Generic Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (70)

Język

en	48
pl	20
fr	2

Kraj

pl	38
us	8
fr	2

Aktorzy

Generic	6
Cobalt Strike	1
XLoader	1
LokiBot	1
Meterpreter	1

Wysiłek

Rodzaj

Not Defined	26
Network Utility Software	4
Enterprise Resource Planning Software	4
Firewall Software	2
Web Browser	2

Sprzedawca

Not Defined	26
Google	4
VWar	2
Cisco	2
Dreambox	2

Produkt

cURL	4
libcURL	4
Dolibarr	4
Google WebP	2
IdeaBox	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	cURL/libcURL Cookie File stat race condition	4.7	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-32001
2	Hypersilence Silentum Guestbook silentum_guestbook.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00107	0.04	CVE-2009-4687
3	F5 BIG-IP Configuration Utility directory traversal	9.3	9.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00230	0.05	CVE-2023-41373
4	Google WebP libwebp memory corruption	7.5	7.4	$5k-$25k	$0-$5k	High	Official Fix	0.68001	0.04	CVE-2023-4863
5	ZyXEL P660HN-T1A Remote System Log Forwarder ViewLog.asp privilege escalation	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.97521	0.03	CVE-2017-18368
6	SailPoint IdentityIQ Lifecycle Manager privilege escalation	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.03	CVE-2024-1714
7	Bricks Plugin weak authentication	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.18	CVE-2024-25600
8	agnivade easy-scrypt scrypt.go VerifyPassphrase information disclosure	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00188	0.07	CVE-2014-125055
9	GNU C Library __vsyslog_internal memory corruption	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00770	0.08	CVE-2023-6246
10	Apache Tomcat Commons FileUpload denial of service	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.04	CVE-2023-42794
11	HP Integrated Lights-Out IPMI Protocol privilege escalation	8.2	8.0	$5k-$25k	$0-$5k	High	Workaround	0.27196	0.09	CVE-2013-4786
12	Microsoft Outlook weak authentication	9.0	8.6	$5k-$25k	$0-$5k	Functional	Official Fix	0.92645	0.06	CVE-2023-23397
13	DZCP deV!L`z Clanportal config.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.46	CVE-2010-0966
14	Tiki Admin Password tiki-login.php weak authentication	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.93	CVE-2020-15906
15	Proofpoint Enterprise Protection AdminUI cross site scripting	5.2	5.1	$0-$5k	Obliczenie	Not Defined	Official Fix	0.00052	0.00	CVE-2023-5771
16	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00065	0.01	CVE-2023-36756
17	Apache Log4j Chainsaw/SocketAppender denial of service	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00206	0.04	CVE-2023-26464
18	Fortinet FortiSandbox HTTP Request directory traversal	7.4	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00094	0.00	CVE-2023-41682
19	Oracle MySQL Workbench denial of service	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00303	0.00	CVE-2023-0215
20	Cacti Regular Expression sql injection	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00112	0.00	CVE-2023-39365

