Dark Tequila Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Język

en	40

Kraj

us	34

Aktorzy

Charming Kitten	1
Dark Tequila	1

Wysiłek

Rodzaj

Not Defined	12
Web Browser	8
Database Software	4
Router Operating System	4
Groupware Software	2

Sprzedawca

Not Defined	12
Microsoft	8
Opera	4
Comcast	4
Mozilla	4

Produkt

Opera Web Browser	4
MySQL Eventum	4
Comcast DPC3939	2
Cisco IOS	2
Linksys WRT54G Wireless-G Router	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Siemens SiPass integrated File privilege escalation	7.2	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00055	0.02	CVE-2017-9940
2	Microsoft Edge Scripting Engine memory corruption	6.0	5.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00543	0.00	CVE-2017-8661
3	Comcast DPC3939B cross site request forgery	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00112	0.00	CVE-2017-9489
4	Comcast DPC3939 Network Processor privilege escalation	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00194	0.00	CVE-2017-9481
5	Linux Kernel XFRM xfrm_user_policy memory corruption	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00126	0.00	CVE-2005-2456
6	Mozilla Firefox String nieznana luka	4.3	4.1	$25k-$100k	$0-$5k	Proof-of-Concept	Unavailable	0.00207	0.05	CVE-2005-2602
7	Mozilla Thunderbird Long String Privilege Escalation	6.3	6.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00000	0.00
8	CA BrightStor ARCserve Backup Backup Agent memory corruption	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.97191	0.00	CVE-2005-1272
9	unzip File Decompression race condition	6.3	6.3	$5k-$25k	$0-$5k	Not Defined	Unavailable	0.00064	0.00	CVE-2005-2475
10	MySQL Eventum Class sql injection	6.3	6.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
11	Microsoft ActiveSync Equipment ID Reader Privilege Escalation	6.3	5.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.00
12	Microsoft ActiveSync Communication denial of service	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
13	MySQL Eventum view.php cross site scripting	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01420	0.00	CVE-2005-2467
14	MySQL Eventum list.php cross site scripting	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
15	MySQL Eventum get_jsrs_data.php cross site scripting	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
16	Cisco IOS IPv6 Stack denial of service	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.13257	0.00	CVE-2005-2451
17	Linksys WRT54G Wireless-G Router SSL Private Key Encryption nieznana luka	6.5	5.7	$5k-$25k	$0-$5k	Unproven	Official Fix	0.01038	0.00	CVE-2005-2434
18	Novell eDirectory Modular Authentication Service weak authentication	5.4	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
19	Microsoft PowerPoint Shared Sections denial of service	4.8	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
20	Microsoft Word Shared Sections denial of service	4.8	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	46.17.97.12		Dark Tequila	2018-08-27	verified	Wysoki
2	XX.XXX.XX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxx Xxxxxxx	2018-08-27	verified	Wysoki
3	XXX.XX.X.XX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxx Xxxxxxx	2018-08-27	verified	Wysoki

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Wysoki
2	T1059.007	CAPEC-18	CWE-80	Cross Site Scripting	predictive	Wysoki
3	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-102	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
7	TXXXX	CAPEC-157	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Wysoki

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/etc/waipass	predictive	Medium
2	File	get_jsrs_data.php	predictive	Wysoki
3	File	xxxxxx??.xxx	predictive	Medium
4	File	xxxx.xxx	predictive	Medium
5	File	xxx-xxxx.x	predictive	Medium
6	File	xxxx.xxx	predictive	Medium
7	Argument	xx	predictive	Niski
8	Argument	xxxx	predictive	Niski
9	Argument	xxxxxxx	predictive	Niski

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!