CDRThief Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (10)

Język

zh	10

Kraj

cn	10

Aktorzy

CDRThief	2

Wysiłek

Rodzaj

Not Defined	4
Wireless LAN Software	2
Programming Language Software	2
Printing Software	2

Sprzedawca

Not Defined	4
eEye	2
Hotline	2
PrinterLogic	2

Produkt

eEye Retina WiFi Scanner	2
Hotline Connect Server	2
PHP	2
Jitsi Meet	2
PrinterLogic Web Stack	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Hotline Connect Server information disclosure	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00000	0.00
2	ownCloud Server Password Protected Public Links weak authentication	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.00	CVE-2021-35948
3	ownCloud user_ldap privilege escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2021-40537
4	Atlassian JIRA Server/Data Center Endpoint web.xml directory traversal	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.91900	0.03	CVE-2021-26086
5	Job and Node Ownership Plugin privilege escalation	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.00	CVE-2022-28151
6	PrinterLogic Web Stack weak encryption	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06463	0.00	CVE-2021-42635
7	eEye Retina WiFi Scanner memory corruption	10.0	10.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.12680	0.00	CVE-2009-3859
8	PHP SoapClient query denial of service	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01231	0.00	CVE-2021-21702
9	Jitsi Meet weak authentication	8.5	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00196	0.03	CVE-2020-11878
10	OpenSSH Key Exchange Initialization kex_input_kexinit denial of service	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.78351	0.01	CVE-2016-8858

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	34.94.199.142	142.199.94.34.bc.googleusercontent.com	CDRThief	2021-05-31	verified	Medium
2	35.236.173.187	187.173.236.35.bc.googleusercontent.com	CDRThief	2021-05-31	verified	Medium
3	XXX.XX.XXX.XX		Xxxxxxxx	2021-05-31	verified	Wysoki
4	XXX.XXX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	Wysoki
5	XXX.XXX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	Wysoki
6	XXX.XXX.XX.XXX		Xxxxxxxx	2021-05-31	verified	Wysoki

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Wysoki
2	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Wysoki
3	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
4	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Wysoki

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/WEB-INF/web.xml	predictive	Wysoki
2	File	xxxxxxxx/xxxx_xxxx	predictive	Wysoki
3	Argument	xxx_xxx	predictive	Niski

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!