Expiro Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (248)

Sequenza temporale

Linguaggio

en210
de22
es6
fr4
ru2

Nazione

us110
ru44
de6
fr6
cn4

Attori

Expiro9
Ramnit2
Emotet1
Cobalt Strike1
STTEAM1

Attività

Interesse

Sequenza temporale

Genere

Not Defined72
Content Management System28
Operating System22
Image Processing Software8
Firewall Software8

Fornitore

Not Defined88
Microsoft24
Cisco8
Apache6
Micro Focus4

Prodotto

Microsoft Windows18
WordPress8
Micro Focus VisiBroker4
MediaWiki4
Apache HTTP Server4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1TikiWiki tiki-register.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.94CVE-2006-6168
2Phplinkdirectory PHP Link Directory conf_users_edit.php cross site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
3Python Software Foundation BaseHTTPServer HTTP Request denial of service7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.02
4Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001370.03CVE-2008-4879
5OpenSSH Authentication Username rivelazione di un 'informazione5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.22CVE-2016-6210
6WordPress sql injection7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001750.00CVE-2011-3130
7Apache Tomcat CORS Filter escalazione di privilegi8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.078490.04CVE-2018-8014
8DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.70CVE-2010-0966
9Apache HTTP Server suEXEC Feature .htaccess rivelazione di un 'informazione5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.03
10WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
11Microsoft Office Object Remote Code Execution7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.973390.02CVE-2017-8570
12TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
13Drupal User Module escalazione di privilegi8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002080.00CVE-2016-6211
14Rockwell Automation FactoryTalk Service Platform escalazione di privilegi8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-21915
15PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.41CVE-2007-0529
16TikiWiki tiki-index.php directory traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014140.22CVE-2007-5684
17AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.06CVE-2006-3681
18vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.07CVE-2007-6138
19LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.16
20Suricata Rule directory traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.02CVE-2023-35852

