Kapeka Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (206)

Sequenza temporale

Linguaggio

en152
ru40
de6
it6
fr2

Nazione

us66
pl28
ru24
gb20
ch12

Attori

Kapeka3
Socks5 Systemz1
Sliver1
Charming Kitten1
Conti1

Attività

Interesse

Sequenza temporale

Genere

Not Defined58
Web Server22
Database Administration Software12
Content Management System8
Programming Language Software8

Fornitore

Not Defined70
Microsoft14
Cisco8
Oracle8
Apache6

Prodotto

phpMyAdmin12
Microsoft IIS10
Apache HTTP Server6
Linux Kernel4
WordPress4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.25CVE-2020-12440
2phpMyAdmin PMA_safeUnserialize escalazione di privilegi9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004330.00CVE-2016-9865
3phpMyAdmin cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.003480.02CVE-2014-8958
4Bitrix Site Manager redirect.php escalazione di privilegi5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
5PHP Safe Mode mail escalazione di privilegi7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.015350.00CVE-2002-0985
6Neet AirStream NAS1.1 Configuration Page cross site request forgery7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001120.04CVE-2016-10862
7Alt-N MDaemon Worldclient escalazione di privilegi4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
8phpMyAdmin ArbitraryServerRegexp Reuse escalazione di privilegi9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003660.04CVE-2016-6629
9phpMyAdmin Unserialization unserialize escalazione di privilegi9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.009650.00CVE-2016-6620
10phpMyAdmin Central Column Query central_columns.lib.php sql injection9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003220.00CVE-2016-5703
11phpMyAdmin Git Information GitRevision.php Remote Code Execution9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001900.04CVE-2019-19617
12phpMyAdmin Redirect escalazione di privilegi4.34.1$5k-$25k$0-$5kHighOfficial Fix0.002470.02CVE-2014-9219
13phpMyAdmin import.php cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial Fix0.001500.02CVE-2014-1879
14ApolloTheme AP PageBuilder cross site scripting4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.04CVE-2022-44897
15InfluxDB JWT Token handler.go autenticazione debole8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.042370.00CVE-2019-20933
16Seltmann Content Management System index.php sql injection7.67.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001390.00CVE-2022-47740
17Plohni Advanced Comment System Installation index.php escalazione di privilegi7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.009970.05CVE-2009-4623
18PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.05CVE-2015-4134
19PHP buffer overflow5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.109590.02CVE-2014-9427
20D-Link DCS-936L info.cgi rivelazione di un 'informazione6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006210.04CVE-2018-18441

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
188.80.148.65Kapeka23/04/2024verifiedAlto
2XXX.XX.XXX.XXXxxxxx23/04/2024verifiedAlto
3XXX.XX.XXX.Xx.xxx.xx.xxx.xxxxxxxxx.xxxx.xxxXxxxxx23/04/2024verifiedAlto
4XXX.XXX.XXX.XXXxx-xxxx.xxxxxxxxxxxxx.xxxXxxxxx23/04/2024verifiedAlto

