Quantum Analisi

IOB - Indicator of Behavior (86)

Sequenza temporale

Linguaggio

en78
ru4
fr2
ar2

Nazione

Attori

Attività

Interesse

Sequenza temporale

Genere

Fornitore

Prodotto

GNU binutils8
GNU C Library8
Apache HTTP Server6
Moxa EDR-8106
Microsoft Windows4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConCTIEPSSCVE
1libxslt EXSLT Math.random Prediction crittografia debole5.55.3$0-$5kCalcoloNot DefinedOfficial Fix0.000.00086CVE-2015-9019
2GNU C Library fnmatch_loop.c fnmatch rivelazione di un 'informazione5.65.4$0-$5kCalcoloNot DefinedOfficial Fix0.000.00546CVE-2015-8984
3GNU C Library strxfrm buffer overflow9.18.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00670CVE-2015-8982
4TablePress XML External Entity5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00049CVE-2017-10889
5Salutation Responsive WordPress + BuddyPress Theme Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00057CVE-2017-1000227
6libxml2 Recover Mode denial of service4.03.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00378CVE-2017-5969
7elfutils elf_getdata.c _libelf_set_rawdata_wrlock buffer overflow5.45.3$0-$5kCalcoloNot DefinedOfficial Fix0.000.01258CVE-2016-10255
8elfutils ELF File common.h allocate_elf buffer overflow5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00986CVE-2016-10254
9GNU C Library wstrops.c IO_wstr_overflow buffer overflow7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00508CVE-2015-8983
10FluentForm Plugin sql injection4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00076CVE-2023-24410
11Network Manager VPNC Plugin escalazione di privilegi7.37.2$0-$5k$0-$5kHighOfficial Fix0.000.00364CVE-2018-10900
12Microsoft SharePoint Server Privilege Escalation8.88.1$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00762CVE-2022-38053
13Progress MOVEit Transfer sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00136CVE-2021-38159
14akismet Plugin cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00078CVE-2015-9357
15Snazzy Maps Plugin cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00078CVE-2018-17947
16WordPress Password Reset wp-login.php mail escalazione di privilegi6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.02827CVE-2017-8295
17BSD FTP Client HTTP Redirect escalazione di privilegi6.56.2$0-$5k$0-$5kHighOfficial Fix0.040.95879CVE-2014-8517
18ProfilePress Plugin Image Uploader ImageUploader.php escalazione di privilegi7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00334CVE-2021-34623
19Iomega/LenovoEMC NAS API escalazione di privilegi7.97.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00168CVE-2019-6160
20Alienvault OSSIM/USM gauge.php sql injection9.89.4$0-$5k$0-$5kHighOfficial Fix0.020.96284CVE-2016-8582

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
1138.68.42.130prod-sfo2-1.qencode-master-cf283c7cc10911ecb9daa269211215a9Quantum26/04/2022verifiedAlto
2XXX.XXX.XXX.XXXxxxxxx26/04/2022verifiedAlto
3XXX.XX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxXxxxxxx28/06/2023verifiedAlto
4XXX.XXX.XXX.XXXXxxxxxx26/04/2022verifiedAlto
5XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx26/04/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/etc/shadowpredictiveMedia
2File/goform/net\_Web\_get_valuepredictiveAlto
3File/goform/net_WebCSRGenpredictiveAlto
4File/goform/WebRSAKEYGenpredictiveAlto
5File/uncpath/predictiveMedia
6File/wp-content/plugins/updraftplus/admin.phppredictiveAlto
7Filexxxxx/xxxxxx_xxxxxx_xxxxxxx/xxxxx-xxx-xxxxx.xxxpredictiveAlto
8Filexxx/xxxxxxx.xpredictiveAlto
9Filexxxxxx.xpredictiveMedia
10Filexxxxx.xpredictiveBasso
11Filexxxxxx.xpredictiveMedia
12Filexxx.xpredictiveBasso
13Filexxx_xxxxxxx.xpredictiveAlto
14Filexxx/xxxxx/xxxxx.xpredictiveAlto
15Filexxxxxx-xxxxxxx-xxxxxxxx.xxxpredictiveAlto
16Filexxxxxxx_xxxx.xpredictiveAlto
17Filexxxxxxxxx.xxxpredictiveAlto
18Filexxxxx.xxxpredictiveMedia
19Filexxxx.xpredictiveBasso
20Filexxxx.xpredictiveBasso
21Filexxx/xxxxx/xxxxx_xxxx_xxxxxxxxx.xxxpredictiveAlto
22Filexxxx_xxxx.xxxpredictiveAlto
23Filexxxxxx/xxxxxx/xxxx.xpredictiveAlto
24Filexxxxx/xxxxxxx.xpredictiveAlto
25Filexxxxxxxxxxx.xxxpredictiveAlto
26Filexxxxxxx.xxxpredictiveMedia
27Filexxxxxxxx.xxxpredictiveMedia
28Filexxxx-xxxxxx.xpredictiveAlto
29Filexx-xxxxx.xxxpredictiveMedia
30File~/xxx/xxxxxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
31ArgumentxxpredictiveBasso
32Argumentxxxx_xxpredictiveBasso
33ArgumentxxxxpredictiveBasso
34Argumentxx_xxxxxxx_xxxxpredictiveAlto
35ArgumentxxxxpredictiveBasso
36ArgumentxxxpredictiveBasso
37Argumentxxxxxxxxxxxxxx_xxxpredictiveAlto
38Argumentxxxxxx_xxxx/xxxxxx_xxxxxpredictiveAlto
39ArgumentxxxxxxxxxxxxxxpredictiveAlto
40ArgumentxxxxxxxxxxxxxxpredictiveAlto
41Argumentxxxxxx\_xxxxpredictiveMedia
42Argumentxxxx/xxxpredictiveMedia

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!