Industroyer Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (168)

Sequenza temporale

Linguaggio

zh92
en64
de8
fr4

Nazione

us84
cn46
ch32
ru4
lu2

Attori

TeleBots2
Industroyer1
AsyncRAT1
Cobalt Strike1
ISFB1

Attività

Interesse

Sequenza temporale

Genere

Not Defined46
Router Operating System12
Content Management System10
Operating System10
Firewall Software6

Fornitore

Not Defined46
Juniper6
Apache6
Linux4
Microsoft4

Prodotto

Juniper Junos OS6
phpMyAdmin4
Linux Kernel4
Juniper Junos OS Evolved4
Microsoft Windows4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Zend Framework SQL Statement order sql injection7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000000.04
2Backdoor.Win32.Tiny.c Service Port 7778 escalazione di privilegi7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
3phpLDAPadmin LDAP injection escalazione di privilegi8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.249320.00CVE-2018-12689
4adminlte escalazione di privilegi5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001590.04CVE-2021-3706
5Oracle Primavera Unifier Document Manager rivelazione di un 'informazione7.27.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003670.05CVE-2023-44981
6OPNsense Login Page Redirect5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001790.01CVE-2020-23015
7jc21 NGINX Proxy Manager Access List escalazione di privilegi5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.014840.05CVE-2023-23596
8Cacti LDAP autenticazione debole6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.004470.00CVE-2022-0730
9ISPConfig sql injection6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001520.00CVE-2021-3021
10Linux Kernel NILFS File System inode.c security_inode_alloc buffer overflow8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2022-2978
11phpMyAdmin Two-factor Authentication autenticazione debole6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000540.03CVE-2022-23807
12DSpace directory traversal7.06.8$0-$5k$0-$5kNot DefinedOfficial Fix0.002880.00CVE-2016-10726
13RouterOS Upgrade Package rivelazione di un 'informazione7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001760.02CVE-2019-3977
14WP Statistics Plugin class-wp-statistics-hits.php sql injection8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.269550.00CVE-2022-0651
15Crow HTTP Pipelining buffer overflow8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007770.04CVE-2022-38667
16mySCADA myPRO escalazione di privilegi9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.03CVE-2022-2234
17GNU Bash Environment Variable variables.c Shellshock escalazione di privilegi9.89.6$25k-$100k$0-$5kHighOfficial Fix0.975590.00CVE-2014-6271
18Microsoft Windows Remote Desktop Client Remote Code Execution8.87.7$100k et plus$5k-$25kUnprovenOfficial Fix0.049270.04CVE-2021-38666
19MailGates/MailAudit escalazione di privilegi8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001620.01CVE-2020-25849
20Juniper Junos OS J-Web escalazione di privilegi7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-0278

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
15.39.218.152Industroyer23/12/2020verifiedAlto
246.28.200.132hosted-by.solarcom.chIndustroyer23/12/2020verifiedAlto
3XX.XXX.XXX.XXXXxxxxxxxxxx21/07/2022verifiedAlto
4XX.XXX.XX.XXXxxxxxxxxxx23/12/2020verifiedAlto
5XXX.XX.XXX.XXxx-xxxxxx-xxx-xx-xxx-xx.xxxxxx.xxXxxxxxxxxxx23/12/2020verifiedAlto
6XXX.XX.XX.Xxxxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxx23/12/2020verifiedAlto
7XXX.XXX.XX.XXXxxxxxxxxxx21/07/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (65)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveAlto
2File/CMD_SELECT_USERSpredictiveAlto
3File/dashboard/updatelogo.phppredictiveAlto
4File/dcim/sites/add/predictiveAlto
5File/enginemanager/server/user/delete.htmpredictiveAlto
6File/etc/openshift/server_priv.pempredictiveAlto
7File/forum/away.phppredictiveAlto
8File/goform/delAdpredictiveAlto
9File/xxxxx.xxxpredictiveMedia
10File/xxxxxx/xxx/xxxxxxx.xxxpredictiveAlto
11File/xxxxx-xxxxxx/xxxxx.xxxpredictiveAlto
12File/xxxxx?xxxxxxpredictiveAlto
13File/xxxxxxpredictiveBasso
14Filexxxxxxx.xxxpredictiveMedia
15Filexxx_xxxxx.xxxpredictiveAlto
16Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
17Filexxx.xxx?xxx=xxxxx_xxxxpredictiveAlto
18Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveAlto
19Filexx.xpredictiveBasso
20Filexxxxx.xxxpredictiveMedia
21Filexxxxxx.xxxpredictiveMedia
22Filexxxxxxxxxxxxx/xxxxxxxxxxx.xxxxpredictiveAlto
23Filexxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxx/xxxx_xxx.xxxpredictiveAlto
24Filexxxx.xxxpredictiveMedia
25Filexxxxx.xpredictiveBasso
26Filexxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
27Filexxxxx_xxxxxxx.xxxpredictiveAlto
28Filexxxx.xxxpredictiveMedia
29Filexxxxx.xxxxpredictiveMedia
30Filexxxxxx/xxxxxxxxxxx/xxxxxxxxpredictiveAlto
31Filexxxxxx/predictiveBasso
32Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveAlto
33Filexxxxxxxxx.xpredictiveMedia
34Filexxx_xxxxx.xxxxpredictiveAlto
35Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
36Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveAlto
37File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveAlto
38File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xx.xxxpredictiveAlto
39File~/xxx/xxxxxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
40ArgumentxxxxpredictiveBasso
41ArgumentxxxxxpredictiveBasso
42ArgumentxxxpredictiveBasso
43Argumentxxxxxx_xxxx_xxxxxxxxpredictiveAlto
44Argumentxxxxxxx_xxxx_xxxxpredictiveAlto
45Argumentxxx_xxxx/xxx_xxxxxxxpredictiveAlto
46ArgumentxxxxxxxxxxxpredictiveMedia
47ArgumentxxpredictiveBasso
48ArgumentxxpredictiveBasso
49Argumentxxxx/xxx_xxxxxxxxxpredictiveAlto
50ArgumentxxxxxxxxpredictiveMedia
51ArgumentxxxxxxxpredictiveBasso
52Argumentxxx_xxpredictiveBasso
53ArgumentxxxxxxxxxxpredictiveMedia
54ArgumentxxxxxxpredictiveBasso
55Argumentxxxxxx/xxxxxx_xxxxxxpredictiveAlto
56Argumentxxxxxx_xxpredictiveMedia
57ArgumentxxxpredictiveBasso
58ArgumentxxxpredictiveBasso
59ArgumentxxxxxxxxpredictiveMedia
60Argumentxxxxx/xxxxxpredictiveMedia
61Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveAlto
62Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveAlto
63Input Valuexxx_xxx_xxxx_xxxx'"><xxxxxx>xxxxx(/xxxxx.xx/)</xxxxxx>predictiveAlto
64Pattern() {predictiveBasso
65Network Portxxx/xxxxpredictiveMedia

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!