Winter Vivern Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (148)

Linguaggio

en	104
ru	12
pt	6
es	6
pl	4

Nazione

us	46
il	12
ru	12
pt	6
pl	4

Attori

Winter Vivern	7
Mirai	5
RedLine Stealer	5
Cobalt Strike	4
Rhadamanthys	3

Interesse

Genere

Not Defined	58
Operating System	16
WordPress Plugin	10
Smartphone Operating System	6
Content Management System	6

Fornitore

Not Defined	46
Microsoft	18
SourceCodester	6
Google	4
Samsung	4

Prodotto

Microsoft Windows	14
Samsung Smart Phone	4
Looknet FineShop	4
WordPress	4
House Rental System	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	Vmware Workspace ONE Access/Identity Manager Template escalazione di privilegi	9.8	8.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97436	0.04	CVE-2022-22954
2	nginx escalazione di privilegi	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.31	CVE-2020-12440
3	binutils Table elf.c _bfd_elf_slurp_version_tables buffer overflow	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00048	0.00	CVE-2023-1972
4	Looknet FineShop index.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00587	0.00	CVE-2006-3235
5	woocommerce-gutenberg-products-block sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09768	0.00	CVE-2021-32789
6	Microsoft Windows escalazione di privilegi	5.7	5.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00083	0.02	CVE-2019-1074
7	BTCPay Server Payment Button Privilege Escalation	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00166	0.02	CVE-2021-29249
8	BTCPay Server POS Add Products cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.02	CVE-2021-29250
9	MikroTik RouterOS SMB buffer overflow	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.88065	0.02	CVE-2018-7445
10	cPanel cpsrvd cross site scripting	5.0	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00330	0.03	CVE-2023-29489
11	Next.js _error.js Redirect	5.0	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.00	CVE-2021-37699
12	OpenBSD OpenSSH PKCS 11 escalazione di privilegi	7.4	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02999	0.07	CVE-2023-38408
13	Aquifer CMS index.asp cross site scripting	4.3	4.1	$0-$5k	Calcolo	Proof-of-Concept	Not Defined	0.00414	0.00	CVE-2006-0122
14	Netsweeper index.php autenticazione debole	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.07788	0.00	CVE-2014-9611
15	Basti2web Book Panel books.php sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00064	0.03	CVE-2009-4889
16	SourceCodester Online Clothing Store offer.php cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00220	0.00	CVE-2020-28139
17	Apache HTTP Server mod_proxy escalazione di privilegi	7.4	7.3	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00739	0.04	CVE-2023-25690
18	Citrix NetScaler ADC/NetScaler Gateway escalazione di privilegi	9.8	9.6	$25k-$100k	$5k-$25k	High	Official Fix	0.91186	0.00	CVE-2023-3519
19	FluentForm Plugin sql injection	4.7	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00076	0.02	CVE-2023-24410
20	wkhtmltopdf HTML File directory traversal	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00480	0.04	CVE-2020-21365

Campagne (1)

These are the campaigns that can be associated with the actor:

