Vollgar Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (56)

Sequenza temporale

Linguaggio

en50
zh6

Nazione

us46
cn10

Attori

Vollgar5
Cobalt Strike2
PlugX1
Mirai1
LoJax1

Attività

Interesse

Sequenza temporale

Genere

Not Defined28
SCADA Software6
Smartwatch Operating System4
Chip Software2
WordPress Plugin2

Fornitore

Not Defined10
Trend Micro6
Measuresoft6
Apple4
Apache4

Prodotto

Trend Micro Apex One6
Measuresoft ScadaPro Server6
Apple watchOS4
Mazda Vehicle2
Apache SOAP2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1All in One SEO Best WordPress SEO Plugin Import/Export escalazione di privilegi5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000920.04CVE-2021-24307
2Odoo Database Anonymization Privilege Escalation5.65.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002140.05CVE-2017-10803
3Libbitcoin Explorer Milk Sad crittografia debole5.35.3$0-$5k$0-$5kHighNot Defined0.001160.04CVE-2023-39910
4tagDiv Composer Plugin Facebook Login autenticazione debole7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003730.01CVE-2022-3477
5Trend Micro Apex One rivelazione di un 'informazione7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44649
6Sophos Mobile Managed On-Premises XML escalazione di privilegi8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.412830.00CVE-2022-3980
7iPXE TLS tls.c tls_new_ciphertext rivelazione di un 'informazione3.23.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.04CVE-2022-4087
8Dolibarr sql injection7.87.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001370.03CVE-2022-4093
9nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.82CVE-2020-12440
10Insyde Kernel UEFI Variable buffer overflow7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2022-35897
11Trend Micro Apex One Change Prevention Service buffer overflow7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44650
12Atlassian Bitbucket Server and Data Center Environment Variable escalazione di privilegi7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.610940.02CVE-2022-43781
13Trend Micro Apex One Security Agent race condition7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44651
14LG SmartShare escalazione di privilegi7.07.0$5k-$25k$5k-$25kNot DefinedNot Defined0.000540.07CVE-2022-45422
15WP-Polls Plugin HTTP Header escalazione di privilegi6.36.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000600.04CVE-2022-1581
16Apple watchOS ImageIO rivelazione di un 'informazione5.45.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007540.03CVE-2016-3619
17D-Link G integrated Access Device4 Web Interface login.asp escalazione di privilegi5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001240.02CVE-2022-36785
18Trend Micro Apex One escalazione di privilegi8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-44652
19Trend Micro Apex One Security Agent directory traversal8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.00CVE-2022-44653
20Apple tvOS ImageIO rivelazione di un 'informazione5.45.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007540.00CVE-2016-3619

IOC - Indicator of Compromise (21)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
11.23.82.72Vollgar02/04/2020verifiedAlto
22.2.82.64Vollgar02/04/2020verifiedAlto
32.12.51.56arennes-655-1-148-56.w2-12.abo.wanadoo.frVollgar02/04/2020verifiedAlto
43.95.29.25ec2-3-95-29-25.compute-1.amazonaws.comVollgar02/04/2020verifiedMedia
54.96.46.65Vollgar02/04/2020verifiedAlto
6XX.X.XX.XXxxxxxx02/04/2020verifiedAlto
7XX.XX.XX.XXXxxxxxx02/04/2020verifiedAlto
8XX.XXX.XXX.XXXXxxxxxx13/02/2022verifiedAlto
9XX.XXX.XXX.XXXXxxxxxx13/02/2022verifiedAlto
10XX.XX.XX.XXxxxxxx02/04/2020verifiedAlto
11XXX.XX.XXX.XXXxxxxxx13/02/2022verifiedAlto
12XXX.XXX.XX.Xxxxxxx.xxxxxxxx.xxxXxxxxxx13/02/2022verifiedAlto
13XXX.XXX.XX.XXXxxxxxx13/02/2022verifiedAlto
14XXX.XXX.XX.XXXXxxxxxx13/02/2022verifiedAlto
15XXX.XXX.XX.XXXXxxxxxx13/02/2022verifiedAlto
16XXX.XX.XXX.XXxxxxxx13/02/2022verifiedAlto
17XXX.XXX.X.XXXXxxxxxx13/02/2022verifiedAlto
18XXX.XXX.XX.XXXXxxxxxx13/02/2022verifiedAlto
19XXX.XX.XX.XXXXxxxxxx13/02/2022verifiedAlto
20XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx13/02/2022verifiedAlto
21XXX.XXX.XXX.XXXXxxxxxx02/04/2020verifiedAlto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1CAPEC-10CWE-19, CWE-20, CWE-59, CWE-119, CWE-121, CWE-125, CWE-189, CWE-190, CWE-266, CWE-285, CWE-287, CWE-362, CWE-367, CWE-400, CWE-404, CWE-416, CWE-444, CWE-502, CWE-639, CWE-755, CWE-918, CWE-1018Unknown VulnerabilitypredictiveAlto
2T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveAlto
3T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-0CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
10TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
11TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
13TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/rest/api/2/user/pickerpredictiveAlto
2File/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.phppredictiveAlto
3Fileafr.phppredictiveBasso
4Filedata/gbconfiguration.datpredictiveAlto
5Filexxxx.xxxpredictiveMedia
6Filexxx/xxxxxx.xxxpredictiveAlto
7Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveAlto
8Filexxx/xxx.xpredictiveMedia
9Filexxxxx.xxxpredictiveMedia
10Filexxx.xxxpredictiveBasso
11Filexxx/xxx/xxx.xpredictiveAlto
12Filexxxxxx.xxxpredictiveMedia
13Libraryxxx/xx.xxxpredictiveMedia
14Libraryxxxxxxx/xxxxxxx/xxxxxx/xxx/xxxxx.xxxxxxx.xxxpredictiveAlto
15ArgumentxxxxxxxxpredictiveMedia
16ArgumentxxxxxpredictiveBasso
17ArgumentxxxxxpredictiveBasso
18ArgumentxxpredictiveBasso
19Argumentxxx_xxxpredictiveBasso
20ArgumentxxxxpredictiveBasso
21Argumentxxxxxx_xxxxpredictiveMedia
22ArgumentxxxxpredictiveBasso
23ArgumentxxxpredictiveBasso
24ArgumentxxxpredictiveBasso
25ArgumentxxxxxxxxpredictiveMedia

Referenze (4)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!