Peach Sandstorm Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Oś czasu

Język

en34
zh10
de2
es2

Kraj

co28
cn10
us6
fr2

Aktorzy

Cobalt Strike3
Peach Sandstorm3
BumbleBee1
TrickBot1
XWorm1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined16
Operating System4
Virtualization Software2
Hosting Control Software2
Content Management System2

Sprzedawca

Not Defined12
Microsoft4
Interspire4
Apache4
Linux Foundation2

Produkt

Microsoft Windows4
Interspire Email Marketer4
AgileConfig2
Linux Foundation Xen2
Sonus SBC 10002

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.07CVE-2018-19551
2Sales / Company Management System member_order.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2018-19925
3Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2018-19549
4All-in-One WP Migration Plugin class-ai1wm-backups.php directory traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000970.04CVE-2022-1476
5VMware vCenter Server/Cloud Foundation vSphere Client Privilege Escalation8.07.9$5k-$25k$0-$5kHighOfficial Fix0.972990.09CVE-2021-21972
6Advanced Comment System admin.php sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.002300.02CVE-2018-18619
7Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.02CVE-2018-19553
8SonicWALL SMA1000 HTTP Connection privilege escalation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.002380.03CVE-2022-22282
9Omeka Classic cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.00CVE-2021-26799
10AgileConfig JWT Secret weak encryption7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003290.00CVE-2022-35540
11Apache Airflow UI privilege escalation7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.382510.02CVE-2022-40127
12Support Board Plugin sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001510.00CVE-2021-24741
13GitLab Project Import privilege escalation8.78.6$0-$5k$0-$5kNot DefinedOfficial Fix0.634360.07CVE-2022-2185
14cPanel cpsrvd cross site scripting5.04.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.03CVE-2023-29489
15Labstack Echo Static privilege escalation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.029330.02CVE-2022-40083
16GitLab Community Edition/Enterprise Edition Runner Registration Token information disclosure7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.032780.00CVE-2022-0735
17Git Plugin Build privilege escalation6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.09CVE-2022-36883
18Z-BlogPHP action_crawler.php privilege escalation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.003190.04CVE-2022-40357
19Dialogic PowerMedia XMS Administrative Console default.db Password privilege escalation6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.06CVE-2018-11634
20Extreme EXOS File information disclosure3.43.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.03CVE-2017-14327

Kampanie (1)

These are the campaigns that can be associated with the actor:

  • Holmium

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
164.52.80.30Peach Sandstorm2024-02-01verifiedWysoki
2XX.X.XX.XXXxxxx XxxxxxxxxXxxxxxx2023-10-19verifiedWysoki
3XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxXxxxx XxxxxxxxxXxxxxxx2023-10-19verifiedWysoki
4XXX.XX.XXX.XXXxxxxxx-xxx-xx-xxx-xxx.xxxxxxxxx.xxXxxxx XxxxxxxxxXxxxxxx2023-10-19verifiedWysoki
5XXX.XX.XXX.XXxxxx-xxxxxxxx.xxxxxxxxxx.xxxXxxxx XxxxxxxxxXxxxxxx2023-10-19verifiedWysoki

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CAPEC-126CWE-22Path TraversalpredictiveWysoki
2T1059CAPEC-242CWE-94Argument InjectionpredictiveWysoki
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
6TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
8TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveWysoki

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/var/www/xms/xmsdb/default.dbpredictiveWysoki
2FileDynamiccontenttags.phppredictiveWysoki
3Fileinternal/advanced_comment_system/admin.phppredictiveWysoki
4Filexxxxxx/xxxxxx_xxxxx.xxxpredictiveWysoki
5Filexxxxxxxx.xxpredictiveMedium
6Filexx_xxxxx/xxxxxx/xxxxxxx/xxx/xxxxxx_xxxxxxx.xxxpredictiveWysoki
7Library/xxxxxxx/xxxxx/xxx.xxxpredictiveWysoki
8Libraryxxx/xxx/xxxx.xxxxx.xxxpredictiveWysoki
9Library~/xxx/xxxxx/xxxxx-xxxxx-xxxxxxx.xxxpredictiveWysoki
10Argumentxxxxxxx[]predictiveMedium
11Argumentxxxxx/xxxxxxpredictiveMedium
12ArgumentxxpredictiveNiski
13ArgumentxxxxpredictiveNiski
14Argumentxxx_xxpredictiveNiski
15ArgumentxxxxxxxxxpredictiveMedium
16ArgumentxxxxxxpredictiveNiski
17Argumentxxxxxx_xxxx/xxxxxxxxxx/xxxx_xx/xxxxxxxxxxxx_xx/xxxxxxxxxxxx_xxxxxx_xxxx/xxxxxxxxx_xxpredictiveWysoki
18Argumentxxxx/x_xxxxxpredictiveMedium

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you want to use VulDB in your project?

Use the official API to access entries easily!