3AM Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (34)

Język

en	26
zh	4
ru	4

Kraj

us	30
cn	4

Aktorzy

LockBit	1
Cobalt Strike	1
UAC-0010	1
Scarab Ransomware	1
Phobos	1

Wysiłek

Rodzaj

Not Defined	14
Content Management System	4
Network Camera Software	2

Sprzedawca

Not Defined	8
AVTECH	2
Bitrix	2
WordPress	2
Xitex	2

Produkt

AVTECH IP Camera	2
AVTECH NVR	2
AVTECH DVR	2
Bitrix Site Manager	2
FLDS	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	1.92
2	Bitrix Site Manager redirect.php privilege escalation	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00113	0.03	CVE-2008-2052
3	Serendipity exit.php privilege escalation	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.57
4	GetSimpleCMS index.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00123	0.00	CVE-2019-9915
5	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.07	CVE-2008-5928
6	Login and Logout Redirect Plugin	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.03	CVE-2023-41648
7	Honeywell ProWatch privilege escalation	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.03	CVE-2023-6179
8	SolusVM WHMCS privilege escalation	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00064	0.05	CVE-2022-42175
9	Openads adclick.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01871	0.36	CVE-2007-2046
10	MB connect line mymbCONNECT24/mbCONNECT24 redirect.php Redirect	6.2	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.04	CVE-2020-35560
11	WordPress AdServe adclick.php sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.08	CVE-2008-0507
12	Xitex Xitex WebContent M1 redirect.do cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00192	0.03	CVE-2008-1209
13	OpenX adclick.php Redirect	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00440	0.60	CVE-2014-2230
14	Samsung Memory Card & UFD Authentication Utility PC Software weak authentication	7.6	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-41929
15	Crypto++ ECDSA Signature Generation FixedSizeAllocatorWithCleanup information disclosure	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00046	0.00	CVE-2022-48570
16	AVM FRITZ!Box webcm privilege escalation	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.95702	0.03	CVE-2014-9727
17	grunt Package load privilege escalation	5.8	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00851	0.07	CVE-2020-7729
18	Memcached process_bin_update memory corruption	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.86732	0.03	CVE-2016-8705
19	AVTECH IP Camera/NVR/DVR PwdGrp.cgi privilege escalation	9.8	9.2	$5k-$25k	$0-$5k	High	Unavailable	0.00000	0.05

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Aktor	Identified	Rodzaj	Pewność siebie
1	85.159.229.62	3AM	2023-10-11	verified	Wysoki
2	XXX.XXX.X.XXX	Xxx	2023-10-11	verified	Wysoki
3	XXX.XX.XXX.X	Xxx	2023-10-11	verified	Wysoki

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Wysoki
3	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
4	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX	CAPEC-462	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/cgi-bin/supervisor/PwdGrp.cgi	predictive	Wysoki
2	File	/forum/away.php	predictive	Wysoki
3	File	adclick.php	predictive	Medium
4	File	xxxxx/xxxxx.xxx	predictive	Wysoki
5	File	xxx-xxx/xxxxx	predictive	Wysoki
6	File	xxxx.xxx	predictive	Medium
7	File	xxxxx.xxx	predictive	Medium
8	File	xxxxxxxx.xx	predictive	Medium
9	File	xxxxxxxx.xxx	predictive	Medium
10	Argument	xxxx	predictive	Niski
11	Argument	xxxx	predictive	Niski
12	Argument	xx	predictive	Niski
13	Argument	xxxxxxxx	predictive	Medium
14	Argument	xxx	predictive	Niski
15	Argument	xxx	predictive	Niski
16	Argument	xxx:xxxx	predictive	Medium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you know our Splunk app?

Download it now for free!