Downeks Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (13)

Sequenza temporale

Linguaggio

en14

Nazione

us8
pw2
ru2
gb2

Attori

APT281
Downeks1
Locky1

Attività

Interesse

Sequenza temporale

Genere

Not Defined10
Mail Server Software2
Programming Language Software2

Fornitore

Not Defined6
Juniper2
Alt-N2
IBM2
ABBYY2

Prodotto

Juniper Web Device Manager2
FUSE2
Alt-N MDaemon2
OpenWrt2
IBM FileNet Workplace XT2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Alt-N MDaemon Worldclient escalazione di privilegi4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
2ABBYY FineReader License Server escalazione di privilegi6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2019-20383
3FileZilla Server PORT escalazione di privilegi4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.09CVE-2015-10003
4FUSE fusermount escalazione di privilegi6.56.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001340.03CVE-2018-10906
5AnyMacro AnyMacro Mail System directory traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001790.02CVE-2011-2468
6IBM FileNet Workplace XT File Upload escalazione di privilegi7.57.5$5k-$25k$0-$5kNot DefinedNot Defined0.008980.03CVE-2016-8921
7phpMyAdmin import.php escalazione di privilegi7.16.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001310.04CVE-2013-4729
8OpenWrt/LEDE uhttpd cgi_handle_request Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000820.02CVE-2018-19630
9OpenWrt Access Control rpcd escalazione di privilegi7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002300.00CVE-2018-11116
10PunBB profile.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001620.00CVE-2005-1051
11Juniper Web Device Manager Authentication autenticazione debole9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.04
12PHP FastCGI Process Manager php-fpm.conf.in escalazione di privilegi5.95.2$25k-$100k$0-$5kUnprovenOfficial Fix0.000450.00CVE-2014-0185
13phpMyAdmin server_privileges.lib.php cross site scripting6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.003060.00CVE-2016-2560

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
1185.141.25.68Downeks23/12/2020verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/etc/config/rpcdpredictiveAlto
2Filecgi-bin/predictiveMedia
3Filexxxxxx.xxxpredictiveMedia
4Filexxx-xxx.xxxx.xxpredictiveAlto
5Filexxxxxxx.xxxpredictiveMedia
6Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxx.xxx.xxxpredictiveAlto
7ArgumentxxxxxxxxxxxxxpredictiveAlto
8ArgumentxxpredictiveBasso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!