PennyWise Stealer Analisi

IOB - Indicator of Behavior (89)

Sequenza temporale

Linguaggio

en66
it8
ru6
de6
sv2

Nazione

us68
ru16
gb4
it2

Attori

Attività

Interesse

Sequenza temporale

Genere

Fornitore

Prodotto

Tiki Wiki CMS Groupware6
Tiki2
Facebook WhatsApp2
GNUBOARD52
ProjectApp2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConCTIEPSSCVE
1Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.320.00000
2Tiki Admin Password tiki-login.php autenticazione debole8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix2.990.00936CVE-2020-15906
3LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.360.00000
4Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.350.01871CVE-2007-2046
5Discuz UCenter Home shop.php sql injection7.37.1$0-$5kCalcoloHighUnavailable0.000.00064CVE-2010-4912
6SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00135CVE-2023-2090
7jforum User escalazione di privilegi5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00289CVE-2019-7550
8Tiki Wiki CMS Groupware cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00079CVE-2016-7394
9Tiki Wiki CMS Groupware tiki-jsplugin.php escalazione di privilegi8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.04033CVE-2010-4239
10Tiki Wiki CMS Groupware tiki-adminusers.php cross site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.080.00211CVE-2010-4241
11TikiWiki tiki-register.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix6.020.01009CVE-2006-6168
12real3d-flipbook-lite Plugin flipbooks.php cross site scripting5.25.2$0-$5kCalcoloNot DefinedNot Defined0.040.00076CVE-2016-10967
13Advanced Poll booth.php directory traversal7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.040.01100CVE-2003-1180
14Redisson escalazione di privilegi8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00073CVE-2023-42809
15PHPOffice PhpSpreadsheet Encoding securityScan escalazione di privilegi7.57.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01689CVE-2018-19277
16Fortinet FortiOS fgfmd Format String9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00091CVE-2024-23113
17cURL tool_cb_wrt.c tool_cb_wrt buffer overflow5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000CVE-2023-52071
18Ubiquiti UniFi OS escalazione di privilegi7.27.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00043CVE-2023-31997
19Microsoft Exchange Server Outlook Web Access logon.aspx escalazione di privilegi7.97.9$5k-$25k$25k-$100kNot DefinedNot Defined0.020.00379CVE-2018-16793
20Microsoft Windows Kerberos autenticazione debole8.98.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00048CVE-2024-20674

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
5TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/admin/maintenance/view_designation.phppredictiveAlto
2File/forum/away.phppredictiveAlto
3File/owa/auth/logon.aspxpredictiveAlto
4File/spip.phppredictiveMedia
5File/wp-admin/admin-ajax.phppredictiveAlto
6Fileaction.phppredictiveMedia
7Fileadclick.phppredictiveMedia
8Fileadmin/partials/ajax/add_field_to_form.phppredictiveAlto
9Filexxxxx.xxxpredictiveMedia
10Filexxx:.xxxpredictiveMedia
11Filexxx/xxx.xxxpredictiveMedia
12Filexxx/xxxxx.xxxpredictiveAlto
13Filexxxxx.xxxpredictiveMedia
14Filexxx.xxxpredictiveBasso
15Filexxx.xxxpredictiveBasso
16Filexxxxxx.xxxpredictiveMedia
17Filexxxxxxxxxx.xxxpredictiveAlto
18Filexxxxx.xxxpredictiveMedia
19Filexxxxxx.xxxpredictiveMedia
20Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveAlto
21Filexxx.xxxxxx.xxxpredictiveAlto
22Filexxxx.xxxpredictiveMedia
23Filexxxxxx/xx_xxxxxx_xxxxxx/xxxxx/xxxxx.xxxpredictiveAlto
24Filexxxxxxx.xxxpredictiveMedia
25Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
26Filexxxxx\xxxx.xxxpredictiveAlto
27Filexxxx.xxxpredictiveMedia
28Filexxx/xxxx_xx_xxx.xpredictiveAlto
29Filexxxxxxx_xxxxxx.xxxpredictiveAlto
30Filexxxx-xxxxxxxxxx.xxxpredictiveAlto
31Filexxxx-xxxxxxxx.xxxpredictiveAlto
32Filexxxx-xxxxx.xxxpredictiveAlto
33Filexxxx-xxxxxxxx.xxxpredictiveAlto
34Filexxxxxxxxxx.xxxpredictiveAlto
35Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveAlto
36Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxx-xxxxx-xxxxxxxxpredictiveAlto
37Filexx-xxxxxxx/xxxxxxx/xxxxxx-xxxxxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
38ArgumentxxxxpredictiveBasso
39ArgumentxxxxxxpredictiveBasso
40ArgumentxxxxxpredictiveBasso
41ArgumentxxxpredictiveBasso
42ArgumentxxxxxxpredictiveBasso
43ArgumentxxxxpredictiveBasso
44ArgumentxxxxpredictiveBasso
45Argumentxxxxx_xxxx/xxxxx_xxx/xxxxx_xxxx/xxxx_xxpredictiveAlto
46ArgumentxxxxpredictiveBasso
47Argumentxx_xxpredictiveBasso
48ArgumentxxxxxxxxxxpredictiveMedia
49ArgumentxxpredictiveBasso
50Argumentxxxxxxx_xxxxpredictiveMedia
51ArgumentxxxxxxxxpredictiveMedia
52ArgumentxxxxpredictiveBasso
53ArgumentxxxxxxxxpredictiveMedia
54ArgumentxxxxxxxxpredictiveMedia
55ArgumentxxxxxxpredictiveBasso
56ArgumentxxxxpredictiveBasso
57ArgumentxxxpredictiveBasso
58ArgumentxxxxxxxxxxxpredictiveMedia
59ArgumentxxxpredictiveBasso
60Argumentxxxxxx/xxxxpredictiveMedia
61ArgumentxxxxxxxxpredictiveMedia

Referenze (6)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!