Subaat Analisi

IOB - Indicator of Behavior (22)

Sequenza temporale

Linguaggio

en22

Nazione

pk10
us8

Attori

Attività

Interesse

Sequenza temporale

Genere

Fornitore

Prodotto

Microsoft IIS6
DZCP deV!L`z Clanportal2
ROCBOSS2
Microsoft Systems Management Server2
MailCleaner Community Edition2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.330.00943CVE-2010-0966
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
3SAP BusinessObjects BI Platform Central Management Console/BI LaunchPad escalazione di privilegi9.39.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00093CVE-2022-41203
4Microsoft Systems Management Server Configuration Manager Reflected cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.020.95942CVE-2012-2536
5Microsoft Azure IoT Edge/Hub Device Client SDK for Azure IoT MQTT Object buffer overflow6.96.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.04729CVE-2018-8531
6PHP GD Extension imagewebp escalazione di privilegi5.34.8$5k-$25kCalcoloProof-of-ConceptOfficial Fix0.020.00535CVE-2014-5120
7Microsoft Windows Phone SMS Service crittografia debole5.34.9$5k-$25k$5k-$25kUnprovenUnavailable0.000.05409CVE-2012-2993
8Apache HTTP Server ap_some_auth_required escalazione di privilegi3.73.2$25k-$100k$0-$5kUnprovenOfficial Fix0.020.00522CVE-2015-3185
9MailCleaner Community Edition Logs.php escalazione di privilegi7.57.5$0-$5k$0-$5kHighNot Defined0.000.36154CVE-2018-20323
10ROCBOSS POST Request PostController.php doReward sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00212CVE-2019-11362
11portable SDK for UPnP unique_service_name buffer overflow10.09.5$0-$5k$0-$5kHighOfficial Fix0.030.97445CVE-2012-5958
12Microsoft IIS IP/Domain Restriction escalazione di privilegi6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.090.00817CVE-2014-4078
13Microsoft IIS File Name Tilde escalazione di privilegi6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.96712CVE-2005-4360
14FiberHome VDSL2 Modem HG 150-UB autenticazione debole8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00369CVE-2018-9249
15Foxit Reader Javascript Engine buffer overflow8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.15239CVE-2018-3850
16Foxit Reader Javascript Engine buffer overflow8.07.9$0-$5kCalcoloNot DefinedOfficial Fix0.000.00443CVE-2017-14458
17Foxit PDF Reader Javascript Engine Remote Code Execution8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00731CVE-2018-3842

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
15.189.157.215vmi407723.contaboserver.netSubaat29/08/2021verifiedAlto
2XX.XX.XXX.XXXxxxxx.xxx-xx.xxxXxxxxx29/08/2021verifiedAlto
3XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxXxxxxx29/08/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1059CWE-94Argument InjectionpredictiveAlto
2T1059.007CWE-79Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/uncpath/predictiveMedia
2Fileapp/controllers/frontend/PostController.phppredictiveAlto
3Filexxx/xxxxxx.xxxpredictiveAlto
4Filexxx/xxxx/xxxxxxxxxxx/xxxxxx/xxxx.xxxpredictiveAlto
5ArgumentxxxxxxxxpredictiveMedia
6ArgumentxxxxxpredictiveBasso
7Input Value%xxpredictiveBasso
8Input Value::$xxxxx_xxxxxxxxxxpredictiveAlto
9Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!