Esfury Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

Sequenza temporale

Linguaggio

en100
de8
fr2

Nazione

us38
de6
ca2
gb2

Attori

Chthonic2
Expiro1
Liberty Front Press1
Esfury1
Razy1

Attività

Interesse

Sequenza temporale

Genere

Not Defined56
Programming Language Software4
Web Server4
Content Management System4
Hospitality Software2

Fornitore

SourceCodester26
Not Defined18
Weaver4
code-projects4
Phplinkdirectory2

Prodotto

SourceCodester Lost and Found Information System6
SourceCodester Online Exam System4
WordPress4
Phplinkdirectory PHP Link Directory2
SourceCodester Multi Language Hotel Management Sof ...2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1TikiWiki tiki-register.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.94CVE-2006-6168
2Phplinkdirectory PHP Link Directory conf_users_edit.php cross site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
3SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.07CVE-2023-2642
4SourceCodester Online Internship Management System POST Parameter login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.03CVE-2023-2641
5OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment denial of service6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.22CVE-2023-2618
6OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment denial of service5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.08CVE-2023-2617
7SourceCodester Online Reviewer System GET Parameter user-update.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.09CVE-2023-2596
8SourceCodester Billing Management System POST Parameter ajax_service.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.05CVE-2023-2595
9SourceCodester Food Ordering Management System Registration sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.05CVE-2023-2594
10SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000620.05CVE-2023-2565
11jja8 NewBingGoGo cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.09CVE-2023-2560
12External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.10CVE-2017-20183
13SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.07CVE-2023-2619
14PHP-Login POST Parameter class.loginscript.php checkLogin sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000590.22CVE-2016-15031
15PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.41CVE-2007-0529
16TikiWiki tiki-index.php directory traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014140.22CVE-2007-5684
17AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.06CVE-2006-3681
18vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.07CVE-2007-6138
19LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.19
20Suricata Rule directory traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.02CVE-2023-35852