IOC - Indicator of Compromise (33)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	52.15.72.79	ec2-52-15-72-79.us-east-2.compute.amazonaws.com	Generic	2022-04-08	verified	Medium
2	52.15.194.28	ec2-52-15-194-28.us-east-2.compute.amazonaws.com	Generic	2022-04-08	verified	Medium
3	52.72.89.116	ec2-52-72-89-116.compute-1.amazonaws.com	Generic	2022-04-08	verified	Medium
4	52.204.47.183	ec2-52-204-47-183.compute-1.amazonaws.com	Generic	2022-04-08	verified	Medium
5	64.98.145.30	url.hover.com	Generic	2022-04-08	verified	Wysoki
6	67.228.43.214	d6.2b.e443.ip4.static.sl-reverse.com	Generic	2022-04-08	verified	Wysoki
7	68.65.121.51	strategic.com.ua	Generic	2022-04-08	verified	Wysoki
8	XX.XX.XX.XX	xxxxxxxxx-x.xxxxxxxxxxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
9	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
10	XX.XX.XXX.XXX	xxxxx.xxxxxxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
11	XX.XXX.XXX.XX		Xxxxxxx	2022-04-08	verified	Wysoki
12	XXX.XX.XX.XX		Xxxxxxx	2022-04-08	verified	Wysoki
13	XXX.XX.XXX.XX		Xxxxxxx	2022-04-08	verified	Wysoki
14	XXX.XX.XXX.XXX		Xxxxxxx	2022-04-08	verified	Wysoki
15	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xxxxxx.xxxxxxxxxxxx.xxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
16	XXX.XXX.XXX.XXX	xxxxxx.xxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
17	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
18	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
19	XXX.XXX.XXX.XXX		Xxxxxxx	2022-04-08	verified	Wysoki
20	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
21	XXX.XX.XXX.XX		Xxxxxxx	2022-04-08	verified	Wysoki
22	XXX.XX.XXX.XX	xxxxxx.xxxxxxx.xx	Xxxxxxx	2022-04-08	verified	Wysoki
23	XXX.XXX.XXX.XXX	xx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
24	XXX.XXX.XXX.XX	xxxx-xxxxxxx-xxxxxxx.xxxxxxxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
25	XXX.XX.XXX.XXX		Xxxxxxx	2022-04-08	verified	Wysoki
26	XXX.XX.XXX.XXX		Xxxxxxx	2022-04-08	verified	Wysoki
27	XXX.XXX.XXX.XXX	xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
28	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
29	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
30	XXX.XX.XXX.XX	xxxxxxxx.xxx.xxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
31	XXX.XX.XXX.XX	xxxxxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxx	2022-04-08	verified	Wysoki
32	XXX.XXX.XX.XX		Xxxxxxx	2022-04-08	verified	Wysoki
33	XXX.XXX.XXX.XXX		Xxxxxxx	2022-04-08	verified	Wysoki

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Wysoki
2	T1040	CAPEC-102	CWE-294	Authentication Bypass by Capture-replay	predictive	Wysoki
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Wysoki
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
9	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
10	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Wysoki
11	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
12	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
13	TXXXX	CAPEC-157	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Wysoki

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/accountancy/admin/accountmodel.php	predictive	Wysoki
2	File	/apply_noauth.cgi	predictive	Wysoki
3	File	/dev/mapper/control	predictive	Wysoki
4	File	announcements.php	predictive	Wysoki
5	File	xxxxxxxx.xxx	predictive	Medium
6	File	xxxxxxxxxxxx_xxxx.xxx	predictive	Wysoki
7	File	xxx/xxxxxx.xxx	predictive	Wysoki
8	File	xxxxxxx.xxx	predictive	Medium
9	File	xxxxx.xxx	predictive	Medium
10	File	xxxxxxxx/xxxxxxxxx	predictive	Wysoki
11	File	xxxxxxxx.xxx	predictive	Medium
12	File	xxxxxxxx.xxx	predictive	Medium
13	File	xxxx_xxx.x	predictive	Medium
14	File	xxxxxx.xx	predictive	Medium
15	File	xxxxxxxx_xxxxxxxxx.xxx	predictive	Wysoki
16	File	xxxx-xxxxx.xxx	predictive	Wysoki
17	File	xxxxxxx.xxx	predictive	Medium
18	File	xxx.xxx	predictive	Niski
19	File	xx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxx	predictive	Wysoki
20	File	xxxx/xxxx_xxxxxx.x	predictive	Wysoki
21	Argument	xxxxxxxxxxx	predictive	Medium
22	Argument	xxxxxxxx	predictive	Medium
23	Argument	xxxxxxxx	predictive	Medium
24	Argument	xxxx	predictive	Niski
25	Argument	xxxxx	predictive	Niski
26	Argument	xxxx_xxxx	predictive	Medium
27	Argument	xxxxxxxxx	predictive	Medium
28	Argument	xxxxx	predictive	Niski
29	Argument	xxxxxxx_xxx	predictive	Medium
30	Argument	xxxxxx_xxxx	predictive	Medium
31	Argument	xxxxxxxxx	predictive	Medium
32	Argument	xxxxxxx	predictive	Niski

Referencje (9)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Might our Artificial Intelligence support you?

Check our Alexa App!