Sofacy Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (159)

Sequenza temporale

Linguaggio

en146
de8
ru2
zh2
es2

Nazione

us56
ch38
ru6
cn4
nl4

Attori

Sofacy8
APT283
Vidar2
Sliver2
Raccoon2

Attività

Interesse

Sequenza temporale

Genere

Not Defined52
Content Management System8
Operating System8
Smartphone Operating System8
Remote Access Software6

Fornitore

Not Defined50
SourceCodester8
Microsoft8
IBM6
Apache4

Prodotto

SourceCodester Simple and Nice Shopping Cart Scrip ...4
Apache Tomcat4
Linux Kernel4
Drupal4
Webmin4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Backdoor.Win32.Tiny.c Service Port 7778 escalazione di privilegi7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
2Linux Kernel NILFS File System inode.c security_inode_alloc buffer overflow8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2022-2978
3SourceCodester Simple and Nice Shopping Cart Script profile.php escalazione di privilegi6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000980.04CVE-2022-2909
4Crow HTTP Pipelining buffer overflow8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007770.04CVE-2022-38667
5mySCADA myPRO escalazione di privilegi9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.03CVE-2022-2234
6GNU Bash Environment Variable variables.c Shellshock escalazione di privilegi9.89.6$25k-$100k$0-$5kHighOfficial Fix0.975640.22CVE-2014-6271
7WordPress Editor rivelazione di un 'informazione4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004630.04CVE-2021-29450
8AnyMacro AnyMacro Mail System directory traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001790.02CVE-2011-2468
9phpMyAdmin Configuration File setup.php escalazione di privilegi7.37.0$5k-$25k$0-$5kHighOfficial Fix0.805860.06CVE-2009-1151
10WordPress class-wp-customize-widgets.php escalazione di privilegi7.36.4$5k-$25k$0-$5kUnprovenOfficial Fix0.071580.03CVE-2014-5203
11Zeus Zeus Web Server buffer overflow10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.158870.02CVE-2010-0359
12OpenSSL c_rehash escalazione di privilegi5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.00CVE-2022-1292
13Tenda AX1803 getIptvInfo buffer overflow7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000870.02CVE-2023-51969
14ownCloud graphapi GetPhpInfo.php rivelazione di un 'informazione7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.869820.04CVE-2023-49103
15Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.07CVE-2022-27228
16Git Plugin Build escalazione di privilegi6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.09CVE-2022-36883
17Cisco RV340/RV340W/RV345/RV345P escalazione di privilegi7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.375090.04CVE-2023-20073
18Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.453520.00CVE-2023-21716
19ampache sql injection5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2023-0771
20x-text Language Tag rivelazione di un 'informazione5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000920.00CVE-2021-38561

Campagne (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
11.6.3.8Sofacy22/12/2020verifiedAlto
223.0.0.185a23-0-0-185.deploy.static.akamaitechnologies.comSofacy23/12/2020verifiedAlto
340.112.210.240Sofacy23/12/2020verifiedAlto
4XX.XXX.XXX.XXXxxxxx.xxxxxxxxxxx.xxxXxxxxxXxxxxxx29/08/2021verifiedAlto
5XX.XX.XX.XXXxxxxx23/12/2020verifiedAlto
6XX.XX.XX.XXXXxxxxx23/12/2020verifiedAlto
7XX.XXX.XX.XXXxxxxxxxxxxxxxxxx.xxxXxxxxxXxxxxxx29/08/2021verifiedAlto
8XX.XXX.XXX.XXXXxxxxxXxxxxxx29/08/2021verifiedAlto
9XX.XXX.XX.XXxxxxxx-xx.xxxxxxxx.xxXxxxxxXxxxxxxxxxxxx23/12/2020verifiedAlto
10XXX.XX.XX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxxx22/12/2020verifiedAlto
11XXX.XX.XX.XXXxxxx-xxxxx.xxxxxxx.xxxxXxxxxx22/12/2020verifiedAlto
12XXX.XXX.XX.XXXxxxxxxx.xxxx-xxxxxx.xxxXxxxxx22/12/2020verifiedAlto
13XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxXxxxxx22/12/2020verifiedAlto
14XXX.XXX.XXX.XXXXxxxxx22/12/2020verifiedAlto

