Persian Stalker Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (129)

Oś czasu

Język

en126
ru2
de2

Kraj

us44
hu26
pw10
ru2
de2

Aktorzy

MyKings1
Persian Stalker1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined52
Network Camera Software8
Web Server8
WordPress Plugin6
Operating System4

Sprzedawca

Not Defined24
Hikvision6
Pivotal4
Microsoft4
Mobotix4

Produkt

Pivotal RabbitMQ4
Hikvision DS-2CD7153-E4
Linux Kernel4
Akuvox R50P4
Simple Posts Ticker Plugin2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$25k-$100k$0-$5kHighOfficial Fix0.969890.03CVE-2023-4966
2Hanwha Techwin Smartcam weak authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002790.03CVE-2018-6299
3Omron CX-One CX-Programmer Password Storage information disclosure5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2015-0988
4XiongMai IP Camera/DVR NetSurveillance Web Interface memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003720.03CVE-2017-16725
5Wowza Streaming Engine Installer privilege escalation8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.000800.04CVE-2019-7656
6Allegro RomPager Embedded Web Server rom-0 information disclosure5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.06
7Boa Webserver GET wapopen directory traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.09CVE-2017-9833
8CeNova/Night OWL/Novo/Pulnix/QSee/Securus DVR download.rsp Credentials privilege escalation7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.005870.04CVE-2018-10676
9XiongMai uc-httpd directory traversal7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.005000.03CVE-2017-7577
10AVTECH IP Camera/NVR/DVR PwdGrp.cgi privilege escalation9.89.2$5k-$25k$0-$5kHighUnavailable0.000000.04
11thttpd WebService information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
12Bitrix Site Manager redirect.php privilege escalation5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
13Simple Posts Ticker Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.03CVE-2023-4646
14mkdocs Dev-Server directory traversal4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.033570.03CVE-2021-40978
15Adobe Acrobat Reader information disclosure4.94.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001300.00CVE-2023-38248
16KramerAV VIA Connect/VIA Go Screen privilege escalation8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-33469
17Microsoft .NET/Visual Studio denial of service6.86.2$5k-$25k$0-$5kUnprovenOfficial Fix0.000650.05CVE-2023-38178
18WebBoss.io CMS cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.03CVE-2023-39096
19Apple macOS WebKit memory corruption7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001280.00CVE-2023-38611

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
1145.239.65.25ns3081843.ip-145-239-65.euPersian Stalker2018-11-09verifiedWysoki
2XXX.XXX.XXX.XXxxxxxx Xxxxxxx2018-11-09verifiedWysoki

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveWysoki
2T1059CAPEC-242CWE-94Argument InjectionpredictiveWysoki
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveWysoki
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
5TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
7TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveWysoki
10TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
11TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveWysoki
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
13TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveWysoki
14TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveWysoki
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (43)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/admin/index.htmlpredictiveWysoki
2File/cgi-bin/luci/admin/network/wireless/statuspredictiveWysoki
3File/cgi-bin/supervisor/PwdGrp.cgipredictiveWysoki
4File/cgi-bin/wapopenpredictiveWysoki
5File/DroboAccess/enable_userpredictiveWysoki
6File/xxxxx/xxx/xxxxx.xxxpredictiveWysoki
7File/xxxxx/xxx/.xxxx-xxxxx/xxxxxx-xxxxxxxxxxxxxpredictiveWysoki
8File/xxx-xpredictiveNiski
9File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveWysoki
10File/xxxxxxxxx/xx-xxxxx/xxxxx.xxxpredictiveWysoki
11Filexxxxxxxxxxxxxxx.xxxpredictiveWysoki
12Filexxxx.xpredictiveNiski
13Filexxx-xxx/xxxxxxxx.xxxxpredictiveWysoki
14Filexxx-xxx/xxxx-xxxpredictiveWysoki
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxx/xxx/xxx/xxxx_xxx.xpredictiveWysoki
17Filexxxxxxx.xpredictiveMedium
18Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveWysoki
19Filexxxx/xxxxx.xxxpredictiveWysoki
20Filexxx/xxx/xxxx_xxxxxxxx.xpredictiveWysoki
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxxxxxx/xxxxxxxxpredictiveWysoki
23Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveWysoki
24Libraryxxxxxxxxxx.xxxpredictiveWysoki
25ArgumentxxxxpredictiveNiski
26ArgumentxxxxxxxxxxpredictiveMedium
27Argumentxxx_xxxxx_xxxx_xxxxxxxpredictiveWysoki
28ArgumentxxxxpredictiveNiski
29ArgumentxxxxpredictiveNiski
30ArgumentxxxxxpredictiveNiski
31ArgumentxxxxxxxxpredictiveMedium
32Argumentxxxxxxx_xxpredictiveMedium
33ArgumentxxxxxxpredictiveNiski
34Argumentxxxxxxx_xxxxxpredictiveWysoki
35ArgumentxxxxxxxxxxxxxxxxxxxpredictiveWysoki
36ArgumentxxxxxxxxxxxxpredictiveMedium
37ArgumentxxxxxxxxpredictiveMedium
38Input Value..predictiveNiski
39Input Value../..predictiveNiski
40Input Value/%xxpredictiveNiski
41Input Value/..predictiveNiski
42Network Portxxx/xxxxpredictiveMedium
43Network Portxxx xxxxxx xxxxpredictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you want to use VulDB in your project?

Use the official API to access entries easily!