AvosLocker Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

Oś czasu

Język

en56
fr6
es2
pl2

Kraj

fr6
es2
ru2
us2

Aktorzy

AvosLocker1
Tofsee1
Amadey1
RedLine Stealer1
RedLine1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined20
Content Management System4
Enterprise Resource Planning Software2
Router Operating System2
Customer Relationship Management System2

Sprzedawca

Not Defined12
HP6
Coinsoft Technologies2
Canto2
GESIO2

Produkt

HP SAN4
HP iQ4
Hydra2
Coinsoft Technologies phpCOIN2
Canto Cumulus2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1HP SAN/iQ hydra.exe privilege escalation4.33.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002770.00CVE-2012-4362
2Hydra HTTP Header read.c process_header_end denial of service6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001170.02CVE-2019-17502
3IW Guestbook badwords_edit.asp sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4Hydra weak authentication5.65.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2020-5300
5OmniSecure AddUrlShield index.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
6ORY Hydra error Reflected cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2019-8400
7PHPGurukul Hospital Management System dashboard.php privilege escalation5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.006610.02CVE-2020-35745
8HP SAN/iQ Login hydra.exe memory corruption10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.466430.00CVE-2011-4157
9HP LeftHand Virtual SAN Appliance hydra memory corruption10.09.5$25k-$100k$0-$5kHighOfficial Fix0.776220.00CVE-2013-2343
10Coinsoft Technologies phpCOIN db.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.076060.00CVE-2005-4211
11Coinsoft Technologies phpCOIN db.php directory traversal5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.038770.02CVE-2005-4212
12Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.09
13Small CRM cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2023-44075
14Intern Record System controller.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2022-40348
15Sitekit CMS registration-form.html cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
16Microsoft Windows Backup Service Privilege Escalation7.77.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003890.04CVE-2023-21752
17SunHater KCFinder upload.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001310.04CVE-2019-14315
18Canto Cumulus login privilege escalation8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.002830.02CVE-2022-40305
19IW Guestbook messages_edit.asp sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
20CKEditor Clipboard Package privilege escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001630.03CVE-2021-32809

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
145.136.230.191www.seedbox.vipAvosLocker2022-12-21verifiedWysoki
2XXX.XXX.XXX.XXXXxxxxxxxxx2022-12-21verifiedWysoki

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveWysoki
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveWysoki
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/cwc/loginpredictiveMedium
2File/intern/controller.phppredictiveWysoki
3File/iwguestbook/admin/badwords_edit.asppredictiveWysoki
4File/iwguestbook/admin/messages_edit.asppredictiveWysoki
5Filexxxxx/xxxxxxxxx.xxxpredictiveWysoki
6Filexxxxx.xxxpredictiveMedium
7Filexxxx_xxxxxxxx/xx.xxxpredictiveWysoki
8Filexxxxx.xxxpredictiveMedium
9Filexxxxx.xxxpredictiveMedium
10Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveWysoki
11Filexxxxxx/xxxxxxxxx/xxxxxpredictiveWysoki
12Filexxxx.xpredictiveNiski
13Filexxxxxxxxxxxx-xxxx.xxxxpredictiveWysoki
14Filexxxxxx.xxxpredictiveMedium
15Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveWysoki
16ArgumentxxxxxxxpredictiveNiski
17ArgumentxxxxxxpredictiveNiski
18ArgumentxxxxxxxxxxxxxxxpredictiveWysoki
19ArgumentxxxxxxxxxpredictiveMedium
20Argumentxxxxxxx-xxxxxxpredictiveWysoki
21Argumentxxxxx_xxxxpredictiveMedium
22Argumentxxxxxx$xxxxxpredictiveMedium
23ArgumentxxpredictiveNiski
24ArgumentxxxxxpredictiveNiski
25Argumentxxxx/xxxxxpredictiveMedium
26Argumentxxxx_xxpredictiveNiski
27ArgumentxxxxxxpredictiveNiski
28Argument_xxxx[_xxx_xxxx_xxxxpredictiveWysoki
29Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you want to use VulDB in your project?

Use the official API to access entries easily!