Expiro Analiza

IOB - Indicator of Behavior (248)

Oś czasu

Język

en196
fr14
de14
es8
ru6

Kraj

us104
ru46
cn4
fr2
de2

Aktorzy

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Sprzedawca

Produkt

Microsoft Windows18
Apache HTTP Server6
WordPress6
MediaWiki4
Cybozu Garoon4

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1TikiWiki tiki-register.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix6.790.01009CVE-2006-6168
2Phplinkdirectory PHP Link Directory conf_users_edit.php cross site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00526CVE-2011-0643
3Python Software Foundation BaseHTTPServer HTTP Request denial of service7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.020.00000
4Maran PHP Shop prod.php sql injection7.37.3$0-$5kObliczenieHighUnavailable0.040.00137CVE-2008-4879
5OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
6WordPress sql injection7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00175CVE-2011-3130
7Apache Tomcat CORS Filter privilege escalation8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.07849CVE-2018-8014
8DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.600.00943CVE-2010-0966
9Apache HTTP Server suEXEC Feature .htaccess information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.030.00000
10WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611
11Microsoft Office Object Remote Code Execution7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.97339CVE-2017-8570
12TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00000
13Drupal User Module privilege escalation8.88.4$0-$5kObliczenieNot DefinedOfficial Fix0.000.00208CVE-2016-6211
14Rockwell Automation FactoryTalk Service Platform privilege escalation8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00043CVE-2024-21915
15PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.520.00374CVE-2007-0529
16TikiWiki tiki-index.php directory traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.380.01121CVE-2007-5684
17AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.190.00587CVE-2006-3681
18vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00181CVE-2007-6138
19LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.590.00000
20Suricata Rule directory traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00053CVE-2023-35852

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
15.79.71.205Expiro2022-08-01verifiedWysoki
25.79.71.225Expiro2022-08-01verifiedWysoki
318.213.250.117ec2-18-213-250-117.compute-1.amazonaws.comExpiro2022-04-28verifiedMedium
418.215.128.143ec2-18-215-128-143.compute-1.amazonaws.comExpiro2022-04-28verifiedMedium
535.205.61.6767.61.205.35.bc.googleusercontent.comExpiro2023-06-03verifiedMedium
635.234.136.1313.136.234.35.bc.googleusercontent.comExpiro2022-08-01verifiedMedium
746.165.220.145Expiro2022-04-28verifiedWysoki
8XX.XXX.XXX.XXXXxxxxx2022-04-28verifiedWysoki
9XX.XXX.XXX.XXXxxxxx2022-08-01verifiedWysoki
10XX.XXX.XXX.XXXxxxxx2022-08-01verifiedWysoki
11XX.XXX.XX.XXXXxxxxx2023-06-03verifiedWysoki
12XX.X.XXX.XXXxxxxx2023-06-03verifiedWysoki
13XX.XXX.XXX.XXXxx-xxx-xxx-xxx-xx.xxx.xxXxxxxx2022-08-01verifiedWysoki
14XX.XX.XX.XXXxxxxx2022-08-01verifiedWysoki
15XX.XX.XX.XXXXxxxxx2022-08-01verifiedWysoki
16XX.XXX.XXX.XXXXxxxxx2022-04-28verifiedWysoki
17XX.XXX.XXX.XXXxxxxx2023-06-03verifiedWysoki
18XX.XXX.XXX.XXXXxxxxx2022-04-28verifiedWysoki
19XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx2023-06-03verifiedWysoki
20XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx2023-06-03verifiedWysoki
21XXX.XX.XX.XXXxxxxx2022-08-01verifiedWysoki
22XXX.XXX.XX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx2022-08-01verifiedWysoki
23XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxx2022-04-28verifiedWysoki
24XXX.XXX.XXX.XXXxxxxxxx.xxx.xxxx.xxxXxxxxx2023-06-03verifiedWysoki
25XXX.XXX.XXX.XXXxxxxxxx.xxx.xxxx.xxxXxxxxx2022-08-01verifiedWysoki
26XXX.XXX.XXX.XXXXxxxxx2022-08-01verifiedWysoki
27XXX.XXX.XXX.XXXXxxxxx2022-08-01verifiedWysoki
28XXX.XXX.XXX.XXXXxxxxx2022-08-01verifiedWysoki
29XXX.XXX.XXX.XXXXxxxxx2022-08-01verifiedWysoki
30XXX.XXX.XX.XXXxxxxx2022-08-01verifiedWysoki
31XXX.XX.XXX.XXXXxxxxx2023-06-03verifiedWysoki
32XXX.XXX.XXX.XXXxxxxx2022-08-01verifiedWysoki
33XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxx2022-04-28verifiedWysoki
34XXX.XXX.XXX.XXXXxxxxx2022-05-11verifiedWysoki

