SYK Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (83)

Sequenza temporale

Linguaggio

en68
zh10
de4
it2

Nazione

cn18
it12
us10
de6
es6

Attori

Remcos2
Ave Maria2
Nanocore RAT2
BitRAT2
AsyncRAT2

Attività

Interesse

Sequenza temporale

Genere

Not Defined34
Log Management Software6
Router Operating System4
Automation Software4
Database Software4

Fornitore

Not Defined24
Cisco6
Microsoft6
Apache4
HPE4

Prodotto

MongoDB4
cPanel4
HPE Intelligent Management Center4
Tongda OA2
B&R SiteManager2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Apache HTTP Server mod_proxy escalazione di privilegi7.37.3$5k-$25k$25k-$100kHighNot Defined0.974460.04CVE-2021-40438
2Microsoft Excel buffer overflow7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.014920.07CVE-2020-0650
3VMware Spring Boot HTTP Request denial of service5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.06CVE-2023-34055
4bouncycastle Self-Signed Certificate X509LDAPCertStoreSpi.java escalazione di privilegi3.93.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000510.04CVE-2023-33201
5Nagios XI POST Request banner_message-ajaxhelper.php sql injection6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2023-40931
6Taokeyun HTTP POST Request Drs.php index sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2024-0480
7Apache ShardingSphere ElasticJob-UI rivelazione di un 'informazione3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.190700.00CVE-2022-22733
8phpMyAdmin SQL File cross site scripting4.44.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000530.03CVE-2023-25727
9ZoneMinder HostController.php daemonControl escalazione di privilegi7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001190.05CVE-2023-26039
10Zoho ManageEngine Recovery Manager Plus Proxy Setting Privilege Escalation5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.005070.00CVE-2023-48646
11jeecgboot JimuReport image directory traversal7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000620.04CVE-2023-6307
12WP Shortcodes Plugin escalazione di privilegi4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000500.04CVE-2023-6226
13QDocs Smart School HTTP POST Request sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.17CVE-2023-5495
14MongoDB escalazione di privilegi6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.00CVE-2019-2386
15MongoDB Message Decompressor denial of service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.02CVE-2019-20925
16MongoDB SysV Init Script Kill escalazione di privilegi4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2019-2389
17Job Configuration History Plugin directory traversal3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-41930
18TEL-STER TelWin SCADA WebInterface rivelazione di un 'informazione6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2023-0956
19Tongda OA delete_seal.php sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000660.04CVE-2023-4165
20Autodesk AutoCAD STP File Parser denial of service4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-41139

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
1185.19.85.163SYK30/07/2022verifiedAlto
2XXX.XXX.XX.XXXXxx30/07/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
9TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (37)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/admin/syslogpredictiveAlto
2File/course/filterRecords/predictiveAlto
3File/download/imagepredictiveAlto
4File/nagiosxi/admin/banner_message-ajaxhelper.phppredictiveAlto
5File/see_more_details.phppredictiveAlto
6File/xxx/xxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveAlto
7Filexxxxx/xxxxx_xxxxx.xxxpredictiveAlto
8Filexxxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
9Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxx.xxxpredictiveAlto
10Filexxxxx.xxxpredictiveMedia
11Filexxx.xxxpredictiveBasso
12Filexxxxxx/xxx.xpredictiveMedia
13Filexxxxxxx.xxxpredictiveMedia
14Filexxxxxxx/xxxxxx/xxxx_xxxxxx/xxxxxxxxxx/xxxxxx_xxxx.xxxpredictiveAlto
15Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveAlto
16Filexxxx_xxxxxxx.xxxpredictiveAlto
17Filexxxxx_xxx.xxxpredictiveAlto
18Filexxxxxxxx.xxxpredictiveMedia
19Filexxxx.xxxpredictiveMedia
20Filexxxx-xxxxxx.xpredictiveAlto
21Filexxxxx.xxxpredictiveMedia
22Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
23Libraryxxxxxx.xxxpredictiveMedia
24ArgumentxxxxxxpredictiveBasso
25ArgumentxxxpredictiveBasso
26ArgumentxxxpredictiveBasso
27Argumentxxxxxx_xxxpredictiveMedia
28ArgumentxxxxxpredictiveBasso
29ArgumentxxpredictiveBasso
30ArgumentxxpredictiveBasso
31ArgumentxxxxxxxxpredictiveMedia
32ArgumentxxxxpredictiveBasso
33Argumentxxxxxxxxxx[x][xxxxx]/xxxxxxxxxx[x][xxxxxxxxxxx]/xxxxxxxxxx[x][xxxxxxxxxxx]predictiveAlto
34ArgumentxxxxxxxxpredictiveMedia
35ArgumentxxxpredictiveBasso
36ArgumentxxxxpredictiveBasso
37Pattern|xx xx xx|predictiveMedia

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!