URLZone Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Linguaggio

en	10
de	4
fr	2

Nazione

us	6
cn	2
ru	2
fr	2

Attori

URLZone	3
TrickBot	1

Interesse

Genere

Not Defined	4
Forum Software	2
Router Operating System	2
Database Software	2

Fornitore

Huawei	4
Not Defined	2
TP-LINK	2
Oracle	2

Prodotto

Huawei HarmonyOS	4
JForum	2
TP-LINK TL-WR740N	2
Oracle MySQL Server	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	JForum Login escalazione di privilegi	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00151	0.06	CVE-2012-5338
3	Huawei HarmonyOS rphone Module escalazione di privilegi	6.6	6.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00043	0.00	CVE-2022-41576
4	Huawei HarmonyOS HwAirlink Module rivelazione di un 'informazione	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00145	0.00	CVE-2022-38981
5	GNU wget HTTP Header rivelazione di un 'informazione	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00084	0.02	CVE-2021-31879
6	Server NFS Export escalazione di privilegi	9.8	9.6	$0-$5k	$0-$5k	High	Workaround	0.01500	0.03	CVE-1999-0554
7	Oracle MySQL Server vulnerabilità sconosciuta	5.4	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00507	0.00	CVE-2012-0113
8	DZCP deV!L`z Clanportal browser.php rivelazione di un 'informazione	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.96	CVE-2007-1167
9	TP-LINK TL-WR740N HTTP Server denial of service	6.5	6.2	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.02
10	ThinkPHP index.php sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00173	0.02	CVE-2018-10225

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Identified	Genere	Fiducia
1	35.188.197.118	118.197.188.35.bc.googleusercontent.com	URLZone	10/03/2022	verified	Media
2	XX.XX.XX.XXX		Xxxxxxx	10/03/2022	verified	Alto
3	XX.XX.XXX.XXX		Xxxxxxx	10/03/2022	verified	Alto
4	XX.XX.XX.XXX		Xxxxxxx	10/03/2022	verified	Alto
5	XXX.XXX.XX.XXX		Xxxxxxx	10/03/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1068	CAPEC-122	CWE-269	Execution with Unnecessary Privileges	predictive	Alto
2	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	data/gbconfiguration.dat	predictive	Alto
2	File	inc/filebrowser/browser.php	predictive	Alto
3	File	xxxxx.xxx	predictive	Media
4	Argument	xxxxxxxxxxxxx	predictive	Alto
5	Argument	xxxx	predictive	Basso
6	Argument	xxxxxxxxxx	predictive	Media

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you know our Splunk app?

Download it now for free!