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3T1059CWE-94Argument InjectionpredictiveWysoki
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveWysoki
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveWysoki
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
9TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveWysoki
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
11TXXXXCWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveWysoki
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveWysoki
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveWysoki
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
17TXXXX.XXXCWE-XXXXxxxxxxxpredictiveWysoki
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
19TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
20TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveWysoki
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (136)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File.htaccesspredictiveMedium
2File/ajax-files/followBoard.phppredictiveWysoki
3File/DATAREPORTSpredictiveMedium
4File/etc/gsissh/sshd_configpredictiveWysoki
5File/Forms/predictiveNiski
6File/forum/away.phppredictiveWysoki
7File/getcfg.phppredictiveMedium
8File/maint/modules/home/index.phppredictiveWysoki
9File/uncpath/predictiveMedium
10Fileaccount.asppredictiveMedium
11Fileaddentry.phppredictiveMedium
12Fileadmin/conf_users_edit.phppredictiveWysoki
13Fileapi.phppredictiveNiski
14Fileawstats.plpredictiveMedium
15Filecarbon/resources/add_collection_ajaxprocessor.jsppredictiveWysoki
16Filexxx-xxx/xxx/xxxxxx.xxpredictiveWysoki
17Filexxx.xxpredictiveNiski
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxx_xxxx.xxxpredictiveWysoki
20Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveWysoki
21Filexxxxxx/xxx.xpredictiveMedium
22Filexxx.xxx.xxxxpredictiveMedium
23Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveWysoki
24Filexxxxxxx/xxx_xxxxxxx.xxxpredictiveWysoki
25Filexxxxxx-xxxx.xpredictiveWysoki
26Filexxxxx_xxxx.xpredictiveMedium
27Filexxxxxxxx.xxxpredictiveMedium
28Filexxx/xxxx/predictiveMedium
29Filexxxxxxxxxxxxxx.xxxpredictiveWysoki
30Filexxxx_xxxxxxx.xxx.xxxpredictiveWysoki
31Filexxx/xxxxxxxxxx.xpredictiveWysoki
32Filexxxxx.xxxpredictiveMedium
33Filexxxx.xxxpredictiveMedium
34Filexxxx/xxxxxx.xpredictiveWysoki
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxx/xxxxxx.xxxpredictiveWysoki
37Filexxxxx.xxxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxx/xxxxx/xxxxx.xpredictiveWysoki
40Filexxxxxxx/xxxx-xxxx.xpredictiveWysoki
41Filexxxxx.xxxpredictiveMedium
42Filexxxx.xpredictiveNiski
43Filexxxxxx/xxxxxx.xpredictiveWysoki
44Filexxxxxxxxxx/xxxxx.xpredictiveWysoki
45Filexx/predictiveNiski
46Filexxx_xxxxx_xxxxxx_xxxxx.xxxpredictiveWysoki
47Filexxxx.xxxxxxxxxx.xxxpredictiveWysoki
48Filexxxxxxxx_xxxxxx.xxxpredictiveWysoki
49Filexxxxx-xxxx.xxxpredictiveWysoki
50Filexxxx.xxxpredictiveMedium
51FilexxxxxxxpredictiveNiski
52Filexxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxxx_xxxxxx/xxxxxxxxxxxx/xxx_xxxxxxxxxxx.xxxpredictiveWysoki
54Filexxxxx.xxxpredictiveMedium
55Filexxxxxxx.xxpredictiveMedium
56Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveWysoki
57Filexxxxxxxxx.xxxpredictiveWysoki
58Filexxxxxxxxxx.xxxpredictiveWysoki
