WP Redirect Campaign Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (8)

Linguaggio

en	6
de	2

Nazione

us	6
ag	2

Attori

MechaFlounder	1
Redaman	1
TrickBot	1
WP Redirect Campaign	1
Meterpreter	1

Interesse

Genere

Not Defined	4
Mail Server Software	2
Firewall Software	2

Fornitore

IceWarp	2
Thomas R. Pasawicz	2
Accellion	2
Not Defined	2

Prodotto

IceWarp eMail Server	2
Thomas R. Pasawicz HyperBook Guestbook	2
Accellion Kiteworks	2
pfSense	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	PHP socket_connect buffer overflow	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.01856	0.04	CVE-2011-1938
2	pfSense File Name browser.php cross site scripting	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.00	CVE-2022-42247
3	ILLID Share This Image Plugin sharer.php cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00100	0.00	CVE-2017-18015
4	IceWarp eMail Server webmail.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00057	0.00	CVE-2009-1468
5	HPE iLO 4 escalazione di privilegi	9.9	9.4	$25k-$100k	$0-$5k	High	Official Fix	0.97224	0.04	CVE-2017-12542
6	Accellion Kiteworks URI directory traversal	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00086	0.00	CVE-2016-5664
7	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione	5.3	5.2	$5k-$25k	Calcolo	High	Workaround	0.02016	0.00	CVE-2007-1192

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Campagne	Identified	Genere	Fiducia
1	185.177.59.23		WP Redirect Campaign		25/08/2018	verified	Alto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	browser.php	predictive	Media
2	File	data/gbconfiguration.dat	predictive	Alto
3	File	xxxxxx.xxx	predictive	Media
4	File	xxxxxxx.xxx	predictive	Media
5	Argument	xxx	predictive	Basso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!