TeleBots Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (159)

Chronologie

Langue

en120
de18
es8
it6
fr4

De campagne

us56
ch46
nl10
ro6
it6

Acteurs

TeleBots4
RTM1
APT101
APT281
Bandook1

Activités

Intérêt

Chronologie

Taper

Not Defined54
Content Management System16
Web Server10
Forum Software8
Programming Language Software6

Fournisseur

Not Defined50
Apache10
GNU8
SourceCodester4
Huawei4

Produit

Apache HTTP Server10
WordPress4
Huawei SXXXX4
NVIDIA Windows GPU Display Driver4
ProFTPD4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1Backdoor.Win32.Tiny.c Service Port 7778 elévation de privilèges7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.040.00000
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3Linux Kernel NILFS File System inode.c security_inode_alloc buffer overflow8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2022-2978
4Crow HTTP Pipelining buffer overflow8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00416CVE-2022-38667
5mySCADA myPRO elévation de privilèges9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00105CVE-2022-2234
6GNU Bash Environment Variable variables.c Shellshock elévation de privilèges9.89.3$100k et plus$0-$5kHighOfficial Fix0.090.97564CVE-2014-6271
7Microsoft Visual Studio XML External Entity6.35.5$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000.00000
8ProFTPD mod_copy elévation de privilèges8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.94462CVE-2019-12815
9OpenSSH Authentication Username divulgation de l'information5.34.8$5k-$25k$0-$5kHighOfficial Fix0.040.10737CVE-2016-6210
10Zeus Zeus Web Server buffer overflow10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.11877CVE-2010-0359
11WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611
12Git Plugin Build elévation de privilèges6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.050.01156CVE-2022-36883
13FreeBSD Ping pr_pack buffer overflow7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00043CVE-2022-23093
14Red Hat OpenShift server_priv.pem elévation de privilèges4.54.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00042CVE-2013-4281
15Linux Kernel NTFS3 Subsystem Privilege Escalation7.07.0$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00042CVE-2022-3238
16SQLite ALTER TABLE buffer overflow8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00221CVE-2020-35527
17md2roff Markdown File buffer overflow7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00208CVE-2022-41220
18Nissan/Kia/Hyundai Vehicle Remote Keyless Entry RollBack authentification faible6.46.4$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.020.00333CVE-2022-37418
19Citrix Gateway Plug-in elévation de privilèges8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2022-21827
20Splunk Enterprise Command-Line Interface authentification faible6.26.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00178CVE-2022-32156