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
15.79.71.205Expiro01/08/2022verifiedAlto
25.79.71.225Expiro01/08/2022verifiedAlto
318.213.250.117ec2-18-213-250-117.compute-1.amazonaws.comExpiro28/04/2022verifiedMedia
418.215.128.143ec2-18-215-128-143.compute-1.amazonaws.comExpiro28/04/2022verifiedMedia
535.205.61.6767.61.205.35.bc.googleusercontent.comExpiro03/06/2023verifiedMedia
635.234.136.1313.136.234.35.bc.googleusercontent.comExpiro01/08/2022verifiedMedia
746.165.220.145Expiro28/04/2022verifiedAlto
8XX.XXX.XXX.XXXXxxxxx28/04/2022verifiedAlto
9XX.XXX.XXX.XXXxxxxx01/08/2022verifiedAlto
10XX.XXX.XXX.XXXxxxxx01/08/2022verifiedAlto
11XX.XXX.XX.XXXXxxxxx03/06/2023verifiedAlto
12XX.X.XXX.XXXxxxxx03/06/2023verifiedAlto
13XX.XXX.XXX.XXXxx-xxx-xxx-xxx-xx.xxx.xxXxxxxx01/08/2022verifiedAlto
14XX.XX.XX.XXXxxxxx01/08/2022verifiedAlto
15XX.XX.XX.XXXXxxxxx01/08/2022verifiedAlto
16XX.XXX.XXX.XXXXxxxxx28/04/2022verifiedAlto
17XX.XXX.XXX.XXXxxxxx03/06/2023verifiedAlto
18XX.XXX.XXX.XXXXxxxxx28/04/2022verifiedAlto
19XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx03/06/2023verifiedAlto
20XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx03/06/2023verifiedAlto
21XXX.XX.XX.XXXxxxxx01/08/2022verifiedAlto
22XXX.XXX.XX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx01/08/2022verifiedAlto
23XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxx28/04/2022verifiedAlto
24XXX.XXX.XXX.XXXxxxxxxx.xxx.xxxx.xxxXxxxxx03/06/2023verifiedAlto
25XXX.XXX.XXX.XXXxxxxxxx.xxx.xxxx.xxxXxxxxx01/08/2022verifiedAlto
26XXX.XXX.XXX.XXXXxxxxx01/08/2022verifiedAlto
27XXX.XXX.XXX.XXXXxxxxx01/08/2022verifiedAlto
28XXX.XXX.XXX.XXXXxxxxx01/08/2022verifiedAlto
29XXX.XXX.XXX.XXXXxxxxx01/08/2022verifiedAlto
30XXX.XXX.XX.XXXxxxxx01/08/2022verifiedAlto
31XXX.XX.XXX.XXXXxxxxx03/06/2023verifiedAlto
32XXX.XXX.XXX.XXXxxxxx01/08/2022verifiedAlto
33XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxx28/04/2022verifiedAlto
34XXX.XXX.XXX.XXXXxxxxx11/05/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-0CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
15TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
18TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
19TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
20TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (136)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File.htaccesspredictiveMedia
2File/ajax-files/followBoard.phppredictiveAlto
3File/DATAREPORTSpredictiveMedia
4File/etc/gsissh/sshd_configpredictiveAlto
5File/Forms/predictiveBasso
6File/forum/away.phppredictiveAlto
7File/getcfg.phppredictiveMedia
8File/maint/modules/home/index.phppredictiveAlto
9File/uncpath/predictiveMedia
10Fileaccount.asppredictiveMedia
11Fileaddentry.phppredictiveMedia
12Fileadmin/conf_users_edit.phppredictiveAlto
13Fileapi.phppredictiveBasso
14Fileawstats.plpredictiveMedia
15Filecarbon/resources/add_collection_ajaxprocessor.jsppredictiveAlto
16Filexxx-xxx/xxx/xxxxxx.xxpredictiveAlto
17Filexxx.xxpredictiveBasso
18Filexxxxxx.xxxpredictiveMedia
19Filexxxxx_xxxx.xxxpredictiveAlto
20Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveAlto
21Filexxxxxx/xxx.xpredictiveMedia
22Filexxx.xxx.xxxxpredictiveMedia
23Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveAlto
24Filexxxxxxx/xxx_xxxxxxx.xxxpredictiveAlto
25Filexxxxxx-xxxx.xpredictiveAlto
26Filexxxxx_xxxx.xpredictiveMedia
27Filexxxxxxxx.xxxpredictiveMedia
28Filexxx/xxxx/predictiveMedia
29Filexxxxxxxxxxxxxx.xxxpredictiveAlto
30Filexxxx_xxxxxxx.xxx.xxxpredictiveAlto
31Filexxx/xxxxxxxxxx.xpredictiveAlto
32Filexxxxx.xxxpredictiveMedia
33Filexxxx.xxxpredictiveMedia
34Filexxxx/xxxxxx.xpredictiveAlto
35Filexxxxxxxx.xxxpredictiveMedia
36Filexxx/xxxxxx.xxxpredictiveAlto
37Filexxxxx.xxxxpredictiveMedia
38Filexxxxx.xxxpredictiveMedia
39Filexxxxxx/xxxxx/xxxxx.xpredictiveAlto
40Filexxxxxxx/xxxx-xxxx.xpredictiveAlto
