Space Pirates Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (244)

Sequenza temporale

Linguaggio

en174
zh54
ja4
sv4
ru2

Nazione

cn138
us96
it2
zw2

Attori

Space Pirates10
Cobalt Strike5
TA5051
pupy1
PlugX1

Attività

Interesse

Sequenza temporale

Genere

Not Defined74
Content Management System20
Firewall Software12
Programming Language Software10
Router Operating System6

Fornitore

Not Defined90
Fortinet10
Wowza4
Google4
Apache4

Prodotto

WordPress10
Fortinet FortiOS10
PHP8
Wowza Streaming Engine4
Google Chrome4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.70CVE-2010-0966
3PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
4WordPress URL Validator Redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.005090.03CVE-2018-10101
5WordPress get_the_generator cross site scripting5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004510.00CVE-2018-10102
6PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
7Grafana Dashboard escalazione di privilegi6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.05CVE-2023-2801
8Google Chrome V8 Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.243800.02CVE-2020-16040
9WordPress Login Page Redirect6.26.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.007310.04CVE-2018-10100
10SquirrelMail compose.php Serialized escalazione di privilegi9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.004560.02CVE-2020-14932
11GNU Screen socket.c ReceiveMsg escalazione di privilegi4.94.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000620.02CVE-2023-24626
12SmarterTools SmarterStats Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.007770.03CVE-2011-2159
13Git Plugin Build escalazione di privilegi6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.09CVE-2022-36883
14MinDoc ZIP File escalazione di privilegi5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000840.00CVE-2022-29637
15MinDoc attach_#.jpg escalazione di privilegi7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2018-19114
16Wondershare Filmora NativePushService escalazione di privilegi6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000520.01CVE-2023-31747
17Apache RocketMQ Broker directory traversal6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000580.04CVE-2019-17572
18Nfec.de RechnungsZentrale authent.php4 sql injection5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.015130.03CVE-2006-1954
19Synacor Zimbra Collaboration Suite WebEx Zimlet escalazione di privilegi8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.706480.00CVE-2020-7796
20Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.03CVE-2009-4889