CVE-2023-5631

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Campagne	Identified	Genere	Fiducia
1	37.252.5.133		Winter Vivern		22/03/2022	verified	Alto
2	37.252.9.123	gw.r-service.info	Winter Vivern		22/03/2022	verified	Alto
3	38.180.76.31		Winter Vivern	CVE-2023-5631	29/10/2023	verified	Alto
4	XX.XXX.XXX.XXX		Xxxxxx Xxxxxx		20/03/2024	verified	Alto
5	XX.XX.XXX.XXX		Xxxxxx Xxxxxx		20/03/2024	verified	Alto
6	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxx.xx	Xxxxxx Xxxxxx		05/04/2023	verified	Alto
7	XXX.XX.XX.XX		Xxxxxx Xxxxxx		05/04/2023	verified	Alto
8	XXX.XX.XXX.XXX	xxxxxxxx.xxxxxxxxxxx.xxx	Xxxxxx Xxxxxx		05/04/2023	verified	Alto
9	XXX.XX.XXX.XXX	xxxxxxxx.xxxxxxxxxxx.xxx	Xxxxxx Xxxxxx		05/04/2023	verified	Alto
10	XXX.XXX.XXX.XX		Xxxxxx Xxxxxx		22/03/2022	verified	Alto
11	XXX.XX.XXX.XX		Xxxxxx Xxxxxx		05/04/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1		CAPEC-10	CWE-19, CWE-20, CWE-73, CWE-119, CWE-120, CWE-121, CWE-122, CWE-189, CWE-190, CWE-266, CWE-275, CWE-285, CWE-287, CWE-306, CWE-352, CWE-362, CWE-367, CWE-369, CWE-377, CWE-399, CWE-400, CWE-401, CWE-404, CWE-416, CWE-444, CWE-502, CWE-693, CWE-706, CWE-732, CWE-787, CWE-789, CWE-822, CWE-824, CWE-843, CWE-862, CWE-863, CWE-908, CWE-918	Unknown Vulnerability	predictive	Alto
2	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Alto
3	T1040	CAPEC-102	CWE-310, CWE-319	Authentication Bypass by Capture-replay	predictive	Alto
4	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Alto
5	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
10	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
11	TXXXX	CAPEC-184	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	Alto
12	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Alto
13	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
14	TXXXX.XXX	CAPEC-38	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Alto
15	TXXXX	CAPEC-464	CWE-XXX	Xxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx Xxxxx	predictive	Alto
16	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
17	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/admin/scripts/pi-hole/phpqueryads.php	predictive	Alto
2	File	/etc/gsissh/sshd_config	predictive	Alto
3	File	/goform/WifiBasicSet	predictive	Alto
4	File	/login/index.php	predictive	Alto
5	File	/out.php	predictive	Media
6	File	/spip.php	predictive	Media
7	File	/web/IndexController.java	predictive	Alto
8	File	/youthappam/editcategory.php	predictive	Alto
9	File	admin.php3	predictive	Media
10	File	xxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxx	predictive	Alto
11	File	xxxxx/xxx/xxxxxxxxxxxx	predictive	Alto
12	File	xxx/xxxxxxx.x	predictive	Alto
13	File	xxxxxxxxxxxx.xxx	predictive	Alto
14	File	xxx/xxx.x	predictive	Media
15	File	xxxxxx.x	predictive	Media
16	File	xxxxx.xxx	predictive	Media
17	File	xxxxxxx/xxxxx.xxx?x=xxxx_xxxxx	predictive	Alto
18	File	xxxxxx.xxx	predictive	Media
19	File	xxxxxxxx.x	predictive	Media
20	File	xxxxxxxx/xxxx_xxxxxxxx.xxx	predictive	Alto
21	File	xxxxxxxxxxxxxx.xxx	predictive	Alto
22	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxx	predictive	Alto
23	File	xxxxx.xxx	predictive	Media
24	File	xxxxx.xxx?xxxxxx=xxxxxxxxx_xxxxxxxxx/xxxxx	predictive	Alto
25	File	xxxxxxxxx.x	predictive	Media
26	File	xxxxxxxx.xxx	predictive	Media
27	File	xxx/xxxxxxxxx/xxxxx_xxxx.x	predictive	Alto
28	File	xxxx/xxxxx/xxxxxxx/xxxxxxxx.xx	predictive	Alto
29	File	xxxxxxx/xxxxx.xxxx.xxx	predictive	Alto
30	File	xxxxx.xxx	predictive	Media
31	File	xxxxx/_xxxxx.xx	predictive	Alto
32	File	xxxxxx/xxxxx.xxx	predictive	Alto
33	File	xxxxxxxx/xxxxxxx/xxxxxxx.xxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Alto
34	File	x/xxxxx.xxx	predictive	Media
35	File	xxxxxx-xxxxxx.xxx	predictive	Alto
36	File	xxxx-xxxxxxxx.xxx	predictive	Alto
37	File	xxxxxx.xxx	predictive	Media
38	File	xxxx/xxxxxx.xxxx	predictive	Alto
39	File	xxxxx/xxxxx.xxx?xxxxxx=xxxxx	predictive	Alto
40	File	xx/xxxxx/xxxxxxxx/xxxxxxxxxx-xxxx?xxxxxxxxx_xxxxxxxxx_xxxxxx[][xxxxxxxx]	predictive	Alto
41	File	xxxxxxxx/xxxxx/xxxxx.xxx	predictive	Alto
42	File	xxxx.xx	predictive	Basso
43	Argument	$x_xxxxxx[xxxxxxxx]	predictive	Alto
44	Argument	xxxxxx	predictive	Basso
45	Argument	xxxxxx	predictive	Basso
46	Argument	xxxxx	predictive	Basso
47	Argument	xxxxxxxxxxxxxxx	predictive	Alto
48	Argument	xxxxxxxx	predictive	Media
49	Argument	xxxxxxxxx/xx/xxxxxxxx	predictive	Alto
50	Argument	x_xxx	predictive	Basso
51	Argument	xx	predictive	Basso
52	Argument	xx	predictive	Basso
53	Argument	xx/xxxxx	predictive	Media
54	Argument	xx_xxxxx	predictive	Media
55	Argument	xxxxxxx	predictive	Basso
56	Argument	xxx	predictive	Basso
57	Argument	xxxxx xxxxxx	predictive	Media
58	Argument	xxxx	predictive	Basso
59	Argument	xxxxxxxx	predictive	Media
60	Argument	xxxxxxxx_xxx	predictive	Media
61	Argument	xxxxxxxx_xx	predictive	Media
62	Argument	xxxx/xxxxxx/xxxxxxx/xxxxxxxxxx	predictive	Alto
63	Argument	xxxxxxx[]	predictive	Media
64	Argument	xxxxx	predictive	Basso
65	Argument	xxxxxxx	predictive	Basso
66	Argument	x-xxxx-xxxxx	predictive	Media
67	Input Value	.%xx.../.%xx.../	predictive	Alto
68	Input Value	x' xxxxx xxxxx(x) xxx 'xxxx'='xxxx	predictive	Alto
69	Pattern	x\|xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx\|x	predictive	Alto
70	Network Port	xxx/xxxxx	predictive	Media

Referenze (6)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!