WindShift Analisi

IOB - Indicator of Behavior (83)

Sequenza temporale

Linguaggio

en76
pt4
zh2
pl2

Nazione

us54
ru4
pl2

Attori

Attività

Interesse

Sequenza temporale

Genere

Fornitore

Prodotto

Linux Kernel4
Microsoft IIS4
Backstage2
TBDev TBDev.NET2
Backdoor.Win32.FTP.Lana.01.d2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConCTIEPSSCVE
1Cisco SD-WAN CLI Privilege Escalation8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2022-20818
2Cisco IOS XE Self-Healing escalazione di privilegi7.37.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2022-20855
3Apple iOS ImageIO denial of service6.46.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.03533CVE-2016-1811
4Acme Mini HTTPd Terminal escalazione di privilegi5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00303CVE-2009-4490
5Cisco SD-WAN CLI Privilege Escalation8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2022-20775
6Apple iOS CommonCrypto rivelazione di un 'informazione5.45.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00181CVE-2016-1802
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
8Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.45352CVE-2023-21716
9Linux Kernel TPM Device buffer overflow7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2022-2977
10D-Link Go-RT-AC750 gena.php escalazione di privilegi7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00121CVE-2022-36523
11Multivendor Marketplace Solution for WooCommerce Order Status cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00053CVE-2022-2657
12taviso Lotus 1-2-3 Worksheet process_fmt buffer overflow7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00068CVE-2022-39843
13image-tiler escalazione di privilegi8.58.4$0-$5kCalcoloNot DefinedOfficial Fix0.000.00194CVE-2020-28451
14Apple macOS Kernel rivelazione di un 'informazione3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00062CVE-2022-32817
15Irfan Skiljan IrfanView ShowPlugInSaveOptions_W buffer overflow5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00057CVE-2020-23561
16Microsoft Windows Defender Credential Guard Privilege Escalation8.37.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00043CVE-2022-34711
17Microsoft Windows Kerberos Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00121CVE-2022-30165
18Microsoft Windows Kerberos AppContainer Privilege Escalation8.98.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00043CVE-2022-30164
19Microsoft Windows Network File System Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.050.88073CVE-2022-30136
20Vmware Workspace ONE Access autenticazione debole9.89.1$25k-$100k$0-$5kFunctionalOfficial Fix0.000.58483CVE-2022-22972

Campagne (1)

These are the campaigns that can be associated with the actor:

  • WindShift

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File.procmailrcpredictiveMedia
2File/cgi-bin/wapopenpredictiveAlto
3File/htdocs/upnpinc/gena.phppredictiveAlto
4File/it-IT/splunkd/__raw/services/get_snapshotpredictiveAlto
5File/xxxxxxx/xxxxx/xxxxx.xxxpredictiveAlto
6File/xxxxxxx/predictiveMedia
7Filexxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xpredictiveAlto
8Filexxxx/xxxxxxxxxxxx.xxxpredictiveAlto
9Filexxxxxxxx.xxxpredictiveMedia
10Filexxx.xxx?xxx=xxxxx_xxxxpredictiveAlto
11Filexxxxxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
12Filexxxxxxxx.xxxpredictiveMedia
13Filexx-xxxxxxxxxxx.xxxpredictiveAlto
14File~/xx-xxxxxxxx.xxxpredictiveAlto
15Argument$_xxxxxx['xxx_xxxx']predictiveAlto
16Argument--xxxx=xxxpredictiveMedia
17ArgumentxxxxxxxxpredictiveMedia
18ArgumentxxxpredictiveBasso
19ArgumentxxxxxxxxxxpredictiveMedia
20ArgumentxxxxxxxxpredictiveMedia
21ArgumentxxxxxpredictiveBasso
22Argumentxxxxxx_xxpredictiveMedia
23Argumentxxxx_xxxxpredictiveMedia
24ArgumentxxxpredictiveBasso
25ArgumentxxxpredictiveBasso
26Argumentxxxxxxxx/xxxxpredictiveAlto
27Input Value../..predictiveBasso

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!