SharpPanda Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (140)

Sequenza temporale

Linguaggio

en108
zh24
jp4
it2
de2

Nazione

us82
cn30
sg22
jp4
mt2

Attori

SharpPanda11
Cobalt Strike5
XOR DDoS1
Meterpreter1
Pikabot1

Attività

Interesse

Sequenza temporale

Genere

Not Defined34
Firewall Software10
Programming Language Software6
Web Server6
Database Software6

Fornitore

Not Defined30
Oracle14
Palo Alto8
Citrix8
Cisco4

Prodotto

Palo Alto PAN-OS8
Oracle WebLogic Server4
Oracle MySQL Server4
PHP4
PHP Link Directory2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.07CVE-2007-6138
3PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
4vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.13CVE-2018-6200
5Cisco ASA Versione rivelazione di un 'informazione5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.002880.04CVE-2014-3398
6Apache HTTP Server mod_ssl ap_hook_process_connection denial of service7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.011660.00CVE-2017-3169
7PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
8Serendipity exit.php escalazione di privilegi6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.32
9WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
10Linux Foundation Xen EFLAGS Register SYSENTER escalazione di privilegi6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
11AXIS 2110 Network Camera editcgi.cgi directory traversal5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.014920.02CVE-2004-2426
12Synology DiskStation Manager SliceUpload imageSelector.cgi escalazione di privilegi6.56.2$0-$5k$0-$5kHighOfficial Fix0.972960.05CVE-2013-6955
13Hestia Control Panel Domain Name Privilege Escalation5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001390.00CVE-2021-27231
14Bitrix Site Manager redirect.php escalazione di privilegi5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
15PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.38CVE-2007-0529
16Moodle escalazione di privilegi6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000600.03CVE-2023-35133
17Extreme Networks ExtremeWireless Aerohive HiveOS/IQ Engine NetConfig UI Administrative Interface escalazione di privilegi8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.851390.02CVE-2020-16152
18Advance B2B Script tradeshow-list-detail.php sql injection8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002420.00CVE-2017-17602
19Asus NAS-M25 Cookie escalazione di privilegi9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.916470.04CVE-2022-4221
20Apache Log4j Socket Server escalazione di privilegi8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.819480.02CVE-2017-5645

Campagne (1)

These are the campaigns that can be associated with the actor:

  • G20 Nations

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
113.236.189.80ec2-13-236-189-80.ap-southeast-2.compute.amazonaws.comSharpPandaG20 Nations02/06/2023verifiedMedia
245.76.190.21045.76.190.210.vultrusercontent.comSharpPanda10/03/2023verifiedAlto
345.91.225.139SharpPanda10/02/2022verifiedAlto
4XX.XXX.XXX.XXxxxxxxx-xxxxxxxx.xxxxxxxx.xxxXxxxxxxxxx10/02/2022verifiedAlto
5XX.XXX.XXX.XXXxxxxxxxxx10/03/2023verifiedAlto
6XX.XXX.XXX.XXXxxxxxxxxx10/03/2023verifiedAlto
7XXX.XX.XXX.XXXxxxxxxxxx10/03/2023verifiedAlto
8XXX.XXX.XXX.XXXxxxxxxxxx10/03/2023verifiedAlto
9XXX.XXX.XXX.XXXXxxxxxxxxx10/03/2023verifiedAlto
10XXX.XXX.XXX.XXXxxxxxxxxx10/03/2023verifiedAlto
11XXX.XXX.XXX.XXXxxxxx.xxxxxxx.xxxXxxxxxxxxx10/02/2022verifiedAlto
12XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/03/2023verifiedAlto
13XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/03/2023verifiedAlto
14XXX.XX.XXX.XXXxxxxxxxxx10/03/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveAlto
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveAlto
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4TXXXXCAPEC-137CWE-XX, CWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-0CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
11TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
15TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/cgi-bin/system_mgr.cgipredictiveAlto
2File/data/config.ftp.phppredictiveAlto
3File/forum/away.phppredictiveAlto
4File/modules/profile/index.phppredictiveAlto
5File/out.phppredictiveMedia
6File/tmppredictiveBasso
7File/uncpath/predictiveMedia
8Filexxxxxxx.xxxpredictiveMedia
9Filexxxxxxxx.xxxpredictiveMedia
10Filexxxxx_xxxxx.xxxpredictiveAlto
11Filexxxx-xxxxxxx.xpredictiveAlto
12Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveAlto
13Filexxx-xxx/xxxxxx.xxxpredictiveAlto
14Filexxxxxxx.xxxpredictiveMedia
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
16Filexxxxxxx.xxxxx.xxxpredictiveAlto
17Filexxxxxxx.xxxpredictiveMedia
18Filexxxx.xxxpredictiveMedia
19Filexxx_xxxx.xpredictiveMedia
20Filexxxx.xxxpredictiveMedia
21Filexxxx_xxxxx.xpredictiveMedia
22Filexxx/xxxxxx.xxxpredictiveAlto
23Filexxxxx.xxxxpredictiveMedia
24Filexxxxx.xxxpredictiveMedia
25Filexxx-xxx.xxxx.xxpredictiveAlto
26Filexxxxx.xxxpredictiveMedia
27Filexxxxxxxx.xxxpredictiveMedia
28Filexxxxxxxxxx.xxxpredictiveAlto
29Filexxxxxxxxx-xxxx-xxxxxx.xxxpredictiveAlto
30Filexxx.xxxpredictiveBasso
31Filexxxxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
32Libraryxxxxxxxx.xxxpredictiveMedia
33Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveAlto
34Libraryxxxxxxxxxxx.xxxpredictiveAlto
35Argument--xxxxxx/--xxxxxxxxpredictiveAlto
36ArgumentxxxxxxpredictiveBasso
37Argumentxxxxxx/xxxx/xxxx/xxxxx/xxxxxx/x_xxxxxxx/x_xxxxxxxx/x_xxxxxxx/x_xxxxxpredictiveAlto
38Argumentxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxpredictiveAlto
39ArgumentxxxxxxxxxxxpredictiveMedia
40Argumentxxx_xxxxx_xxxxpredictiveAlto
41ArgumentxxxxxxxxpredictiveMedia
42ArgumentxxxxxxxpredictiveBasso
43ArgumentxxxxxxpredictiveBasso
44ArgumentxxxxpredictiveBasso
45ArgumentxxxxpredictiveBasso
46ArgumentxxxxxxxxpredictiveMedia
47ArgumentxxpredictiveBasso
48ArgumentxxpredictiveBasso
49ArgumentxxxxxxpredictiveBasso
50ArgumentxxxxxxxxpredictiveMedia
51ArgumentxxxxpredictiveBasso
52ArgumentxxxxxxxpredictiveBasso
53Argumentxxxx_xxpredictiveBasso
54ArgumentxxxpredictiveBasso
55ArgumentxxxpredictiveBasso
56ArgumentxxxxxxxxpredictiveMedia
57Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
58Input Value../predictiveBasso
59Input Valuex' xx x=x--predictiveMedia
60Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (4)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!