Alchimist Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (48)

Język

en	48

Kraj

cn	28
us	10

Aktorzy

Alchimist	6
Cobalt Strike	2
SystemBC	1
Meterpreter	1

Wysiłek

Rodzaj

Not Defined	16
Database Software	4
Web Server	4
SCADA Software	2
Web Browser	2

Sprzedawca

Oracle	6
Not Defined	4
Microsoft	4
Lenovo	4
Siemens	2

Produkt

Microsoft IIS	4
Lenovo Smart Camera X3	4
Lenovo Smart Camera X5	4
Lenovo Smart Camera C2E	4
Siemens SIMATIC HMI panel	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	jforum User privilege escalation	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.06	CVE-2019-7550
2	Siemens SIMATIC HMI panel miniweb.exe directory traversal	7.5	7.2	$5k-$25k	$0-$5k	High	Official Fix	0.01059	0.06	CVE-2011-4878
3	NCH Axon PBX cross site scripting	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00058	0.00	CVE-2021-37456
4	Apache Tomcat HTTP/2 Execution denial of service	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.72665	0.04	CVE-2019-0199
5	Daimler Mercedes Me App Certificate Pinning information disclosure	6.0	5.9	$0-$5k	$0-$5k	High	Official Fix	0.00238	0.03	CVE-2018-18071
6	Daimler Mercedes Comand Navigation Route Calculation denial of service	6.2	6.2	$0-$5k	$0-$5k	Functional	Unavailable	0.00061	0.00	CVE-2018-18070
7	laravel-jqgrid EloquentRepositoryAbstract.php getRows sql injection	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00148	0.00	CVE-2021-4262
8	ThinkPHP Driver.class.php parseOrder sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00163	0.02	CVE-2018-18546
9	SourceCodester Game Result Matrix System GET Parameter athlete-profile.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00063	0.04	CVE-2023-3383
10	Oracle MySQL Server Packaging memory corruption	9.8	9.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03992	0.00	CVE-2016-0705
11	react-native-reanimated Parser Colors.js privilege escalation	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00105	0.03	CVE-2022-24373
12	Splunk Enterprise Forwarder Bundle weak authentication	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00138	0.02	CVE-2022-32157
13	Oracle MySQL Workbench privilege escalation	9.8	9.6	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.10649	0.04	CVE-2022-1292
14	Itech News Portal information.php sql injection	6.3	5.5	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00391	0.09	CVE-2017-20131
15	Realtek SDK miniigd SOAP Service privilege escalation	7.3	7.3	$0-$5k	$0-$5k	High	Not Defined	0.96863	0.02	CVE-2014-8361
16	Mozilla Firefox Browser Engine memory corruption	7.3	6.4	$25k-$100k	$0-$5k	Unproven	Official Fix	0.06447	0.03	CVE-2015-4501
17	Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E privilege escalation	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00155	0.00	CVE-2021-3616
18	Lenovo ThinkPad SMM BIOS Write Protection privilege escalation	3.2	3.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.03	CVE-2020-8341
19	Ivanti Pulse Connect Secure File Resource Profiles memory corruption	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.67701	0.00	CVE-2021-22908
20	Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E SD Card privilege escalation	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00189	0.02	CVE-2021-3615

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	3.86.255.8	ec2-3-86-255-8.compute-1.amazonaws.com	Alchimist	2024-03-27	verified	Medium
2	3.86.255.88	ec2-3-86-255-88.compute-1.amazonaws.com	Alchimist	2023-01-06	verified	Medium
3	XX.XX.XXX.XXX		Xxxxxxxxx	2022-12-21	verified	Wysoki
4	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxx	2023-01-06	verified	Wysoki
5	XX.XXX.XXX.XX	xx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxx	2022-12-21	verified	Wysoki
6	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxx	2022-12-21	verified	Wysoki
7	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxx	2022-12-21	verified	Wysoki

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1059	CWE-94	Argument Injection	predictive	Wysoki
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Wysoki
8	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
9	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Wysoki
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/dipam/athlete-profile.php	predictive	Wysoki
2	File	/news-portal-script/information.php	predictive	Wysoki
3	File	/uncpath/	predictive	Medium
4	File	xxxxxx.xx	predictive	Medium
5	File	xxxxxxxxxx.xxx	predictive	Wysoki
6	File	xxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxx	predictive	Wysoki
7	File	xxxxxxxxxxxxxxxxxxx.xxxx	predictive	Wysoki
8	File	xxxxxxxx.x	predictive	Medium
9	File	xxxxxxx/xxxxx/xx/xxxxxx.xxxxx.xxx	predictive	Wysoki
10	File	xxxxxxx.xxx	predictive	Medium
11	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Wysoki
12	File	xxxxxxxxxxxx.xxx	predictive	Wysoki
13	File	xxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Wysoki
14	File	xxxxxx.xxx	predictive	Medium
15	Library	xxxx	predictive	Niski
16	Argument	xxxxxxxxx xx xxxxxxx	predictive	Wysoki
17	Argument	xxx	predictive	Niski
18	Argument	xx	predictive	Niski
19	Argument	xxx	predictive	Niski
20	Argument	xxx	predictive	Niski
21	Input Value	::$xxxxx_xxxxxxxxxx	predictive	Wysoki
22	Network Port	xxx xxxxxx xxxx	predictive	Wysoki

Referencje (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Interested in the pricing of exploits?

See the underground prices here!