PortDoor Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Oś czasu

Język

en12
es2
de2

Kraj

us14
ir2

Aktorzy

TA4281

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Content Management System4
Not Defined4
Programming Language Software2
JavaScript Library2
Cloud Software2

Sprzedawca

DZCP4
LogicBoard2
Google2
WordPress2
Not Defined2

Produkt

DZCP deV!L`z Clanportal4
LogicBoard CMS2
Google Go2
WordPress AdServe2
Kerberos Package2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Microsoft Windows Registry Password information disclosure3.73.6$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
3Nextcloud Server Image Preview config.php privilege escalation7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002540.04CVE-2021-32802
4D-Link DIR-865L register_send.php weak authentication7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.02CVE-2013-3096
5Google Go ExtractTo directory traversal7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001070.00CVE-2020-7668
6PHP phpinfo memory corruption6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023450.02CVE-2005-2491
7DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.03CVE-2010-0966
8DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.58CVE-2007-1167
9Kerberos Package DLL LoadLibrary privilege escalation6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.004400.00CVE-2020-13110
10WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.02CVE-2008-0507
11LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.07
12Bitcoin Core/Bitcoin Knots Final Alert weak encryption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001580.00CVE-2016-10725
13DUware DUdownload detail.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002540.03CVE-2006-6367

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
145.63.27.16245.63.27.162.vultr.comPortDoor2022-03-04verifiedMedium

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1059CWE-94Argument InjectionpredictiveWysoki
3TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
5TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveWysoki
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
7TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/forum/away.phppredictiveWysoki
2Fileadclick.phppredictiveMedium
3Filexxxxxx.xxxpredictiveMedium
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
5Filexxxxxx.xxxpredictiveMedium
6Filexxx/xxxxxx.xxxpredictiveWysoki
7Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveWysoki
8Filexxxxxxxx_xxxx.xxxpredictiveWysoki
9ArgumentxxxxxxxxpredictiveMedium
10ArgumentxxxxpredictiveNiski
11ArgumentxxpredictiveNiski
12ArgumentxxxxxpredictiveNiski
13Input Value..predictiveNiski

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Want to stay up to date on a daily basis?

Enable the mail alert feature now!