DeathStalker Analiza

IOB - Indicator of Behavior (191)

Oś czasu

Język

en180
fr4
de4
zh2
es2

Kraj

Aktorzy

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Sprzedawca

Produkt

Microsoft Windows10
AXIS 2110 Network Camera6
Google Chrome6
Google Android4
Linux Kernel4

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1Best Gallery Albums Plugin admin.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00109CVE-2014-8758
2AXIS 2110 Network Camera getparam.cgi denial of service9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.03461CVE-2004-2427
3onnx ONNX_ASSERTM information disclosure4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00043CVE-2024-27319
4Google Android Codec2BufferUtils.cpp ConvertRGBToPlanarYUV memory corruption5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00043CVE-2024-0023
57-card Fakabao alipay_notify.php sql injection5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00064CVE-2023-7183
6Scott Paterson Easy PayPal Shopping Cart Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00045CVE-2023-47239
7AWeber Free Sign Up Form and Landing Page Builder for Lead Generation and Email Newsletter Growth Plugin cross site request forgery5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00058CVE-2023-47757
8Guillemant David WP Full Auto Tags Manager Plugin cross site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00058CVE-2023-34024
9Os Commerce cross site scripting6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00049CVE-2023-43718
10Dolibarr cross site scripting5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00046CVE-2023-5323
11WordPress Password Reset wp-login.php mail privilege escalation6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.02827CVE-2017-8295
12TOTOLINK Realtek SDK formSysCmd privilege escalation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.020.96343CVE-2019-19824
13Samsung ScanPool MAC Address Information information disclosure1.91.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00042CVE-2022-30728
14Microsoft Windows Runtime Remote Code Execution8.17.4$100k i więcej$5k-$25kUnprovenOfficial Fix0.000.40206CVE-2022-21971
15TP-LINK TL-WR840N/TL-WR841N Session weak authentication8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.050.30057CVE-2018-11714
16Huawei HarmonyOS Audio Module information disclosure3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00221CVE-2021-46786
17Huawei HarmonyOS Frame Scheduling Module memory corruption5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00221CVE-2022-29794
18mySCADA myPRO privilege escalation7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00153CVE-2021-33009
19Puppet Enterprise CD4PE Deployment Definition Credentials information disclosure4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00044CVE-2020-7945
20Easy Cookies Policy Plugin Subscriber cross site request forgery3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00149CVE-2021-24405

Kampanie (1)

These are the campaigns that can be associated with the actor:

  • Janicab

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
187.120.37.68www.tubebg.comDeathStalkerJanicab2022-12-17verifiedWysoki
2XX.XXX.XXX.XXXXxxxxxxxxxxxXxxxxxx2022-12-17verifiedWysoki
3XXX.XXX.XXX.XXXXxxxxxxxxxxxXxxxxxx2022-12-17verifiedWysoki

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-21, CWE-22Path TraversalpredictiveWysoki
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveWysoki
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
4T1059CWE-88, CWE-94Argument InjectionpredictiveWysoki
5TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
8TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveWysoki
10TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
12TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveWysoki
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/etc/postfix/sender_loginpredictiveWysoki
2File/goform/openSchedWifipredictiveWysoki
3File/services/details.asppredictiveWysoki
4Fileadmin/getparam.cgipredictiveWysoki
5FileaepxpredictiveNiski
6Fileapp/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.phppredictiveWysoki
7Fileboafrm/formSysCmdpredictiveWysoki
8Filebrowser.phppredictiveMedium
9Filexxxx/xxxxxx.xpredictiveWysoki
10Filexxxxxxxxxxxxxxxxx.xxxpredictiveWysoki
11Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveWysoki
12Filexxxxxx.xxxpredictiveMedium
13Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveWysoki
14Filexxxxxxxxx.xxxpredictiveWysoki
15Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveWysoki
16Filexxxxxxx/xxx/xxxx/xxxxxx.xpredictiveWysoki
17Filexxxxxxx.xxxpredictiveMedium
18Filexxx/xxxx_xxxx.xpredictiveWysoki
19Filexxx/xxxxxxxxxx.xpredictiveWysoki
20Filexxxx/xxxxxx.xpredictiveWysoki
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxx/xxxxxxxx.xxx.xxxpredictiveWysoki
26Filexxxxxxxxxx.xpredictiveMedium
27Filexxxxxx/xxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveWysoki
28Filexxxxxxx.xxxxpredictiveMedium
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxxx.xxpredictiveMedium
31Filexxxx/xxxxxx_xxxxxx.xxxpredictiveWysoki
32Filexxxxxx.xxxpredictiveMedium
33Filexxxxxxxxx.xxxpredictiveWysoki
34Filexxxxxxxxxxxx.xxxpredictiveWysoki
35Filexxxxx/xxxxx.xxx?xxxxxxxxxxx_xx=xxxxpredictiveWysoki
36Filexx-xxxxx/xxxxx.xxxpredictiveWysoki
37Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveWysoki
38Filexx-xxxxx.xxxpredictiveMedium
39Library/xxx/xxx_xx-xxxxx-xxx/xxxx.xx.xpredictiveWysoki
40Libraryxxxxxxxx.xxxpredictiveMedium
41Libraryxxxxxx.xxxpredictiveMedium
42ArgumentxxxxxxpredictiveNiski
43ArgumentxxxxxxxxxxpredictiveMedium
44ArgumentxxxxxxxxxxxxpredictiveMedium
45ArgumentxxxxxxpredictiveNiski
46ArgumentxxxxxxxxxpredictiveMedium
47Argumentxxxxx xxxxxxx xx xxxxxxx xxxxxxxxxxxx xx xxxx xxxxxxxxxxpredictiveWysoki
48ArgumentxxxxxxxxpredictiveMedium
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxxpredictiveNiski
51ArgumentxxpredictiveNiski
52Argumentxxx[xxxx_xx]predictiveMedium
53Argumentxxxxxxx_xxxxxx_xxxxx[x]predictiveWysoki
54Argumentxxxxx_xxxxx[xxxxxxxxx_xxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxx]/xxxxx_xxxxx[xxxx_xxxxxx]predictiveWysoki
55Argumentxxxxx_xxpredictiveMedium
56Argumentxxx_xxxxx_xxpredictiveMedium
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxxxpredictiveNiski
59Argumentxxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveWysoki
60Argumentxxxxxxx_xxpredictiveMedium
61ArgumentxxxxxxxpredictiveNiski
62ArgumentxxxxxxpredictiveNiski
63ArgumentxxxxxxpredictiveNiski
64ArgumentxxxxxpredictiveNiski
65ArgumentxxxxxpredictiveNiski
66Argument_xxx_xxxxxxx_xxxxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxx_xxxxpredictiveWysoki
67Input Value/../predictiveNiski
68Input ValuexxxxxxxxxxpredictiveMedium
69Input Valuex+xxxx (xxxxx xxxxxx xxxxxxx) xxx x+xxxx (xxxxx-xx-xxxx xxxxxxx)predictiveWysoki
70Input Value\xxx../../../../xxx/xxxxxxpredictiveWysoki
71Input Value\xxx\xxxpredictiveMedium
72Network Portxxx/xxxxpredictiveMedium
73Network Portxxx/xxxxpredictiveMedium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!