DePriMon Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (269)

Sequenza temporale

Linguaggio

en244
zh8
es6
de6
fr4

Nazione

us138
cn54
br8
ru8
tr4

Attori

Cobalt Strike13
NetSupportManager RAT11
Raccoon10
RecordBreaker9
SideWinder8

Attività

Interesse

Sequenza temporale

Genere

Not Defined80
Content Management System24
Router Operating System14
Firewall Software12
Operating System12

Fornitore

Not Defined84
Microsoft14
IBM12
Huawei8
Linksys6

Prodotto

WordPress8
Joomla CMS6
Microsoft Windows6
Juniper Junos4
Palo Alto PAN-OS4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.71CVE-2010-0966
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
3Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
4WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
5VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
6OpenSSH Authentication Username rivelazione di un 'informazione5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.23CVE-2016-6210
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
8DeDeCMS list.php sql injection7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.006180.00CVE-2011-5200
9Linksys WRT54GL Web Management Interface SysInfo1.htm rivelazione di un 'informazione4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.03CVE-2024-1406
10Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.04CVE-2019-10232
11Sophos Firewall User Portal/Webadmin autenticazione debole8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.974340.08CVE-2022-1040
12CutePHP CuteNews escalazione di privilegi7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.08CVE-2019-11447
13WordPress Object escalazione di privilegi5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
14Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k et plus$0-$5kProof-of-ConceptOfficial Fix0.070840.04CVE-2022-26923
15QNAP QTS Media Library escalazione di privilegi8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
16Veritas NetBackup pbx_exchange Process escalazione di privilegi8.36.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003560.04CVE-2017-6407
17XenForo escalazione di privilegi8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
18RealNetworks RealServer Port 7070 Service denial of service7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.021160.16CVE-2000-0272
19Microsoft Windows Themes rivelazione di un 'informazione5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.001280.04CVE-2024-21320
20Royal Elementor Addons and Templates Plugin escalazione di privilegi8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.967230.03CVE-2023-5360