41Filexxxxx.xxxpredictiveMedia
42Filexxxx.xpredictiveBasso
43Filexxxxxx/xxxxxx.xpredictiveAlto
44Filexxxxxxxxxx/xxxxx.xpredictiveAlto
45Filexx/predictiveBasso
46Filexxx_xxxxx_xxxxxx_xxxxx.xxxpredictiveAlto
47Filexxxx.xxxxxxxxxx.xxxpredictiveAlto
48Filexxxxxxxx_xxxxxx.xxxpredictiveAlto
49Filexxxxx-xxxx.xxxpredictiveAlto
50Filexxxx.xxxpredictiveMedia
51FilexxxxxxxpredictiveBasso
52Filexxxxxx.xxxpredictiveMedia
53Filexxxxxxxxxxx_xxxxxx/xxxxxxxxxxxx/xxx_xxxxxxxxxxx.xxxpredictiveAlto
54Filexxxxx.xxxpredictiveMedia
55Filexxxxxxx.xxpredictiveMedia
56Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveAlto
57Filexxxxxxxxx.xxxpredictiveAlto
58Filexxxxxxxxxx.xxxpredictiveAlto
59Filexxxxxxxxxxx.xxxpredictiveAlto
60Filexxxxxxxxx_xxxxxxxxx.xxxpredictiveAlto
61Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveAlto
62Filexxxxxxx.xxxpredictiveMedia
63Filexxxx-xxxxx.xxxpredictiveAlto
64Filexxxx-xxxxxxxx.xxxpredictiveAlto
65Filexxxxxx.xxxpredictiveMedia
66Filexxxxxx-xxxxxxx-xxxx.xxxpredictiveAlto
67Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictiveAlto
68Filexxxxxxx.xxxpredictiveMedia
69Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
70Filexxxxx_xx.xxxpredictiveMedia
71Filexxxx/xx_xxxxxxx.xxxpredictiveAlto
72Filexxxxx/xxxxx.xxpredictiveAlto
73Filexxxxxx.xxxpredictiveMedia
74Filexxxxxxx/xxxxxx.xpredictiveAlto
75Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveAlto
76Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveAlto
77Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
78Filexxxxxx.xxxpredictiveMedia
79Library/xxx/xxx/xxxx.xxxpredictiveAlto
80Libraryxxx/xxxx/xxxxxx.xxpredictiveAlto
81Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveAlto
82Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictiveAlto
83Libraryxxxxxxx.xxxpredictiveMedia
84Libraryxxxxxx/x/xxxxxxxxpredictiveAlto
85ArgumentxxxxxxxxpredictiveMedia
86ArgumentxxxxxpredictiveBasso
87ArgumentxxxxpredictiveBasso
88ArgumentxxxpredictiveBasso
89ArgumentxxxxxxxpredictiveBasso
90Argumentxxxxxxxxxxxxxx/xxxxxxxxxxpredictiveAlto
91ArgumentxxxxxxpredictiveBasso
92Argumentxxxxxx[xxxxxxx_xxx]predictiveAlto
93ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
94ArgumentxxxxxxxxpredictiveMedia
95Argumentxxxxxxxx_xxxxx[]predictiveAlto
96ArgumentxxxxxxxxxpredictiveMedia
97Argumentxxx_xxxxxxxxpredictiveMedia
98Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveAlto
99ArgumentxxxxxxxxxpredictiveMedia
100ArgumentxxxpredictiveBasso
101ArgumentxxxxpredictiveBasso
102Argumentxxx_xxxpredictiveBasso
103ArgumentxxxxpredictiveBasso
104Argumentxx_xxxxxxxxpredictiveMedia
105ArgumentxxxxpredictiveBasso
106ArgumentxxxpredictiveBasso
107ArgumentxxxxxxxxpredictiveMedia
108ArgumentxxxxxxxxpredictiveMedia
109Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveAlto
110Argumentxxxx_xxxxpredictiveMedia
111Argumentxxxxx_xxxx_xxxxpredictiveAlto
112ArgumentxxxpredictiveBasso
113ArgumentxxxxxxxxpredictiveMedia
114ArgumentxxxxxpredictiveBasso
115ArgumentxxxxpredictiveBasso
116ArgumentxxxxxxpredictiveBasso
117ArgumentxxxxxxxxxxxxxpredictiveAlto
118ArgumentxxxxpredictiveBasso
119ArgumentxxxxpredictiveBasso
120ArgumentxxxxxxxxpredictiveMedia
121ArgumentxxxxxxxxpredictiveMedia
122ArgumentxxxpredictiveBasso
123ArgumentxxxxpredictiveBasso
124Argumentxxxx->xxxxxxxpredictiveAlto
125Argumentxxxxx_xxxxxxpredictiveMedia
126ArgumentxxxxxpredictiveBasso
127Input Value#/+predictiveBasso
128Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveAlto
129Input Value../predictiveBasso
130Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveAlto
131Input Value\xpredictiveBasso
132Network PortxxxxpredictiveBasso
133Network Portxxx/xxxxpredictiveMedia
134Network Portxxx/xxxxpredictiveMedia
135Network Portxxx/xxx (xxxx)predictiveAlto
136Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (5)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!