CryptoPHP Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Linguaggio

de	38
en	22
pl	4
fr	4

Nazione

us	36
pl	18
ru	4
fr	2

Attori

CryptoPHP	4
APT37	1
Grizzly Steppe	1

Interesse

Genere

Not Defined	22
Programming Language Software	4
Database Administration Software	4
Content Management System	4
E-Commerce Management Software	2

Fornitore

Not Defined	14
SourceCodester	6
Siemens	4
RDM	4
PHP Scripts Mall	2

Prodotto

SourceCodester Online Tours & Travels Management S ...	6
Siemens EN100 Ethernet Module	4
RDM Intuitive 650 TDB Controller	4
phpMyAdmin	4
PHP	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	CTI	EPSS	CVE
1	RDM Intuitive 650 TDB Controller Password escalazione di privilegi	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00206	CVE-2016-4505
2	Siemens EN100 Ethernet Module Web Server Memory rivelazione di un 'informazione	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00516	CVE-2016-4785
3	Siemens EN100 Ethernet Module Web Server rivelazione di un 'informazione	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00516	CVE-2016-4784
4	RDM Intuitive 650 TDB Controller cross site request forgery	6.1	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00069	CVE-2016-4506
5	Tiki Admin Password tiki-login.php autenticazione debole	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	4.75	0.00936	CVE-2020-15906
6	Winn Winn GuestBook addPost cross site scripting	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.02	0.00336	CVE-2011-5026
7	TikiWiki tiki-register.php escalazione di privilegi	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	6.87	0.01009	CVE-2006-6168
8	PrestaShop blocklayered-ajax.php cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00290	CVE-2015-1175
9	PHP _php_stream_scandir buffer overflow	9.0	8.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.05	0.21380	CVE-2012-2688
10	GoAutoDial GoAdmin CE go_login.php sql injection	7.3	7.0	$0-$5k	Calcolo	High	Official Fix	0.00	0.01806	CVE-2015-2843
11	PHP crypt buffer overflow	10.0	9.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02	0.01182	CVE-2011-3268
12	PHP cgi_main.c escalazione di privilegi	7.3	6.6	$25k-$100k	$0-$5k	High	Official Fix	0.00	0.97363	CVE-2012-1823
13	phpMyAdmin setup.php escalazione di privilegi	4.8	4.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.10058	CVE-2010-3055
14	SourceCodester Online Tours & Travels Management System s.php sql injection	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00126	CVE-2023-0561
15	SourceCodester Online Tours & Travels Management System practice_pdf.php sql injection	5.5	5.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00126	CVE-2023-0560
16	PHPGurukul Bank Locker Management System Login index.php sql injection	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.02218	CVE-2023-0562
17	PHPGurukul Bank Locker Management System Assign Locker add-locker-form.php cross site scripting	3.9	3.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00249	CVE-2023-0563
18	SourceCodester Online Tours & Travels Management System booking_report.php sql injection	4.7	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.06	0.00078	CVE-2023-0531
19	SourceCodester Online Tours & Travels Management System expense_report.php sql injection	4.7	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00078	CVE-2023-0533
20	SourceCodester Online Tours & Travels Management System disapprove_user.php sql injection	4.7	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00078	CVE-2023-0532

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Identified	Genere	Fiducia
1	50.17.195.149	ec2-50-17-195-149.compute-1.amazonaws.com	CryptoPHP	31/05/2021	verified	Media
2	78.138.118.195		CryptoPHP	31/05/2021	verified	Alto
3	78.138.118.196		CryptoPHP	31/05/2021	verified	Alto
4	78.138.118.197		CryptoPHP	31/05/2021	verified	Alto
5	78.138.118.198		CryptoPHP	31/05/2021	verified	Alto
6	78.138.118.199		CryptoPHP	31/05/2021	verified	Alto
7	78.138.118.200		CryptoPHP	31/05/2021	verified	Alto
8	78.138.118.201		CryptoPHP	31/05/2021	verified	Alto
9	78.138.118.202		CryptoPHP	31/05/2021	verified	Alto
10	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
11	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
12	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
13	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
14	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
15	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
16	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
17	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
18	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
19	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
20	XX.XXX.XXX.XX		Xxxxxxxxx	31/05/2021	verified	Alto
21	XX.XXX.XXX.XX		Xxxxxxxxx	31/05/2021	verified	Alto
22	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
23	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
24	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
25	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
26	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
27	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
28	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
29	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
30	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
31	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
32	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
33	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
34	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
35	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
36	XX.XXX.XXX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
37	XXX.XXX.XXX.XX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
38	XXX.XXX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
39	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
40	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
41	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
42	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
43	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
44	XXX.X.XXX.XXX	xxx-x-xxx-xxx.xxxxxx.xx	Xxxxxxxxx	31/05/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1059	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CWE-79	Cross Site Scripting	predictive	Alto
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/mics/j_spring_security_check	predictive	Alto
2	File	/user/s.php	predictive	Media
3	File	add-locker-form.php	predictive	Alto
4	File	admin/booking_report.php	predictive	Alto
5	File	admin/disapprove_user.php	predictive	Alto
6	File	xxxxx/xxxxxxx_xxxxxx.xxx	predictive	Alto
7	File	xxxxx/xxxxxxxx_xxx.xxx	predictive	Alto
8	File	xxxxxxxxxxxx-xxxx.xxx	predictive	Alto
9	File	xxxxxxxx/xxxxxx.xxx	predictive	Alto
10	File	xxxxxxxxxxx.xxx	predictive	Alto
11	File	xx_xxxxx.xxx	predictive	Media
12	File	xxxxxx/xxxxx/xxxx_xxxxx.xxx	predictive	Alto
13	File	xxxxxxxx/xxxxxxx.xxx	predictive	Alto
14	File	xxxxx.xxx	predictive	Media
15	File	xxxxxxxxx/xxxxxx.xxx	predictive	Alto
16	File	xxxxxx.xxx	predictive	Media
17	File	xxxx/xxx/xxx_xxxx.x	predictive	Alto
18	File	xxxxx.xxx	predictive	Media
19	File	xxxxxxxx-xxxx.xxx	predictive	Alto
20	File	xxxx-xxxxx.xxx	predictive	Alto
21	File	xxxx-xxxxxxxx.xxx	predictive	Alto
22	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Alto
23	Argument	$_xxxxxx['xxxxx_xxxxxx']	predictive	Alto
24	Argument	xxxxxx	predictive	Basso
25	Argument	xxxxx	predictive	Basso
26	Argument	xxxx_xxxx	predictive	Media
27	Argument	xx	predictive	Basso
28	Argument	x_xxxxxxxx	predictive	Media
29	Argument	xxxxxxx_xxxxx_xxxxxx	predictive	Alto
30	Argument	xxxx	predictive	Basso
31	Argument	xxxxxxxx	predictive	Media
32	Argument	xxxx	predictive	Basso
33	Argument	xxxxxxxx	predictive	Media
34	Argument	xx_xxxx	predictive	Basso
35	Argument	xxx	predictive	Basso
36	Argument	xxxxxxxx	predictive	Media
37	Argument	xxxx_xxxx/xxxx_xxxx	predictive	Alto
38	Input Value	-x	predictive	Basso
39	Network Port	xxx/xx (xxxxxx)	predictive	Alto
40	Network Port	xxx/xx (xxx xxxxxxxx)	predictive	Alto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!