FunnySwitch Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (304)

Sequenza temporale

Linguaggio

en252
zh42
es8
jp2

Nazione

us176
cn122
gb2
au2

Attori

FunnySwitch14
Cobalt Strike8
pupy2
RedLine Stealer1
TAG-531

Attività

Interesse

Sequenza temporale

Genere

Not Defined86
Operating System16
Content Management System8
Firewall Software8
Mail Client Software6

Fornitore

Not Defined72
Microsoft14
Apple6
Apache6
Linux4

Prodotto

Parallels Desktop6
Microsoft Windows6
Linux Kernel4
F5 BIG-IP4
Apache HTTP Server4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.70CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.07CVE-2015-4134
4HRworks Login Reflected cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001070.02CVE-2019-11559
5WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
6Elasticsearch Async Search API rivelazione di un 'informazione4.14.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.02CVE-2021-22132
7jforum User escalazione di privilegi5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550
8PHPList Sending Campain sql injection5.35.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000880.22CVE-2017-20030
9PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
10OpenWrt Access Control rpcd escalazione di privilegi7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002300.00CVE-2018-11116
11Microsoft Windows SMB escalazione di privilegi7.06.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000860.02CVE-2017-11782
12Honeywell Controller Message buffer overflow9.09.0$0-$5k$0-$5kNot DefinedNot Defined0.000460.04CVE-2023-24480
13Linux Kernel ioctl.c dm_get_inactive_table denial of service5.15.0$5k-$25k$0-$5kNot DefinedNot Defined0.000420.02CVE-2023-2269
14Kubernetes kubelet pprof rivelazione di un 'informazione7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.556250.08CVE-2019-11248
15Discuz!ML Cookie escalazione di privilegi8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040150.02CVE-2019-13956
16Google Android Qualcomm Privilege Escalation5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000440.00CVE-2021-1921
17Microsoft SQL Server escalazione di privilegi7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.022040.04CVE-2019-1068
18Elasticsearch Elastic Cloud Enterprise API escalazione di privilegi4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.019900.03CVE-2021-22146
19Cyrus IMAP index.c index_urlfetch buffer overflow7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.017650.02CVE-2015-8076
20Sharp Zaurus Samba Access autenticazione debole6.56.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.963310.00CVE-2003-0085