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
15.226.168.124124.168.226.5.techserverdns.comDePriMon31/05/2021verifiedAlto
246.151.212.201call3.viber-marketing.netDePriMon31/05/2021verifiedAlto
3XX.XXX.XXX.XXXxxxx-xx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxx31/05/2021verifiedAlto
4XX.XXX.XXX.XXxxxxx.xxxxxxxxxxx.xxxXxxxxxxx31/05/2021verifiedAlto
5XXX.XX.XX.XXxxxxxx.xxxxxxxx.xxx.xxXxxxxxxx31/05/2021verifiedAlto
6XXX.XX.XX.XXXXxxxxxxx31/05/2021verifiedAlto
7XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxx31/05/2021verifiedAlto
8XXX.XXX.XX.XXXXxxxxxxx31/05/2021verifiedAlto
9XXX.X.XXX.XXXXxxxxxxx31/05/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
15TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
16TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (114)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File.htaccesspredictiveMedia
2File/api/RecordingList/DownloadRecord?file=predictiveAlto
3File/apply.cgipredictiveMedia
4File/apply/index.phppredictiveAlto
5File/include/file.phppredictiveAlto
6File/netflow/jspui/editProfile.jsppredictiveAlto
7File/php/ping.phppredictiveAlto
8File/rapi/read_urlpredictiveAlto
9File/scripts/unlock_tasks.phppredictiveAlto
10File/SysInfo1.htmpredictiveAlto
11File/sysinfo_json.cgipredictiveAlto
12File/system/user/modules/mod_users/controller.phppredictiveAlto
13File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveAlto
14Filexxxxx/xxxxxx_xxxxxx_xxxxxxx/xxxxx-xxx-xxxxx.xxxpredictiveAlto
15Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveAlto
16Filexxxxxxx/xxxx.xxxpredictiveAlto
17Filexxx-xxx/xxxxx_xxx_xxxpredictiveAlto
18Filexxxxx/xxxxx/xxxxx_xxxx.xxxpredictiveAlto
19Filexxxxxx/xxx.xpredictiveMedia
20Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
21Filexxxxxxxxx.xxx.xxxpredictiveAlto
22Filexxxxx/xxxxx.xxxpredictiveAlto
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
24Filexxxx_xxxxx.xxxpredictiveAlto
25Filexxxxx.xxxpredictiveMedia
26Filexx/xx-xx.xpredictiveMedia
27Filexxx/xxxx_xxxx.xpredictiveAlto
28Filexxxxxx/xxxxxxxxxxxpredictiveAlto
29Filexxxx_xxxxxx.xpredictiveAlto
30Filexxxx_xxxxxxx.xxx.xxxpredictiveAlto
31Filexxxx/xxxxxxx.xpredictiveAlto
32Filexxx/xxxxxx.xxxpredictiveAlto
33Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
34Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveAlto
35Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveAlto
36Filexxxxxxxx/xxxxxxx.xxxpredictiveAlto
37Filexxxxx.xxxpredictiveMedia
38Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveAlto
39Filexxxxxxxxxx.xxxpredictiveAlto
40Filexxxxxx.xpredictiveMedia
41Filexxxxxxxxxx.xxxpredictiveAlto
42Filexxxxxx_xxxx_xxxxxxx.xxxpredictiveAlto
43Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveAlto
44Filexxxxx.xxxpredictiveMedia
45Filexxxx.xxxpredictiveMedia
46Filexx.xpredictiveBasso
47Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
48Filexxx/xxx.xxxpredictiveMedia
49Filexxx/xxxxxx.xpredictiveMedia
50Filexxx%xx.xxxpredictiveMedia
51Filexxxxxx.xpredictiveMedia
52Filexxxx.xxxpredictiveMedia
53Filexxxxx.xxxpredictiveMedia
54Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveAlto
55Filexxx.xxxpredictiveBasso
56Filexxxxxxxx.xxxpredictiveMedia
57Filexxxx.xxxpredictiveMedia
58Filexxxxx/xxxxx.xxxpredictiveAlto
59Filexxxxx.xxxpredictiveMedia
60Filexxxxxxxx.xxxpredictiveMedia
61Filexxxxxxxxx.xxxpredictiveAlto
62Filexxxxxxxx.xxpredictiveMedia
63FilexxxxxxxxxxpredictiveMedia
64Filexxxxxxx/xxxxx.xxxpredictiveAlto
65Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
66Libraryxxxxx.xxxpredictiveMedia
67Libraryxxxxxxx.xxxpredictiveMedia
68ArgumentxxxxpredictiveBasso
69ArgumentxxxxxxpredictiveBasso
70Argumentxxxxxxx_xxxxpredictiveMedia
71ArgumentxxxxxpredictiveBasso
72Argumentxxxxxx_xxxxpredictiveMedia
73ArgumentxxxxxxxxpredictiveMedia
74ArgumentxxxpredictiveBasso
75ArgumentxxxxxxxxxxxxxxxxxpredictiveAlto
76ArgumentxxxxxpredictiveBasso
77Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveAlto
78Argumentxxxxxx_xxpredictiveMedia
79ArgumentxxxxpredictiveBasso
80ArgumentxxxxxxxxpredictiveMedia
81ArgumentxxxxxxpredictiveBasso
82ArgumentxxxxpredictiveBasso
83ArgumentxxxxxxxxxpredictiveMedia
84ArgumentxxxxpredictiveBasso
85ArgumentxxpredictiveBasso
86Argumentxxxxxxxx[xx]predictiveMedia
87ArgumentxxxpredictiveBasso
88ArgumentxxxxxxxpredictiveBasso
89Argumentxxx_xxxxpredictiveMedia
90ArgumentxxxxxxxxpredictiveMedia
91Argumentxxxxxxx/xxxxxpredictiveAlto
92ArgumentxxxxxxxxxxpredictiveMedia
93Argumentxxxxxx_xxxpredictiveMedia
94Argumentxxxxxxxxx/xxxpredictiveAlto
95Argumentxxxx_xxpredictiveBasso
96Argumentxxxxxxxx_xxxxxxxxpredictiveAlto
97ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
98Argumentxxxx_xxpredictiveBasso
99ArgumentxxxpredictiveBasso
100ArgumentxxxxpredictiveBasso
101ArgumentxxxxxxxxpredictiveMedia
102ArgumentxxxxxxxxpredictiveMedia
103Argumentxxxx/xx/xxxx/xxxpredictiveAlto
104Input Value.%xx.../.%xx.../predictiveAlto
105Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveAlto
106Input Valuexxxxxxx -xxxpredictiveMedia
107Input ValuexxxxxxxxxxpredictiveMedia
108Network PortxxxxpredictiveBasso
109Network PortxxxxpredictiveBasso
110Network Portxxxx xxxxpredictiveMedia
111Network Portxxx/xxxpredictiveBasso
112Network Portxxx/xxxpredictiveBasso
113Network Portxxx/xxxxpredictiveMedia
114Network Portxxx/xxxxpredictiveMedia

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Might our Artificial Intelligence support you?

Check our Alexa App!