Prometei Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (191)

Linguaggio

en	188
sv	2
it	2

Nazione

us	190
id	2

Attori

Prometei	3
Dridex	1

Interesse

Genere

Not Defined	42
Communications System	4
Operating System	4
Content Management System	2
Programming Language Software	2

Fornitore

Not Defined	18
Sierra Wireless	4
SourceCodester	4
LogicBoard	2
Phplinkdirectory	2

Prodotto

Sierra Wireless AirLink GX400	4
Sierra Wireless AirLink GX440	4
Sierra Wireless AirLink GX450	4
Sierra Wireless AirLink ES450	4
Sierra Wireless AirLink RV50	4

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	2.89
2	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.05	CVE-2008-5928
3	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.32	CVE-2018-6200
4	Vunet VU Web Visitor Analyst redir.asp sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.00119	0.06	CVE-2010-2338
5	Bitrix Site Manager redirect.php escalazione di privilegi	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00113	0.04	CVE-2008-2052
6	Openads adclick.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01871	0.43	CVE-2007-2046
7	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	1.28	CVE-2007-0354
8	GetSimpleCMS index.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00123	0.00	CVE-2019-9915
9	OpenX adclick.php Redirect	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00440	0.48	CVE-2014-2230
10	phpPgAds adclick.php vulnerabilità sconosciuta	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00317	0.43	CVE-2005-3791
11	DZCP deV!L`z Clanportal config.php escalazione di privilegi	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.70	CVE-2010-0966
12	Sangoma FreePBX/PBXact restapps Privilege Escalation	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00756	0.00	CVE-2020-10666
13	Issabel PBX Create New Rate cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.03	CVE-2021-34190
14	Issabel PBX cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2021-46558
15	DZCP deV!L`z Clanportal browser.php rivelazione di un 'informazione	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.91	CVE-2007-1167
16	My Link Trader out.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.05
17	WordPress AdServe adclick.php sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.06	CVE-2008-0507
18	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.21	CVE-2015-4134
19	Asterisk PBX SIP Invite res_pjsip_session denial of service	4.8	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00114	0.00	CVE-2020-28327
20	Tiki Admin Password tiki-login.php autenticazione debole	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.67	CVE-2020-15906

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Identified	Genere	Fiducia
1	23.148.145.237	henhariden.info	Prometei	23/03/2023	verified	Alto
2	69.84.240.57		Prometei	23/03/2023	verified	Alto
3	103.40.123.34	ip-34.123.40.jogjaringan.net.id	Prometei	23/03/2023	verified	Alto
4	XXX.XX.XXX.XX	xx.xxx.xx.xx-xxxx.xxxx	Xxxxxxxx	23/03/2023	verified	Alto
5	XXX.XXX.XXX.XXX		Xxxxxxxx	23/03/2023	verified	Alto
6	XXX.XXX.XXX.XXX		Xxxxxxxx	23/03/2023	verified	Alto
7	XXX.XX.XXX.XX		Xxxxxxxx	23/03/2023	verified	Alto
8	XXX.XX.XX.XX	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxxx	08/01/2024	verified	Alto
9	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	23/03/2023	verified	Alto
10	XXX.XXX.XX.XX	xxxxxx.xxx-xxx-xx-xx.xxxx.xxx	Xxxxxxxx	23/03/2023	verified	Alto
11	XXX.XXX.XXX.XXX		Xxxxxxxx	23/03/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-49	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CAPEC-112	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto

IOA - Indicator of Attack (53)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/admin/inquiries/view_details.php	predictive	Alto
2	File	/admin/maintenance/view_designation.php	predictive	Alto
3	File	/cgi-bin/touchlist_sync.cgi	predictive	Alto
4	File	/forum/away.php	predictive	Alto
5	File	/LogoStore/search.php	predictive	Alto
6	File	/mhds/clinic/view_details.php	predictive	Alto
7	File	/newsDia.php	predictive	Media
8	File	/out.php	predictive	Media
9	File	/xxxxxxxx-xxxxxxx.xxx	predictive	Alto
10	File	/xxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
11	File	xxxxxxx.xxx	predictive	Media
12	File	xxxxx/xxxxxx.xxx	predictive	Alto
13	File	xxxxx/xxxx_xxxxx_xxxx.xxx	predictive	Alto
14	File	xxxxx/xxxxx.xxx	predictive	Alto
15	File	xxxxxxxx_xxxxxxxxxxxxxxxxx.xxx	predictive	Alto
16	File	xxxxx.xxx	predictive	Media
17	File	xxxx.xxx	predictive	Media
18	File	xxxx.xxx	predictive	Media
19	File	xxx/xxxxxx.xxx	predictive	Alto
20	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Alto
21	File	xxxxx.xxx?xxxx=xxxxxxx_xxxxx	predictive	Alto
22	File	xxxxxxx/xxx.xxx	predictive	Alto
23	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
24	File	xxxx.xxx	predictive	Media
25	File	xxxxx.xxx	predictive	Media
26	File	xxxxx.xxx	predictive	Media
27	File	xxxxxxxx.xxx	predictive	Media
28	File	xxxxxxxxxx.xxx	predictive	Alto
29	File	xxxx-xxxxxxxxxx.xxx	predictive	Alto
30	File	xxxx-xxxxx.xxx	predictive	Alto
31	File	xxxxx/xxxxxxxx_xxxxxx/xxxxxx_xxxxxxxx_xxxxx.xxx	predictive	Alto
32	File	xxxxxxx.xxx	predictive	Media
33	File	xxxx.xx	predictive	Basso
34	Argument	xxxxxxxx	predictive	Media
35	Argument	xxxxxxxx	predictive	Media
36	Argument	xxxxx	predictive	Basso
37	Argument	xxx	predictive	Basso
38	Argument	xxxxxxxxxxx	predictive	Media
39	Argument	xxxx	predictive	Basso
40	Argument	xxxx	predictive	Basso
41	Argument	xxxx	predictive	Basso
42	Argument	xx	predictive	Basso
43	Argument	xxxxxxxxx	predictive	Media
44	Argument	xx	predictive	Basso
45	Argument	xxxx/xxxxxx	predictive	Media
46	Argument	xxxxxxxx	predictive	Media
47	Argument	xxxxx	predictive	Basso
48	Argument	xxxxxxxx	predictive	Media
49	Argument	xxx	predictive	Basso
50	Argument	xxx	predictive	Basso
51	Argument	xxxxxxxx/xxxxxxxx	predictive	Alto
52	Input Value	xxxx' xxxxx xxx xxxxxx xxxxxx(xxxxxx('xxxxx','xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'),'xxxxx'),xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx-- xxxx&xxxxxx=	predictive	Alto
53	Pattern	\|xx\|	predictive	Basso

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!