59Filexxxxxxxxxxx.xxxpredictiveWysoki
60Filexxxxxxxxx_xxxxxxxxx.xxxpredictiveWysoki
61Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveWysoki
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxx-xxxxx.xxxpredictiveWysoki
64Filexxxx-xxxxxxxx.xxxpredictiveWysoki
65Filexxxxxx.xxxpredictiveMedium
66Filexxxxxx-xxxxxxx-xxxx.xxxpredictiveWysoki
67Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictiveWysoki
68Filexxxxxxx.xxxpredictiveMedium
69Filexxxxxxxxxxxxxxx.xxxpredictiveWysoki
70Filexxxxx_xx.xxxpredictiveMedium
71Filexxxx/xx_xxxxxxx.xxxpredictiveWysoki
72Filexxxxx/xxxxx.xxpredictiveWysoki
73Filexxxxxx.xxxpredictiveMedium
74Filexxxxxxx/xxxxxx.xpredictiveWysoki
75Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveWysoki
76Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveWysoki
77Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveWysoki
78Filexxxxxx.xxxpredictiveMedium
79Library/xxx/xxx/xxxx.xxxpredictiveWysoki
80Libraryxxx/xxxx/xxxxxx.xxpredictiveWysoki
81Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveWysoki
82Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictiveWysoki
83Libraryxxxxxxx.xxxpredictiveMedium
84Libraryxxxxxx/x/xxxxxxxxpredictiveWysoki
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxxpredictiveNiski
87ArgumentxxxxpredictiveNiski
88ArgumentxxxpredictiveNiski
89ArgumentxxxxxxxpredictiveNiski
90Argumentxxxxxxxxxxxxxx/xxxxxxxxxxpredictiveWysoki
91ArgumentxxxxxxpredictiveNiski
92Argumentxxxxxx[xxxxxxx_xxx]predictiveWysoki
93ArgumentxxxxxxxxxxxxxxxxpredictiveWysoki
94ArgumentxxxxxxxxpredictiveMedium
95Argumentxxxxxxxx_xxxxx[]predictiveWysoki
96ArgumentxxxxxxxxxpredictiveMedium
97Argumentxxx_xxxxxxxxpredictiveMedium
98Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveWysoki
99ArgumentxxxxxxxxxpredictiveMedium
100ArgumentxxxpredictiveNiski
101ArgumentxxxxpredictiveNiski
102Argumentxxx_xxxpredictiveNiski
103ArgumentxxxxpredictiveNiski
104Argumentxx_xxxxxxxxpredictiveMedium
105ArgumentxxxxpredictiveNiski
106ArgumentxxxpredictiveNiski
107ArgumentxxxxxxxxpredictiveMedium
108ArgumentxxxxxxxxpredictiveMedium
109Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveWysoki
110Argumentxxxx_xxxxpredictiveMedium
111Argumentxxxxx_xxxx_xxxxpredictiveWysoki
112ArgumentxxxpredictiveNiski
113ArgumentxxxxxxxxpredictiveMedium
114ArgumentxxxxxpredictiveNiski
115ArgumentxxxxpredictiveNiski
116ArgumentxxxxxxpredictiveNiski
117ArgumentxxxxxxxxxxxxxpredictiveWysoki
118ArgumentxxxxpredictiveNiski
119ArgumentxxxxpredictiveNiski
120ArgumentxxxxxxxxpredictiveMedium
121ArgumentxxxxxxxxpredictiveMedium
122ArgumentxxxpredictiveNiski
123ArgumentxxxxpredictiveNiski
124Argumentxxxx->xxxxxxxpredictiveWysoki
125Argumentxxxxx_xxxxxxpredictiveMedium
126ArgumentxxxxxpredictiveNiski
127Input Value#/+predictiveNiski
128Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveWysoki
129Input Value../predictiveNiski
130Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveWysoki
131Input Value\xpredictiveNiski
132Network PortxxxxpredictiveNiski
133Network Portxxx/xxxxpredictiveMedium
134Network Portxxx/xxxxpredictiveMedium
135Network Portxxx/xxx (xxxx)predictiveWysoki
136Network Portxxx xxxxxx xxxxpredictiveWysoki

Referencje (5)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!