Boostwrite and RDFSniffer Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Język

en	18
sv	4

Kraj

us	12
ru	4
se	2
cn	2
ml	2

Aktorzy

IcedID	1
Gootkit	1
ISFB	1
Gozi	1
SharkBot	1

Wysiłek

Rodzaj

Not Defined	8
Peer-to-Peer Software	2
Application Server Software	2
Web Server	2
SCADA Software	2

Sprzedawca

Dahua	2
Fujitsu	2
Cisco	2
Orpak	2
Oracle	2

Produkt

Dahua Web P2P	2
Fujitsu ETERNUS CentricStor CS8000	2
Cisco Embedded Device	2
Orpak SiteOmat	2
Oracle WebLogic Server	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Microsoft Exchange Server Mail memory corruption	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.38328	0.00	CVE-2018-8302
2	Delta Electronics ASDA-Soft Project File memory corruption	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00069	0.00	CVE-2022-1403
3	Fujitsu ETERNUS CentricStor CS8000 grel.php grel_finfo privilege escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00731	0.00	CVE-2022-31795
4	Oracle WebLogic Server Web Container information disclosure	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.96287	0.02	CVE-2022-21371
5	Palo Alto PAN-OS Web Interface privilege escalation	8.0	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00128	0.05	CVE-2021-3058
6	Schneider Electric EcoStruxure Building Operation WebStation Web Page Generation cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.00	CVE-2020-28210
7	Tiandy IP Cameras Service Port 3001 information disclosure	6.4	5.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00619	0.02	CVE-2017-15236
8	Shenzhen Hichip Vision Technology V20 P2P Service memory corruption	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00627	0.04	CVE-2020-9527
9	Shenzhen Hichip Vision Technology V20 privilege escalation	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00171	0.03	CVE-2020-9529
10	ANNKE SP1 HD Wireless Camera SSID cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.02	CVE-2017-18483
11	Mobotix IP Network Camera cross site scripting	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
12	CeNova/Night OWL/Novo/Pulnix/QSee/Securus DVR download.rsp Credentials privilege escalation	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Workaround	0.00587	0.00	CVE-2018-10676
13	Dahua Web P2P Key information disclosure	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.05	CVE-2020-9501
14	AVTECH IP Camera/NVR/DVR PwdGrp.cgi privilege escalation	9.8	9.2	$5k-$25k	$0-$5k	High	Unavailable	0.00000	0.03
15	Microsoft Exchange Server privilege escalation	8.0	7.9	$5k-$25k	$0-$5k	High	Official Fix	0.97151	0.06	CVE-2020-0688
16	Apple iCloud Foundation privilege escalation	4.4	4.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2020-10002
17	Go Doc Dot Org Package directory traversal	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01354	0.03	CVE-2018-12976
18	Symantec Messaging Gateway privilege escalation	7.3	7.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00083	0.00	CVE-2019-18379
19	Cisco Embedded Device X.509 Certificate weak authentication	5.7	5.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00338	0.00	CVE-2015-6358
20	Orpak SiteOmat OrCU privilege escalation	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00571	0.02	CVE-2017-14853

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Kampanie	Identified	Rodzaj	Pewność siebie
1	109.230.199.227	reserved07.theonlygreeting.com	Boostwrite and RDFSniffer		2019-10-10	verified	Wysoki

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Wysoki
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
7	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/cgi-bin/supervisor/PwdGrp.cgi	predictive	Wysoki
2	File	download.rsp	predictive	Medium
3	File	xxxx.xxx	predictive	Medium
4	Argument	xxx_xxxxx_xxxx_xxxxxxx	predictive	Wysoki
5	Argument	xxxx/xx/xxxx	predictive	Medium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Interested in the pricing of exploits?

See the underground prices here!