Cryptbot Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

Oś czasu

Język

en14
ar2

Kraj

de12
jp2

Aktorzy

Vidar1
RecordBreaker1
XMRIG1
Ave Maria1
RedLine1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined10
Web Server2
Network Authentication Software2
Network Management Software2

Sprzedawca

Not Defined4
Huawei2
Apache2
TOTOLINK2
Goahead Software2

Produkt

Huawei ACXXXX2
Huawei SXXXX2
Apache Commons Configuration2
TOTOLINK A800R2
TOTOLINK A810R2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1perfSONAR file URL Privilege Escalation7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00075CVE-2022-45213
2La-souris-verte Com Svmap index.php directory traversal5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01334CVE-2010-1308
3OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.640.00440CVE-2014-2230
4Goahead Software Webserver HTTP Request aux denial of service5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000.06949CVE-2001-0385
5Facebook WhatsApp Video Call memory corruption8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00393CVE-2022-36934
6SourceCodester Simple Parking Management System cross site scripting3.93.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.100.00054CVE-2022-2363
7Snipe-IT Update Branding Settings privilege escalation5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00054CVE-2022-32060
8TOTOLINK EX300 MQTT Data Packet setLanguageCfg privilege escalation7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000.17797CVE-2022-32449
9IBM Security Access Manager Appliance weak encryption5.75.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00106CVE-2022-22464
10Apache Commons Configuration Variable Interpolation Privilege Escalation8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.34543CVE-2022-33980
11TOTOLINK A800R/A810R/A830R/A950RG/A3000RU/A3100R privilege escalation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00706CVE-2022-28935
12Huawei ACXXXX/SXXXX SSH Packet privilege escalation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00246CVE-2014-8572
13libvirt libxl Driver denial of service3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00044CVE-2021-4147
14Zabbix SAML weak authentication8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.020.97186CVE-2022-23131
15VMware Spring Framework privilege escalation4.54.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00079CVE-2021-22096

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
18.248.153.254Cryptbot2021-10-16verifiedWysoki
28.248.163.254Cryptbot2021-10-16verifiedWysoki
38.248.167.254Cryptbot2021-10-16verifiedWysoki
48.249.223.254Cryptbot2021-10-16verifiedWysoki
5X.XXX.XXX.XXXXxxxxxxx2021-10-16verifiedWysoki
6X.XXX.XX.XXXXxxxxxxx2021-10-16verifiedWysoki
7X.XXX.XXX.XXXXxxxxxxx2021-10-16verifiedWysoki
8X.XXX.XXX.XXXXxxxxxxx2021-10-16verifiedWysoki
9XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx2021-10-16verifiedMedium
10XX.XXX.XX.XXXxx-xx.xxxXxxxxxxx2021-10-16verifiedWysoki
11XX.XXX.X.Xxxxxx-xx-xxx-x-x.xxx.xxxx.xxxXxxxxxxx2021-10-16verifiedWysoki
12XX.XXX.X.XXXxxxxx-xx-xxx-x-xxx.xxx.xxxx.xxxXxxxxxxx2021-10-16verifiedWysoki
13XX.XXX.XXX.XXXxxxxxxx2023-01-31verifiedWysoki
14XX.XX.XX.XXxxxxxx.xx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx2021-10-16verifiedWysoki
15XXX.XXX.XXX.XXxxxxxxx2021-10-16verifiedWysoki
16XXX.X.XXX.XXxx-xx-xxxx.xxx-xxxxxxx.xxxXxxxxxxx2021-10-16verifiedWysoki
17XXX.XX.XXX.Xxx-xxx.xxxXxxxxxxx2021-10-16verifiedWysoki

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1059.007CWE-79Cross Site ScriptingpredictiveWysoki
3TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
5TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
6TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/auxpredictiveNiski
2File/ci_spms/admin/search/searching/predictiveWysoki
3Filexxxxxxx.xxxpredictiveMedium
4Filexxxxx.xxxpredictiveMedium
5ArgumentxxxxxxxxxxpredictiveMedium
6ArgumentxxxxpredictiveNiski
7ArgumentxxxxxxxxpredictiveMedium
8ArgumentxxxxxxpredictiveNiski
9Input Value"><xxxxxx>xxxxx("xxx")</xxxxxx>predictiveWysoki

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Want to stay up to date on a daily basis?

Enable the mail alert feature now!