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
145.76.145.2245.76.145.22.vultrusercontent.comSpace Pirates28/07/2022verifiedAlto
245.77.16.9145.77.16.91.vultrusercontent.comSpace Pirates28/07/2022verifiedAlto
347.108.89.169Space Pirates28/07/2022verifiedAlto
4103.27.109.234Space Pirates28/07/2022verifiedAlto
5XXX.XXX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedAlto
6XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx28/07/2022verifiedAlto
7XXX.XX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedAlto
8XXX.XX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedAlto
9XXX.X.XXX.XXXxxxx Xxxxxxx28/07/2022verifiedAlto
10XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx28/07/2022verifiedAlto
11XXX.XX.XX.XXXXxxxx Xxxxxxx28/07/2022verifiedAlto
12XXX.XXX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedAlto
13XXX.XXX.XX.XXXXxxxx Xxxxxxx28/07/2022verifiedAlto
14XXX.XXX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedAlto
15XXX.XXX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedAlto
16XXX.XXX.XXX.XXXXxxxx Xxxxxxx19/02/2024verifiedAlto
17XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx28/07/2022verifiedAlto
18XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx28/07/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-0CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-0CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXXCAPEC-68CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (88)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/controller/Index.phppredictiveAlto
2File/GetCSSashx/?CP=%2fwebconfigpredictiveAlto
3File/includes/rrdtool.inc.phppredictiveAlto
4File/login.phppredictiveMedia
5File/robots.txtpredictiveMedia
6File/rompredictiveBasso
7File/srv/www/htdocspredictiveAlto
8Fileaa/../../uploads/blog/201811/attach_#.jpgpredictiveAlto
9Fileabook_database.phppredictiveAlto
10Fileadmin/killsourcepredictiveAlto
11Filexxx_xxxxxx.xxxpredictiveAlto
12Filexxxxxxxxxxx.xxxpredictiveAlto
13Filexxxxxxx.xxxxpredictiveMedia
14Filexxx/xxx.xpredictiveMedia
15Filexxxxx.xxxpredictiveMedia
16Filexxxxxxxx.xxxpredictiveMedia
17Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveAlto
18Filexxxxxxx.xxxpredictiveMedia
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
20Filexxxxxxxxx.xxxpredictiveAlto
21Filexxxxxxx/xxxxxxxx.xxxpredictiveAlto
22Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveAlto
23Filexxxx.xxxpredictiveMedia
24Filexxxxxxxxxxx.xxxpredictiveAlto
25Filexxx/xxxxxx.xxxpredictiveAlto
26Filexxxxxxx/xxx_xxxxx_xxxxxx.xxxpredictiveAlto
27Filexxxxx.xxxpredictiveMedia
28Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveAlto
29Filexxxx_xxxx.xxxpredictiveAlto
30Filexxxxxx.xpredictiveMedia
31Filexxxx_xxxxxx.xxxpredictiveAlto
32Filexxxxxxxxxxxx.xxxpredictiveAlto
33Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
34Filexxxxxxxxxx.xxxpredictiveAlto
35Filexxxxxxxx_xxxx.xxxpredictiveAlto
36Filexxxxxxx.xpredictiveMedia
37Filexxxxxx.xxxpredictiveMedia
38Filexxxx.xxxpredictiveMedia
39Filexxxxxx/xxxxxx.xxxxx.xxxpredictiveAlto
40Filexxxxxx.xpredictiveMedia
41Filexxx/xxxxxxxx.xpredictiveAlto
42Filexxxxxxx_xxxxx.xxxpredictiveAlto
43Filexxxxxxx.xxxpredictiveMedia
44Filexxx_xxxxxx.xxxpredictiveAlto
45Filexxxx.xxxpredictiveMedia
46Filexxxxxx.xxxpredictiveMedia
47Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxx_xxxxxxxx_xxxxxxx&xxx=xxxxxxxx_xxxxxpredictiveAlto
48Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
49Filexx-xxxxxxxx/xxxx.xxxpredictiveAlto
50Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
51Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveAlto
52Filexx-xxxxx.xxxpredictiveMedia
53Filexx-xxxxxxxx.xxxpredictiveAlto
54Filexxx/xxxx.xxxpredictiveMedia
55Filexx_xxxxx/xxxxxx/xxxxxxxxx/xxxxxx_xxxx.xxxpredictiveAlto
56Libraryxxxxxxxxxx/xxxxx_xxx.xpredictiveAlto
57Argumentxxx_xxpredictiveBasso
58ArgumentxxxxxxxxxxxpredictiveMedia
59ArgumentxxxxxxxxpredictiveMedia
60ArgumentxxxxxxxxpredictiveMedia
61ArgumentxxxxxxpredictiveBasso
62ArgumentxxxpredictiveBasso
63ArgumentxxxxxxxxxxpredictiveMedia
64ArgumentxxxpredictiveBasso
65Argumentxxxx_xxpredictiveBasso
66ArgumentxxxxxxpredictiveBasso
67ArgumentxxxxxxxxpredictiveMedia
68ArgumentxxpredictiveBasso
69ArgumentxxpredictiveBasso
70ArgumentxxxxpredictiveBasso
71ArgumentxxxxxxxxxxpredictiveMedia
72ArgumentxxxpredictiveBasso
73ArgumentxxxxxpredictiveBasso
74ArgumentxxxxxpredictiveBasso
75ArgumentxxxxxxxxpredictiveMedia
76Argumentxxxxxxx xxxxxpredictiveAlto
77Argumentxxx_xxpredictiveBasso
78Argumentxxx_xxxxxpredictiveMedia
79ArgumentxxxpredictiveBasso
80ArgumentxxxpredictiveBasso
81ArgumentxxxxpredictiveBasso
82Argumentxxxx_xxxxxpredictiveMedia
83Argument\xxx\predictiveBasso
84Argument_xxxxxpredictiveBasso
85Argument_xxxxxx_xxxxxxx_xxxxpredictiveAlto
86Input Value..predictiveBasso
87Input Value/xxxx.xxxpredictiveMedia
88Network Portxxx/xxxxxpredictiveMedia

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you know our Splunk app?

Download it now for free!