Avos Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

Sequenza temporale

Linguaggio

en46
fr14
es4
de2

Nazione

fr14
us4
es4
de2

Attori

AvosLocker1
Tofsee1
Amadey1
RedLine Stealer1
RedLine1

Attività

Interesse

Sequenza temporale

Genere

Not Defined24
Content Management System4
Customer Relationship Management System2

Fornitore

Not Defined14
HP4
IW2
Huawei2
ORY2

Prodotto

Hydra4
HP SAN4
HP iQ4
Intern Record System2
Small CRM2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1HP SAN/iQ hydra.exe escalazione di privilegi4.33.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002770.00CVE-2012-4362
2Hydra HTTP Header read.c process_header_end denial of service6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001170.02CVE-2019-17502
3IW Guestbook badwords_edit.asp sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4Hydra autenticazione debole5.65.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2020-5300
5OmniSecure AddUrlShield index.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
6ORY Hydra error Reflected cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2019-8400
7PHPGurukul Hospital Management System dashboard.php escalazione di privilegi5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.006610.02CVE-2020-35745
8HP SAN/iQ Login hydra.exe buffer overflow10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.466430.00CVE-2011-4157
9HP LeftHand Virtual SAN Appliance hydra buffer overflow10.09.5$25k-$100k$0-$5kHighOfficial Fix0.776220.00CVE-2013-2343
10Coinsoft Technologies phpCOIN db.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.076060.00CVE-2005-4211
11Coinsoft Technologies phpCOIN db.php directory traversal5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.038770.02CVE-2005-4212
12Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07
13Small CRM cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2023-44075
14Intern Record System controller.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2022-40348
15Sitekit CMS registration-form.html cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
16Microsoft Windows Backup Service Privilege Escalation7.77.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003890.04CVE-2023-21752
17SunHater KCFinder upload.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001310.00CVE-2019-14315
18Canto Cumulus login escalazione di privilegi8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.002830.02CVE-2022-40305
19IW Guestbook messages_edit.asp sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
20CKEditor Clipboard Package escalazione di privilegi6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001630.03CVE-2021-32809

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
145.136.230.191Avos29/07/2022verifiedAlto
2XXX.XXX.XXX.XXXXxxx29/07/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveAlto
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-0CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/cwc/loginpredictiveMedia
2File/intern/controller.phppredictiveAlto
3File/iwguestbook/admin/badwords_edit.asppredictiveAlto
4File/iwguestbook/admin/messages_edit.asppredictiveAlto
5Filexxxxx/xxxxxxxxx.xxxpredictiveAlto
6Filexxxxx.xxxpredictiveMedia
7Filexxxx_xxxxxxxx/xx.xxxpredictiveAlto
8Filexxxxx.xxxpredictiveMedia
9Filexxxxx.xxxpredictiveMedia
10Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveAlto
11Filexxxxxx/xxxxxxxxx/xxxxxpredictiveAlto
12Filexxxx.xpredictiveBasso
13Filexxxxxxxxxxxx-xxxx.xxxxpredictiveAlto
14Filexxxxxx.xxxpredictiveMedia
15Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveAlto
16ArgumentxxxxxxxpredictiveBasso
17ArgumentxxxxxxpredictiveBasso
18ArgumentxxxxxxxxxxxxxxxpredictiveAlto
19ArgumentxxxxxxxxxpredictiveMedia
20Argumentxxxxxxx-xxxxxxpredictiveAlto
21Argumentxxxxx_xxxxpredictiveMedia
22Argumentxxxxxx$xxxxxpredictiveMedia
23ArgumentxxpredictiveBasso
24ArgumentxxxxxpredictiveBasso
25Argumentxxxx/xxxxxpredictiveMedia
26Argumentxxxx_xxpredictiveBasso
27ArgumentxxxxxxpredictiveBasso
28Argument_xxxx[_xxx_xxxx_xxxxpredictiveAlto
29Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!