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
15TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (84)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/apply.cgipredictiveMedia
2File/common/info.cgipredictiveAlto
3File/filemanager/upload.phppredictiveAlto
4File/index.phppredictiveMedia
5File/redbin/rpwebutilities.exe/textpredictiveAlto
6File/servicespredictiveMedia
7File/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServletpredictiveAlto
8File/uncpath/predictiveMedia
9Fileadmin/product_category.php?rec=updatepredictiveAlto
10Filebug_report_page.phppredictiveAlto
11Filexxx/xxxxxxx.xxpredictiveAlto
12Filexxx.xxx?xxxxxx=xxxxxxxxxxxxx&xxx=xxpredictiveAlto
13Filexxxxxxx.xxxpredictiveMedia
14Filexxxxxxx.xxxpredictiveMedia
15Filexxxxxxxxxxxxxx.xxxpredictiveAlto
16Filexxxxxxxx_xxxxx.xxxpredictiveAlto
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
18Filexxxxxx.xxxpredictiveMedia
19Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
20Filexxxxxxx.xxxpredictiveMedia
21Filexxx/xxxx/xxxx_xxxx.xpredictiveAlto
22Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveAlto
23Filexx/xxxxx/xxxxxx-xxxx.xpredictiveAlto
24Filexx/xxxx/xxxxxx.xpredictiveAlto
25Filexx/xxxx/xxxxx.xpredictiveAlto
26Filexxx_xxx.xxxpredictiveMedia
27Filexxxx.xxxpredictiveMedia
28Filexxx.xxxxxpredictiveMedia
29Filexxxx.xxxpredictiveMedia
30Filexxxxxx.xxxpredictiveMedia
31Filexxxxx.xxxpredictiveMedia
32Filexxxx_xxxx.xxxpredictiveAlto
33Filexxxxxx.xpredictiveMedia
34Filexxxxxx/xxxx.xpredictiveAlto
35Filexxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictiveAlto
36Filexxxxxxxxxxxxx.xxxpredictiveAlto
37Filexxxxxx.xxxpredictiveMedia
38Filexxxxxxx/xxxxxxxxxx/xxxx/xxxxxx.xxxpredictiveAlto
39Filexxxxxxx/xxxxxx%xxxxxxx/xxxxxx_xxx.xxx&xxxx=xxxxxxxxxxxxxxxxxx&xxxx=xpredictiveAlto
40Filexxx_xxxxx_xxxx.xpredictiveAlto
41Filexxxxxxxxxx.xxxpredictiveAlto
42Filexxxxxxxx.xxxpredictiveMedia
43Filexxxxxx_xxxxxx.xxpredictiveAlto
44Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictiveAlto
45Filexxxxx.xxxpredictiveMedia
46Filexxxxxx.xxxpredictiveMedia
47Filexxxx.xxxpredictiveMedia
48Filexxxxxx/xxxxxxxxxx/xxx-xxxxx/xxx/xxxxxxx.xxxpredictiveAlto
49Filexxxx/xxxxxxxxxxxx.xxxpredictiveAlto
50Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveAlto
51Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
52Filexxxx.xxpredictiveBasso
53Libraryxxxxx.xxxpredictiveMedia
54Libraryxxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxxpredictiveAlto
55Libraryxxxxxx_xxx.xxx.xxxpredictiveAlto
56Argument${xxx}predictiveBasso
57Argumentxxx_xxxxpredictiveMedia
58Argumentxxx_xxpredictiveBasso
59Argumentxxx_xxxxpredictiveMedia
60ArgumentxxxxpredictiveBasso
61Argumentxxxx_xxpredictiveBasso
62ArgumentxxxxxxxxxxxpredictiveMedia
63ArgumentxxxxxxxpredictiveBasso
64ArgumentxxxpredictiveBasso
65ArgumentxxxxpredictiveBasso
66Argumentxxxxxx_xxxx_xxxpredictiveAlto
67ArgumentxxpredictiveBasso
68Argumentxxxx_xxpredictiveBasso
69ArgumentxxxpredictiveBasso
70Argumentx_xxpredictiveBasso
71ArgumentxxxxxxxxxpredictiveMedia
72ArgumentxxxxxxxxpredictiveMedia
73Argumentxxxxx[x]predictiveMedia
74ArgumentxxxxxxxxpredictiveMedia
75ArgumentxxxxxxxpredictiveBasso
76Argumentxxxx_xxxxxxpredictiveMedia
77Argumentxxxxxx_xxxxpredictiveMedia
78ArgumentxxxpredictiveBasso
79ArgumentxxxxxxxxpredictiveMedia
80ArgumentxxxxxxxxpredictiveMedia
81ArgumentxxxxxxxxpredictiveMedia
82Input Value::$xxxxx_xxxxxxxxxxpredictiveAlto
83Input ValuexxxxxxxxpredictiveMedia
84Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!