Xpiro Analyse

IOB - Indicator of Behavior (85)

Chronologie

Langue

en76
es2
zh2
ru2
fr2

De campagne

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

Apache InLong2
Poppler2
Merchandise Online Store2
Google Chrome2
Sangoma Asterisk2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1ThemeIsle Orbit Fox Plugin cross site scripting4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00045CVE-2024-1323
2IBM PowerSC elévation de privilèges6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00073CVE-2023-50940
3Embed Calendly Plugin Shortcode cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00045CVE-2023-4995
4Tracker Software PDF-XChange Editor U3D File Parser divulgation de l'information6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000CVE-2023-42058
5Mozilla Firefox XLL Add-In File elévation de privilèges4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00055CVE-2023-4581
6PHP Jabbers Yacht Listing Script Password Recovery divulgation de l'information6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00091CVE-2023-40761
7OpenRapid RapidCMS run-movepass.php elévation de privilèges7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.060.00063CVE-2023-4448
8Chamilo SVG File fileUpload.lib.php elévation de privilèges7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00088CVE-2023-34944
9Apache InLong elévation de privilèges6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00125CVE-2023-31206
10Nokia NetAct Configuration Dashboard Page XML External Entity6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00069CVE-2023-26057
11Google Android PowerVR Kernel Driver PVRSRVBridgeRGXTDMSubmitTransfer buffer overflow6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2021-0879
12Oracle MySQL Server Packaging divulgation de l'information7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00092CVE-2022-43551
13Mikrobi Babel redirect.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00215CVE-2019-1010290
14Nextcloud App Password Protection authentification faible4.14.0$0-$5kCalculateurNot DefinedOfficial Fix0.000.00053CVE-2023-28647
15Google Android unwinding.cc UnwindingWorker buffer overflow5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2023-21018
16OTCMS apiRun.php AutoRun cross site scripting4.44.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00060CVE-2023-1635
17Google Android buffer overflow5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2023-21042
18SourceCodester Alphaware Simple E-Commerce System Payment summary.php elévation de privilèges6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00200CVE-2023-0998
19ThingsBoard authentification faible8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00337CVE-2023-26462
20Microsoft Dynamics 365 cross site scripting5.44.9$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00052CVE-2023-21573

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
13.217.206.46ec2-3-217-206-46.compute-1.amazonaws.comXpiro13/08/2022verifiedMoyen
23.223.115.185ec2-3-223-115-185.compute-1.amazonaws.comXpiro06/11/2021verifiedMoyen
313.107.42.23Xpiro18/07/2021verifiedÉlevé
420.36.252.129Xpiro08/01/2022verifiedÉlevé
520.42.73.29Xpiro13/02/2022verifiedÉlevé
620.189.173.20Xpiro13/02/2022verifiedÉlevé
7XX.XXX.XXX.XXXxxxx13/02/2022verifiedÉlevé
8XX.XXX.XX.XXxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxx13/02/2022verifiedMoyen
9XX.XX.XX.XXXXxxxx06/11/2021verifiedÉlevé
10XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx13/02/2022verifiedÉlevé
11XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx13/02/2022verifiedÉlevé
12XX.XXX.XXX.XXXXxxxx13/02/2022verifiedÉlevé
13XX.XXX.XXX.XXXXxxxx13/02/2022verifiedÉlevé
14XX.XX.XX.XXXxxxxxxxxx.xxx.xxxxxxx.xxXxxxx24/10/2021verifiedÉlevé
15XX.XX.XXX.XXxxxx.xxxxxxxxx.xxxXxxxx24/10/2021verifiedÉlevé
16XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx13/02/2022verifiedÉlevé
17XX.XXX.XXX.XXXXxxxx24/10/2021verifiedÉlevé
18XX.XXX.XXX.XXxxxx.xxxxxxxxxx.xxxXxxxx13/02/2022verifiedÉlevé
19XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx13/02/2022verifiedÉlevé
20XXX.XX.XX.XXXxxxx08/01/2022verifiedÉlevé
21XXX.XX.XX.XXXxxxx08/01/2022verifiedÉlevé
22XXX.XXX.XX.XXXxxxx13/02/2022verifiedÉlevé
23XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx13/08/2022verifiedMoyen
24XXX.XX.XX.XXXxxxx13/02/2022verifiedÉlevé
25XXX.XX.XX.XXXxxxx13/02/2022verifiedÉlevé
26XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx06/05/2022verifiedÉlevé
27XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxx13/02/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXX.XXXCWE-XXXXxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/alphaware/summary.phppredictiveÉlevé
2File/LoginAdminpredictiveMoyen
3File/vloggers_merch/classes/Master.php?f=delete_inventorypredictiveÉlevé
4Fileadmin/run-movepass.phppredictiveÉlevé
5Filexxxxxx.xxxpredictiveMoyen
6Filexxxxxxx/xxx/xxx-xxxx.xpredictiveÉlevé
7Filexxxxxx.xxpredictiveMoyen
8Filexxx/xxxxx.xxxxpredictiveÉlevé
9Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
10Filexxxxxxxx.xxxpredictiveMoyen
11Filexxx_xxxx.xpredictiveMoyen
12Filexxxxxx-xxxxxxx.xxxpredictiveÉlevé
13Filexxxxxxx.xxxpredictiveMoyen
14Filexxxxxxxxx.xxpredictiveMoyen
15Filexxxxxxxxx/xxx/xxx.xpredictiveÉlevé
16Filexxxx.xxpredictiveFaible
17Filexxxxxxxxxxxx.xxxpredictiveÉlevé
18Library/xxxxxxxxxx.xxx.xxxpredictiveÉlevé
19ArgumentxxxxxxpredictiveFaible
20Argumentxxx_xxxxxx_xxxx_xxx_xxxxxx_xxxx/xxx_xxxxxx_xxxx_xxx_xxxxxx_xxxxxpredictiveÉlevé
21ArgumentxxxxpredictiveFaible
22ArgumentxxxxxxpredictiveFaible
23ArgumentxxxxpredictiveFaible
24Argumentxxxxxxxx/xxxxxxxxxpredictiveÉlevé
25Argumentxxxxxxx_xxxxxxxpredictiveÉlevé
26Argumentxx_xxxxpredictiveFaible
27Argumentxxx_xxxxxxx_xxxxxxxx/xxx_xxxxxxx_xxxxxxxxpredictiveÉlevé
28ArgumentxxxpredictiveFaible
29ArgumentxxxxxxxxpredictiveMoyen
30Input Value::$xxxxx_xxxxxxxxxxpredictiveÉlevé
31Pattern|xx|predictiveFaible
32Network Portxxx xxxxxx xxxxpredictiveÉlevé

Références (8)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!