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • Ukraine

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
15.39.218.152TeleBotsUkraine27/03/2022verifiedÉlevé
246.28.200.132hosted-by.solarcom.chTeleBotsUkraine27/03/2022verifiedÉlevé
3XX.XXX.XXX.XXXxxxxxxxxxxx.xxxXxxxxxxx31/05/2021verifiedÉlevé
4XX.XXX.XX.XXXxxxxxxxXxxxxxx27/03/2022verifiedÉlevé
5XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxx31/05/2021verifiedÉlevé
6XX.XXX.XX.Xxxxxxx-x.xx.xxx.xx.xxxxxx.xxxXxxxxxxx31/05/2021verifiedÉlevé
7XXX.XX.XXX.XXxx-xxxxxx-xxx-xx-xxx-xx.xxxxxx.xxXxxxxxxxXxxxxxx27/03/2022verifiedÉlevé
8XXX.XX.XX.Xxxxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxXxxxxxx27/03/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1059CWE-94Argument InjectionpredictiveÉlevé
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
4T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveÉlevé
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
10TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveÉlevé
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXX.XXXCWE-XXXXxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveÉlevé
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (121)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File.htaccesspredictiveMoyen
2File/cgi-bin/supervisor/PwdGrp.cgipredictiveÉlevé
3File/CMD_SELECT_USERSpredictiveÉlevé
4File/configs/application.inipredictiveÉlevé
5File/dashboard/updatelogo.phppredictiveÉlevé
6File/etc/openshift/server_priv.pempredictiveÉlevé
7File/index.phppredictiveMoyen
8File/mkshop/Men/profile.phppredictiveÉlevé
9File/Noxen-master/users.phppredictiveÉlevé
10File/phppath/phppredictiveMoyen
11File/uncpath/predictiveMoyen
12Fileadmin-ajax.phppredictiveÉlevé
13Fileadmin/google_search_console/class-gsc-table.phppredictiveÉlevé
14Fileadmin/menus/edit.phppredictiveÉlevé
15Filealbum_portal.phppredictiveÉlevé
16Filexxxx/xxx/xxxxxx/xxxxx-xxxxx_xxxx.xpredictiveÉlevé
17Filexxxxxxxx.xxxpredictiveMoyen
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
19Filexxxx\xx_xx.xxxpredictiveÉlevé
20Filexxxxxxx.xxxpredictiveMoyen
21Filexx.xpredictiveFaible
22Filexxxxx.xxxpredictiveMoyen
23FilexxxxxxxxxxxxxxxxxxxpredictiveÉlevé
24Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
25Filexxxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveÉlevé
26Filexxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
27Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictiveÉlevé
28Filexxxxx.xxxpredictiveMoyen
29Filexxxxx.xpredictiveFaible
30Filexxxxxxxxxx.xxxpredictiveÉlevé
31Filexxxx_xxxx.xxxpredictiveÉlevé
32Filexxxxxx.xpredictiveMoyen
33Filexx.xxxpredictiveFaible
34Filexxxx.xxxpredictiveMoyen
35Filexxxxx/x/xxx/xxxx.xxxpredictiveÉlevé
36Filexxxxxxxx.xxxxx.xxxpredictiveÉlevé
37Filexxxx.xxxpredictiveMoyen
38Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
39Filexxxxxxxxxxxxxx.xxxpredictiveÉlevé
40Filexxxxxxx_xxxx.xxxpredictiveÉlevé
41Filexxxxxxx.xxxpredictiveMoyen
42Filexxxxx_xxxxxxx.xxxpredictiveÉlevé
43Filexxxxxx.xxxpredictiveMoyen
44Filexxxxxx.xxxpredictiveMoyen
45Filexxx/xxx_xxxpredictiveMoyen
46Filexxxx.xxxpredictiveMoyen
47Filexxxxxx.xpredictiveMoyen
48Filexxxx.xxxpredictiveMoyen
49Filexxxx_xxxx.xxxpredictiveÉlevé
50Filexxxxxxxxxxxxxxxx.xxpredictiveÉlevé
51Filexxxxxx-xxxxx-xxxxxx.xxxpredictiveÉlevé
52Filexxxxxxxx/xxxpredictiveMoyen
53Filexxxxxx.xxxpredictiveMoyen
54Filexxxxxx.xxxpredictiveMoyen
55Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveÉlevé
56Filexxxxxxxxx.xpredictiveMoyen
57Filexxxxxxx.xxxpredictiveMoyen
58Filexxxxxxx.xxxpredictiveMoyen
59Filexxxx_xxx.xxxpredictiveMoyen
60Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveÉlevé
61Filexx-xxxxxxx.xxxpredictiveÉlevé
62Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxpredictiveÉlevé
63Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
64Filexx-xxxxxxxx/xxxx.xxxpredictiveÉlevé
65Filexx-xxxxxxxx.xxxpredictiveÉlevé
66Filexxxxxxxxxxxx.xxxpredictiveÉlevé
67Libraryxxx.xxxpredictiveFaible
68Libraryxxxxxxxx.xxxpredictiveMoyen
69ArgumentxxxxpredictiveFaible
70ArgumentxxxxxxxxxpredictiveMoyen
71Argumentxxxx_xxxpredictiveMoyen
72ArgumentxxxpredictiveFaible
73Argumentxxxx_xxpredictiveFaible
74ArgumentxxxxxpredictiveFaible
75ArgumentxxxpredictiveFaible
76Argumentxxxx_xxpredictiveFaible
77ArgumentxxxxxxxpredictiveFaible
78ArgumentxxxxxxxxxxxpredictiveMoyen
79ArgumentxxxxxxpredictiveFaible
80Argumentxxxxxx_xxxx_xxxxxxxxpredictiveÉlevé
81ArgumentxxxxxxxxpredictiveMoyen
82Argumentxxx_xxxx/xxx_xxxxxxxpredictiveÉlevé
83ArgumentxxxxxxxxxxxpredictiveMoyen
84Argumentxxxx/xxxx_xxpredictiveMoyen
85ArgumentxxxxxxxxxpredictiveMoyen
86Argumentxxxx_xxxxxxxpredictiveMoyen
87ArgumentxxpredictiveFaible
88ArgumentxxxxxxxxxxpredictiveMoyen
89ArgumentxxxpredictiveFaible
90ArgumentxxxxpredictiveFaible
91ArgumentxxxxxxxxpredictiveMoyen
92Argumentxxxxxxxxxxxxx_xxpredictiveÉlevé
93Argumentxxx_xxpredictiveFaible
94ArgumentxxxxxxpredictiveFaible
95ArgumentxxxxxxpredictiveFaible
96Argumentxxxxxx_xxxxpredictiveMoyen
97ArgumentxxxxxxxxpredictiveMoyen
98Argumentxxxxx_xxxx_xxxxpredictiveÉlevé
99ArgumentxxxxxxxxxpredictiveMoyen
100ArgumentxxxxxxxxxpredictiveMoyen
101ArgumentxxxxxxxxxpredictiveMoyen
102Argumentxxxxxxxx_xxpredictiveMoyen
103Argumentxxxxxxx_xxpredictiveMoyen
104ArgumentxxxxxxpredictiveFaible
105ArgumentxxxxxxxpredictiveFaible
106ArgumentxxxxxxpredictiveFaible
107ArgumentxxxxxxpredictiveFaible
108ArgumentxxxxxxxxxpredictiveMoyen
109Argumentxxxxx_xxpredictiveMoyen
110Argumentxxxx_xxpredictiveFaible
111Argumentxxxx_xxxxxpredictiveMoyen
112Argumentx_xxxpredictiveFaible
113Argumentx-xxxx-xxxxxpredictiveMoyen
114Argumentxxxxx/xxxxxpredictiveMoyen
115Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveÉlevé
116Input Value..predictiveFaible
117Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveÉlevé
118Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveÉlevé
119Input Valuexxx_xxx_xxxx_xxxx'"><xxxxxx>xxxxx(/xxxxx.xx/)</xxxxxx>predictiveÉlevé
120Pattern() {predictiveFaible
121Network Portxxx/xxxxpredictiveMoyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!