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveAlto
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
14TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
17TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
18TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (80)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File.procmailrcpredictiveMedia
2File/dashboard/updatelogo.phppredictiveAlto
3File/etc/openshift/server_priv.pempredictiveAlto
4File/files.md5predictiveMedia
5File/index.phppredictiveMedia
6File/info/headerspredictiveAlto
7File/mkshop/Men/profile.phppredictiveAlto
8File/Noxen-master/users.phppredictiveAlto
9File/uncpath/predictiveMedia
10Filexxxxxxx/xxxxxxxx.xxxpredictiveAlto
11Filexxxxxxx/xxxx.xxxpredictiveAlto
12Filexxxxxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
13Filexxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveAlto
14Filexx/xxxxxx_xxx.xxxpredictiveAlto
15Filexxxx/xxxxxxxxxxxx.xxxpredictiveAlto
16Filexxx.xxx?xxx=xxxxx_xxxxpredictiveAlto
17Filexxxxxxxx/xxxxpredictiveAlto
18Filex_xxxxxxpredictiveMedia
19Filexx.xpredictiveBasso
20Filexxxxx.xxxpredictiveMedia
21Filexxxxxxxxxx.xxxpredictiveAlto
22Filexxxxxx.xpredictiveMedia
23Filexxxxxxxx.xxxpredictiveMedia
24Filexxxxxxxxxx.xxxpredictiveAlto
25Filexxxx_xxxx.xpredictiveMedia
26Filexxxxx.xxxpredictiveMedia
27Filexxxxxx.xxxpredictiveMedia
28Filexxxxx.xpredictiveBasso
29Filexxxxxxxxxx.xxxpredictiveAlto
30Filexxxxx_xxxxxxx.xxxpredictiveAlto
31Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveAlto
32Filexxxx.xxxpredictiveMedia
33Filexxxxx.xxxpredictiveMedia
34Filexxxxx/xxxxx-xxxx-xxxxxxxx.xxxpredictiveAlto
35Filexxxx.xxx.xxxxxxxxxxpredictiveAlto
36Filexxxxxxxxx/xxxxx/xxxxxx.xxxxpredictiveAlto
37Filexxxxxx/xxxx.xxxpredictiveAlto
38Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
39Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveAlto
40Filexxxxxxxxx.xpredictiveMedia
41Filexxxxxxx.xxxpredictiveMedia
42Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxpredictiveAlto
43Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
44Filexxxxxx.xxxpredictiveMedia
45Filexx_xxxxxxx.xpredictiveMedia
46Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveAlto
47Libraryxxxxx.xxxpredictiveMedia
48ArgumentxxxxpredictiveBasso
49ArgumentxxxxxxxxxpredictiveMedia
50Argumentxxxx/xxxxpredictiveMedia
51Argumentxxxxxx_xxxx_xxxxxxxxpredictiveAlto
52ArgumentxxxxpredictiveBasso
53Argumentxxx_xxxx/xxx_xxxxxxxpredictiveAlto
54ArgumentxxxxxxpredictiveBasso
55ArgumentxxxxxxxxxxxpredictiveMedia
56Argumentxxxx_xxpredictiveBasso
57ArgumentxxxxpredictiveBasso
58Argumentxxx_xxpredictiveBasso
59ArgumentxxxxxxxxpredictiveMedia
60Argumentxxxxxxx[xxxxx]/xxxxxxx[xxxxxxxxxxx]predictiveAlto
61Argumentxxxx_xxxxpredictiveMedia
62ArgumentxxxxxxpredictiveBasso
63ArgumentxxxxxxxxxxxxpredictiveMedia
64ArgumentxxxxxxpredictiveBasso
65Argumentxxxxxx_xxpredictiveMedia
66ArgumentxxxxxpredictiveBasso
67ArgumentxxxxpredictiveBasso
68Argumentxxxxxx_xxpredictiveMedia
69ArgumentxxxpredictiveBasso
70ArgumentxxxxxxxxpredictiveMedia
71ArgumentxxxxxxxpredictiveBasso
72ArgumentxxxxpredictiveBasso
73Argumentxxxxx/xxxxxpredictiveMedia
74Argument_xxxxpredictiveBasso
75Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveAlto
76Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveAlto
77Input Valuexxx=/&xxxpredictiveMedia
78Pattern() {predictiveBasso
79Network Portxxx/xxxx (xxx)predictiveAlto
80Network Portxxx/xxxxpredictiveMedia

Referenze (6)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you know our Splunk app?

Download it now for free!