Socks Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Sequenza temporale

Linguaggio

de20
en2

Nazione

us20

Attori

TrickBot1

Attività

Interesse

Sequenza temporale

Genere

Not Defined14
Software Library2
Groupware Software2
Content Management System2
Operating System2

Fornitore

Intel4
Riverbed4
McAfee4
Not Defined4
Horde2

Prodotto

Riverbed RIOS4
Intel McAfee Email Gateway2
McAfee Vulnerability Manager2
Go SSH Library2
Horde Groupware Webmail Edition2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1HashiCorp Vault/Vault Enterprise escalazione di privilegi7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001610.02CVE-2022-36129
2Blue Prism Enterprise escalazione di privilegi4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000820.00CVE-2022-36117
3Devolutions SERVER Password List Entry escalazione di privilegi5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001680.00CVE-2021-23921
4D-Link DIR-816 A2 dir_setWanWifi escalazione di privilegi6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.005590.00CVE-2021-26810
5Django django.views.static.serve Redirect6.26.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2017-7234
6Xen Memory escalazione di privilegi6.96.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001010.02CVE-2017-7228
7Riverbed RIOS Bootloader escalazione di privilegi4.44.4$0-$5k$0-$5kNot DefinedUnavailable0.000620.00CVE-2017-7305
8Riverbed RIOS Single-User Mode cli escalazione di privilegi6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000770.00CVE-2017-7307
9OpenDaylight Plugin SDN Topology escalazione di privilegi7.07.0$0-$5kCalcoloNot DefinedNot Defined0.003380.00CVE-2015-1612
10OpenDaylight Plugin SDN Topology escalazione di privilegi7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.002880.02CVE-2015-1611
11Horde Groupware Webmail Edition Horde_Crypt escalazione di privilegi7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.947730.03CVE-2017-7413
12Go SSH Library Host Key Remote Code Execution7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002370.03CVE-2017-3204
13Linux Kernel Filesystem policy.c fscrypt_process_policy escalazione di privilegi5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2016-10318
14Intel Advanced Threat Defense Malware Detection escalazione di privilegi6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000610.00CVE-2015-8986
15McAfee Advanced Threat Defense Malware Detection autenticazione debole7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001170.00CVE-2016-3983
16McAfee Vulnerability Manager Enterprise Manager cross site request forgery8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2016-2199
17Intel McAfee Vulnerability Manager Enterprise Manager Password crittografia debole7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000700.00CVE-2015-8989
18Intel McAfee Email Gateway File Extension Filter escalazione di privilegi6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2016-8005
19Intel McAfee Host Intrusion Prevention Services Registry Key escalazione di privilegi5.75.4$5k-$25kCalcoloNot DefinedOfficial Fix0.000440.00CVE-2016-8007
20Intel Advanced Threat Defense ATD Detection escalazione di privilegi7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000960.00CVE-2015-8990

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
123.20.239.12ec2-23-20-239-12.compute-1.amazonaws.comSocks05/05/2022verifiedMedia
2XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx05/05/2022verifiedAlto
3XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxx29/04/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
2T1202CWE-77Command Shell in Externally Accessible DirectorypredictiveAlto
3TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/goform/dir_setWanWifipredictiveAlto
2File/xxx/xxx/xxx/xxxpredictiveAlto
3Filexx/xxxxxx/xxxxxx.xpredictiveAlto
4ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveAlto

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!