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
15.79.71.205Esfury28/04/2022verifiedAlto
25.79.71.225Esfury28/04/2022verifiedAlto
335.229.93.4646.93.229.35.bc.googleusercontent.comEsfury28/04/2022verifiedMedia
4XX.XXX.XXX.Xx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx28/04/2022verifiedMedia
5XX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx28/04/2022verifiedAlto
6XX.XXX.XX.XXxxxxx.xxXxxxxx28/04/2022verifiedAlto
7XX.XXX.XX.XXxxxxx.xxXxxxxx28/04/2022verifiedAlto
8XX.XXX.XX.XXxxxxx.xxXxxxxx28/04/2022verifiedAlto
9XXX.XX.XX.XXXXxxxxx28/04/2022verifiedAlto
10XXX.XX.XX.XXXXxxxxx28/04/2022verifiedAlto
11XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx28/04/2022verifiedAlto
12XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx28/04/2022verifiedAlto
13XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxx28/04/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
4T1068CAPEC-122CWE-264, CWE-269Execution with Unnecessary PrivilegespredictiveAlto
5TXXXX.XXXCAPEC-0CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveAlto
13TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
16TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (111)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/admin/budget/manage_budget.phppredictiveAlto
2File/admin/edit_subject.phppredictiveAlto
3File/admin/save_teacher.phppredictiveAlto
4File/admin/service.phppredictiveAlto
5File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveAlto
6File/cas/logoutpredictiveMedia
7File/changeimage.phppredictiveAlto
8File/dosen/datapredictiveMedia
9File/forum/away.phppredictiveAlto
10File/jurusan/datapredictiveAlto
11File/kelas/datapredictiveMedia
12File/kelasdosen/datapredictiveAlto
13File/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05predictiveAlto
14File/mahasiswa/datapredictiveAlto
15File/xxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveAlto
16File/xxxxxxxxx/xxxxxx.xxxpredictiveAlto
17File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictiveAlto
18File/xxxx_xxxxx.xxx?xxxxxxxxx=xxxxxxxpredictiveAlto
19File/xxxxxxxx-xxxx/xxx_xx/xxxxxx.xxxxpredictiveAlto
20File/xxxxxxx/predictiveMedia
21File/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveAlto
22Filexxxxx/predictiveBasso
23Filexxxxx/?xxxx=xxxxxxxxxx/xxxxxx_xxxxxxxxpredictiveAlto
24Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveAlto
25Filexxxxx/xxxxx.xxxpredictiveAlto
26Filexxxxx/xxxxxxxx_xxxxx_xxxx.xxxpredictiveAlto
27Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveAlto
28Filexxxxx_xxx.xxx?xxxxxx=xxxpredictiveAlto
29Filexxxx.xxxpredictiveMedia
30Filexxxx_xxxxxxx.xxxpredictiveAlto
31Filexxxxxxx.xxpredictiveMedia
32Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveAlto
33Filexxx.xpredictiveBasso
34Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxpredictiveAlto
35Filexxxxx.xxxpredictiveMedia
36Filexxxxxxxx.xxxpredictiveMedia
37Filexxxxxxxxxx_xxxxxx.xxxpredictiveAlto
38Filexxxxxxxx.xxxpredictiveMedia
39Filexxxxxxxxxxxxx.xxxpredictiveAlto
40Filexxxxxxxx-xxxxx-xxxxxxx-xxxxxx.xxxpredictiveAlto
41Filexxxxxxxxxxx.xxxpredictiveAlto
42Filexxxxxxxxxxxx.xxxpredictiveAlto
43Filexx_xxxxxxx.xxxpredictiveAlto
44Filexxxxxxxxxxxxxxxx.xxxpredictiveAlto
45Filexxxxxxxxxx.xxxxx.xxxpredictiveAlto
46Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
47Filexxxxx.xxxxpredictiveMedia
48Filexxxxx/xxxx.xxxpredictiveAlto
49Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictiveAlto
50Filexxxxxx_xxxxxxx.xxxpredictiveAlto
51Filexxxx.xxxxxxxxxx.xxxpredictiveAlto
52Filexxxxxx.xpredictiveMedia
53Filexxxxx-xxxx.xxxpredictiveAlto
54Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveAlto
55Filexxxxx.xxxpredictiveMedia
56Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveAlto
57Filexxxx/xxx/xxx_xxxx.xpredictiveAlto
58Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveAlto
59Filexxxx_xxxx.xxxpredictiveAlto
60Filexxxxxxxx.xxxpredictiveMedia
61Filexxxx-xxxxx.xxxpredictiveAlto
62Filexxxx-xxxxxxxx.xxxpredictiveAlto
63Filexxxxx/xxxx_xxxx.xxxpredictiveAlto
64Filexxxx_xxxxxx.xxxpredictiveAlto
65Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveAlto
66Filexxxxxxx.xxxxpredictiveMedia
67Argument$_xxxxxx['xxxxx_xxxxxx']predictiveAlto
68Argumentxxxxxxxx_xxxxpredictiveAlto
69ArgumentxxxxxxpredictiveBasso
70ArgumentxxxxxxxxpredictiveMedia
71ArgumentxxxxxxxxxxpredictiveMedia
72Argumentxx_xxpredictiveBasso
73Argumentxxxxxx_xxpredictiveMedia
74Argumentxxxx_xxpredictiveBasso
75Argumentxxxxxxx[x][xxxx]predictiveAlto
76Argumentxxxxxxxxx_xxxxpredictiveAlto
77ArgumentxxxxxxpredictiveBasso
78Argumentxxxx_xxxxxxxxpredictiveAlto
79ArgumentxxxxxpredictiveBasso
80ArgumentxxxxxxxxpredictiveMedia
81ArgumentxxxxxxpredictiveBasso
82Argumentxxxxxxxx/xxxxxxx/xxxxxxxpredictiveAlto
83ArgumentxxpredictiveBasso
84Argumentxxx_xxxxxxxxpredictiveMedia
85ArgumentxxxxxpredictiveBasso
86ArgumentxxxxxxxpredictiveBasso
87ArgumentxxxxpredictiveBasso
88ArgumentxxxxxxxxxxpredictiveMedia
89ArgumentxxxxpredictiveBasso
90ArgumentxxxxxxpredictiveBasso
91Argumentxxx_xxxxxxxxpredictiveMedia
92ArgumentxxxxpredictiveBasso
93ArgumentxxxxxxxxpredictiveMedia
94ArgumentxxxxxxxpredictiveBasso
95ArgumentxxxxxxxpredictiveBasso
96Argumentxxxx/xxxxpredictiveMedia
97ArgumentxxxxxxpredictiveBasso
98ArgumentxxxpredictiveBasso
99Argumentxxx/xxxxx/xxxxx/xxxxxx/xxxx-xxxxpredictiveAlto
100ArgumentxxxxxxxxpredictiveMedia
101Argumentxxxxxxxx-xxxx-xxpredictiveAlto
102Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
103ArgumentxxxxxxxxpredictiveMedia
104Argumentxxxx_xxpredictiveBasso
105Input Value-xpredictiveBasso
106Input ValuexxxxxxpredictiveBasso
107Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveAlto
108Input ValuexxxxxpredictiveBasso
109Input ValuexxxxxxpredictiveBasso
110Network Portxxx/xx (xxx xxxxxxxx)predictiveAlto
111Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you know our Splunk app?

Download it now for free!