filexxxxx.xxxpredictiveMoyen
10Filexxxxxxxx.xxxpredictiveMoyen
11Filexxxxx/xxxxxxx.xxxpredictiveÉlevé
12Filexxxxxxx/xxxxxxx/xxx.xxxpredictiveÉlevé
13Filexxxxxx.xxxpredictiveMoyen
14Filexxxxxxxxxxx/xxxxxx/xxx.xxxpredictiveÉlevé
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
16Filexxxxxx.xxxpredictiveMoyen
17Filexxxx_xxx.xxxpredictiveMoyen
18Filexxx/xxxxxx.xxxpredictiveÉlevé
19Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
20Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveÉlevé
21Filexxxxxxxxxxx/xx_xxxx.xpredictiveÉlevé
22Filexxx\xxxxxxx\xxxxxxxx\xxxxx.xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
23Filexxxxx.xxxpredictiveMoyen
24Filexxx_xxxxxx_xxxxxx.xxpredictiveÉlevé
25Filexxxxxx/xxxxxxxxxxx.xxx?xxxx=xx&x=xxxxxxxpredictiveÉlevé
26Filexxx/xxxxx_xxxx.xpredictiveÉlevé
27Filexxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
28Filexxxxxxxxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
29Filexxxxxxxx_xxxx.xxxpredictiveÉlevé
30Filexxxxxxx.xxx/xxxxx.xxxpredictiveÉlevé
31Filexxxxxxxxxxx.xxxpredictiveÉlevé
32Filexxxxx.xxxpredictiveMoyen
33Filexxxxxxxxxxxxxxx.xxxpredictiveÉlevé
34Filexxx/xxx/xxx_xxxx/xxxx.xpredictiveÉlevé
35Filexxx/xxxxxxx.xpredictiveÉlevé
36Filexxxxxxxxxx.xxxpredictiveÉlevé
37Filexxxxxxxxxx.xxxxpredictiveÉlevé
38Filexx-xxxxx-xxxxxx.xxxpredictiveÉlevé
39Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
40Filexx-xxxxx.xxxpredictiveMoyen
41Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveÉlevé
42Libraryxxx_xxxx.xxxpredictiveMoyen
43Libraryxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
44ArgumentxxxxxxxpredictiveFaible
45ArgumentxxxxxxxxpredictiveMoyen
46Argumentxxxxx_xxxxpredictiveMoyen
47Argumentxxxxx_xxxx/xx_xxxxx_xxxxx_xx/xx_xxxxx_xxxxx_xxxxx_xxxx_xxxx/xxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxx_xxxxxpredictiveÉlevé
48ArgumentxxxxxxxpredictiveFaible
49ArgumentxxxxxxxxxxxxpredictiveMoyen
50Argumentxxxx_xxxpredictiveMoyen
51ArgumentxxxxpredictiveFaible
52ArgumentxxxxpredictiveFaible
53ArgumentxxpredictiveFaible
54ArgumentxxxxxpredictiveFaible
55Argumentxxxxxxx_xxxxpredictiveMoyen
56ArgumentxxxxxxpredictiveFaible
57ArgumentxxxxpredictiveFaible
58ArgumentxxxxxxxxxpredictiveMoyen
59Argumentxxxx->xxxxxxxpredictiveÉlevé
60Input Value..predictiveFaible
61Input Value/../predictiveFaible

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!