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
145.76.6.14945.76.6.149.vultrusercontent.comFunnySwitch10/08/2022verifiedAlto
245.76.75.21945.76.75.219.vultrusercontent.comFunnySwitch10/08/2022verifiedAlto
366.42.48.186www.cookieli1983.mlFunnySwitch10/08/2022verifiedAlto
466.42.103.22266.42.103.222.vultrusercontent.comFunnySwitch10/08/2022verifiedAlto
5XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx10/08/2022verifiedAlto
6XX.XX.XXX.XXXxxxx.xxXxxxxxxxxxx10/08/2022verifiedAlto
7XXX.XX.XX.XXXXxxxxxxxxxx10/08/2022verifiedAlto
8XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxx10/08/2022verifiedAlto
9XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxx10/08/2022verifiedAlto
10XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxXxxxxxxxxxx10/08/2022verifiedAlto
11XXX.XX.XX.XXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx10/08/2022verifiedAlto
12XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx10/08/2022verifiedAlto
13XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx10/08/2022verifiedAlto
14XXX.XXX.X.XXXXxxxxxxxxxx10/08/2022verifiedAlto
15XXX.XXX.X.XXxxxxxxxxxx10/08/2022verifiedAlto
16XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxx10/08/2022verifiedAlto
17XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx10/08/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-0CWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (101)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/debug/pprofpredictiveMedia
2File/etc/config/rpcdpredictiveAlto
3File/forum/away.phppredictiveAlto
4File/lists/admin/predictiveAlto
5File/public/login.htmpredictiveAlto
6File/wp-admin/admin-ajax.phppredictiveAlto
7File/w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtreepredictiveAlto
8File/_nextpredictiveBasso
9Fileaddentry.phppredictiveMedia
10Fileadmin/conf_users_edit.phppredictiveAlto
11Fileadmin/write-post.phppredictiveAlto
12Filearchiver\index.phppredictiveAlto
13Filexxxxx.xxxpredictiveMedia
14Filexxx/xxxxxxx.xxpredictiveAlto
15Filexxx/xxxxxxpredictiveMedia
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
17Filexxxxxxx/xxx/xxx.xpredictiveAlto
18Filexxxxx.xxxpredictiveMedia
19Filexx-xxxxxxx/xxxxxxxpredictiveAlto
20Filexxxxxx/xxxxxxxxxxxxpredictiveAlto
21Filexxxx.xxxpredictiveMedia
22Filexxxxxxxxx.xxxpredictiveAlto
23Filexxxxx/xxxxxxxxxxxxxxpredictiveAlto
24Filexxx/xxxxxx.xxxpredictiveAlto
25Filexxxxxxxx/xxxxxxxx.xxxpredictiveAlto
26Filexxxxx.xpredictiveBasso
27Filexxxxx.xxxpredictiveMedia
28Filexxxxx.xpredictiveBasso
29FilexxxxxxxpredictiveBasso
30Filexxxxx.xxxxpredictiveMedia
31Filexxxxxxxx.xpredictiveMedia
32Filexxxxxxxx.xxxpredictiveMedia
33Filexxxxxxxx.xxpredictiveMedia
34Filexxxxxxxxx/xxxx-xxxxpredictiveAlto
35Filexxxxxxxxx.xxxpredictiveAlto
36Filexxxxxxxx.xpredictiveMedia
37Filexxx_xxxx.xxxpredictiveMedia
38Filexxxxxxx.xxxpredictiveMedia
39Filexxxxx/xxxxxxx.xpredictiveAlto
40Filexxxxxx.xxxpredictiveMedia
41Filexxxxx.xxxpredictiveMedia
42Filexxxxxxxxxxxxxx.xxxpredictiveAlto
43Filexxxxx_xxxxx.xxxpredictiveAlto
44Filexxxxx_xxxxxx_xxx.xxxpredictiveAlto
45Filexxxxx.xxxpredictiveMedia
46Filexxxxx.xxxpredictiveMedia
47Filexxxxxxxxxx.xxxpredictiveAlto
48Filexxxxx-xxxx/xxxxx-xxxxx-xxxx.xxxpredictiveAlto
49Filexxxxxxxx.xxxpredictiveMedia
50Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
51Filexxxx.xpredictiveBasso
52Filexxxxxx_xxxxxx.xxxpredictiveAlto
53Filexxxx.xxxpredictiveMedia
54Filexxxxxxx/xxxxxxxx.xpredictiveAlto
55Filexxx_xxxxxx.xxxpredictiveAlto
56Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveAlto
57Filexxxxxxxx.xxxxx.xxxpredictiveAlto
58Filexxxx-xxxxxxxx.xxxpredictiveAlto
59Filexxxxxxxxx.xxxpredictiveAlto
60Filexxxxxxx/xxxxxxxx.xxxpredictiveAlto
61Filexxxxxx.xxxpredictiveMedia
62Filexxxxx.xxxpredictiveMedia
63Filexxxx.xxpredictiveBasso
64Libraryxxxxxx.xxxpredictiveMedia
65Libraryxxx/xxxxx/xxxxxxxx.xxpredictiveAlto
66Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveAlto
67Argument$_xxxx['xxx_xxxx_xxxxxx']predictiveAlto
68Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictiveAlto
69Argumentxx_xxxxx_xxx_xxxxpredictiveAlto
70ArgumentxxxxxxpredictiveBasso
71ArgumentxxxxxxxxpredictiveMedia
72ArgumentxxxxxxpredictiveBasso
73ArgumentxxxpredictiveBasso
74Argumentxxxxxxx-xxxxxxpredictiveAlto
75ArgumentxxxxxxxxxxpredictiveMedia
76ArgumentxxxxxxxpredictiveBasso
77ArgumentxxxxxxpredictiveBasso
78ArgumentxxxxpredictiveBasso
79ArgumentxxpredictiveBasso
80Argumentxxxxxx_xxpredictiveMedia
81ArgumentxxxxxxxxpredictiveMedia
82Argumentxxx_xxxxxxpredictiveMedia
83ArgumentxxxxxxxxpredictiveMedia
84ArgumentxxxxxxxxpredictiveMedia
85ArgumentxxxxxxxxxxpredictiveMedia
86ArgumentxxxxxxxxpredictiveMedia
87ArgumentxxxxxxpredictiveBasso
88ArgumentxxxxpredictiveBasso
89Argumentxxx_xxxxxpredictiveMedia
90ArgumentxxxxxxxpredictiveBasso
91Argumentxxxx_xxpredictiveBasso
92ArgumentxxxpredictiveBasso
93ArgumentxxxxxpredictiveBasso
94ArgumentxxxpredictiveBasso
95ArgumentxxxpredictiveBasso
96ArgumentxxxxxxxxpredictiveMedia
97Argument_xxx_xxxxxxxxxxx_predictiveAlto
98Input Value(|)(\\x\\x)*predictiveMedia
99Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveAlto
100Pattern|xx|predictiveBasso
101Network Portxxx/xxxxpredictiveMedia

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Interested in the pricing of exploits?

See the underground prices here!