XDSpy Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

Chronologie

Langue

en8
es6

De campagne

us6
es6
gb2

Acteurs

XDSpy1

Activités

Intérêt

Chronologie

Taper

Web Server4
Operating System2
Service Management Software2
Software Library2
Not Defined2

Fournisseur

Not Defined6
Oracle2
Apple2
GNU2
Google2

Produit

Oracle iPlanet Web Server2
Apple macOS2
OTRS2
GNU C Library2
Postfix Admin2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1GNU C Library vfprintf Local Privilege Escalation7.87.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01296CVE-2012-0864
2nginx URI String elévation de privilèges6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.95433CVE-2013-4547
3Apache HTTP Server mod_proxy buffer overflow7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.01228CVE-2004-0492
4Postfix Admin functions.inc.php sql injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.030.00253CVE-2014-2655
5Apple macOS iBooks Redirect6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00233CVE-2017-2497
6Apple macOS libarchive elévation de privilèges5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2016-7619
7HPE Aruba ClearPass elévation de privilèges9.28.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.02624CVE-2017-5824
8Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
9DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.650.00943CVE-2010-0966
10Google Chrome OS Format String8.88.4$100k et plus$5k-$25kNot DefinedOfficial Fix0.000.00345CVE-2016-5169
11phpEventMan text.ctrl.php elévation de privilèges7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.14902CVE-2007-0702
12OTRS sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00335CVE-2010-0438
13OTRS StateGetStatesByType sql injection7.37.0$0-$5kCalculateurNot DefinedOfficial Fix0.000.00407CVE-2014-1471
14Oracle iPlanet Web Server Administration Console cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00868CVE-2012-0516

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
162.213.213.17062-213-213-170.ip.stuart.beXDSpy31/05/2021verifiedÉlevé
2XX.XX.XXX.XXxx-xx-xxx-xx.xxxxx.xxxxxxxxxx.xxXxxxx31/05/2021verifiedÉlevé
3XX.XXX.XX.XXxx-xx-xxx-xx.xxxx.xxxxx.xxxXxxxx31/05/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1059CWE-94Argument InjectionpredictiveÉlevé
2T1059.007CWE-80Cross Site ScriptingpredictiveÉlevé
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1Filedata/gbconfiguration.datpredictiveÉlevé
2Filefunctions.inc.phppredictiveÉlevé
3Filexxx/xxxxxx.xxxpredictiveÉlevé
4Filexxxx.xxxx.xxxpredictiveÉlevé
5ArgumentxxxxxxxxpredictiveMoyen
6Argumentxxxxxxx-xxxxxxpredictiveÉlevé
7ArgumentxxxxxpredictiveFaible
8Argumentxxxx_xxxxxpredictiveMoyen
9Patternxxxxxxx-xxxxxx|xx|predictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!