CDRThief Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (10)

Linguaggio

zh	8
en	2

Nazione

cn	10

Attori

CDRThief	3

Interesse

Genere

Programming Language Software	2
Not Defined	2
Connectivity Software	2
Wireless LAN Software	2
Bug Tracking Software	2

Fornitore

Not Defined	6
eEye	2
Atlassian	2

Prodotto

PHP	2
Jitsi Meet	2
OpenSSH	2
eEye Retina WiFi Scanner	2
Atlassian JIRA Server	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	Hotline Connect Server rivelazione di un 'informazione	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00000	0.02
2	ownCloud Server Password Protected Public Links autenticazione debole	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.00	CVE-2021-35948
3	ownCloud user_ldap escalazione di privilegi	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2021-40537
4	Atlassian JIRA Server/Data Center Endpoint web.xml directory traversal	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.91900	0.03	CVE-2021-26086
5	Job and Node Ownership Plugin escalazione di privilegi	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.00	CVE-2022-28151
6	PrinterLogic Web Stack crittografia debole	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06463	0.00	CVE-2021-42635
7	eEye Retina WiFi Scanner buffer overflow	10.0	10.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.12680	0.00	CVE-2009-3859
8	PHP SoapClient query denial of service	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01231	0.00	CVE-2021-21702
9	Jitsi Meet autenticazione debole	8.5	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00196	0.08	CVE-2020-11878
10	OpenSSH Key Exchange Initialization kex_input_kexinit denial of service	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.78351	0.01	CVE-2016-8858

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Identified	Genere	Fiducia
1	34.94.199.142	142.199.94.34.bc.googleusercontent.com	CDRThief	31/05/2021	verified	Media
2	35.236.173.187	187.173.236.35.bc.googleusercontent.com	CDRThief	31/05/2021	verified	Media
3	XXX.XX.XXX.XX		Xxxxxxxx	31/05/2021	verified	Alto
4	XXX.XXX.XXX.XXX		Xxxxxxxx	31/05/2021	verified	Alto
5	XXX.XXX.XXX.XXX		Xxxxxxxx	31/05/2021	verified	Alto
6	XXX.XXX.XX.XXX		Xxxxxxxx	31/05/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
3	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/WEB-INF/web.xml	predictive	Alto
2	File	xxxxxxxx/xxxx_xxxx	predictive	Alto
3	Argument	xxx_xxx	predictive	Basso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!