PoshC2 Analiza

IOB - Indicator of Behavior (508)

Oś czasu

Język

en390
de78
zh22
pl10
es6

Kraj

us384
cn36
ru16
es4
ro2

Aktorzy

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Sprzedawca

Produkt

Microsoft Windows6
Apple QuickTime6
Asus RT-AX56U4
Ivanti Workspace Control4
Apple Mac OS X Server4

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.600.00943CVE-2010-0966
3TikiWiki tiki-register.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix6.910.01009CVE-2006-6168
4FreeBSD FPU x87 Register information disclosure4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000
5Russcom Network Loginphp register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.040.00677CVE-2006-2160
6Jelsoft vBulletin register.php denial of service7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.01562CVE-2006-4272
7CONTROLzx HMS register_domain.php cross site scripting3.53.3$0-$5kObliczenieProof-of-ConceptNot Defined0.000.00000
8Ultimate PHP Board register.php nieznana luka5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00317CVE-2006-3206
9SloughFlash SF-Users register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00587CVE-2006-2167
10Linux Kernel FXSAVE x87 Register weak encryption4.33.9$5k-$25kObliczenieProof-of-ConceptOfficial Fix0.020.00101CVE-2006-1056
11MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.490.01302CVE-2007-0354
12Cisco AnyConnect Secure Mobility Client Profile Editor XML External Entity4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00074CVE-2018-0100
13Citrix Workspace App Automatic Updater Service privilege escalation7.57.5$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.00088CVE-2020-8207
14X7 Group X7 Chat register.php cross site scripting4.33.9$0-$5kObliczenieProof-of-ConceptOfficial Fix0.020.00615CVE-2006-2282
15Kailash Nadh boastMachine Admin Interface register.php cross site scripting4.33.8$0-$5kObliczenieProof-of-ConceptUnavailable0.020.00807CVE-2006-3826
16GeoClassifieds Enterprise register.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
17PhotoPost PHP register.php privilege escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
18Tritanium Bulletin Board register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00677CVE-2006-1815
19nginx privilege escalation6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.080.00241CVE-2020-12440
20Asus RT-AX82U HTTP Request get_IFTTTTtoken.cgi Remote Code Execution8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00218CVE-2022-35401

Kampanie (1)

These are the campaigns that can be associated with the actor:

  • PoshC2

IOC - Indicator of Compromise (36)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
13.120.209.174ec2-3-120-209-174.eu-central-1.compute.amazonaws.comPoshC22024-01-16verifiedMedium
23.253.77.60ec2-3-253-77-60.eu-west-1.compute.amazonaws.comPoshC22023-10-27verifiedMedium
313.48.77.144ec2-13-48-77-144.eu-north-1.compute.amazonaws.comPoshC22023-11-01verifiedMedium
413.78.10.244PoshC22024-02-13verifiedWysoki
518.134.14.164ec2-18-134-14-164.eu-west-2.compute.amazonaws.comPoshC22023-10-11verifiedMedium
635.80.38.180ec2-35-80-38-180.us-west-2.compute.amazonaws.comPoshC22024-01-02verifiedMedium
735.202.253.4545.253.202.35.bc.googleusercontent.comPoshC22022-03-27verifiedMedium
845.79.196.20345-79-196-203.ip.linodeusercontent.comPoshC22023-10-19verifiedWysoki
9XX.XXX.XXX.XXXXxxxxx2024-01-27verifiedWysoki
10XX.XXX.XXX.XXXXxxxxx2021-06-22verifiedWysoki
11XX.XXX.XX.XXXxxxxx2023-11-22verifiedWysoki
12XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxx2024-01-04verifiedWysoki
13XX.XXX.XXX.XXXXxxxxx2023-11-15verifiedWysoki
14XX.XX.XXX.XXxxxxxxxxxxxxxxxxx.xx.xxxxxxxxx.xxxXxxxxx2023-12-10verifiedWysoki
15XX.XXX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx2023-11-11verifiedWysoki
16XX.XXX.X.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx2023-10-16verifiedWysoki
17XX.XX.XXX.XXxxxxxxxx.xx-xx-xx-xxx.xxXxxxxx2023-10-26verifiedWysoki
18XX.XXX.XX.XXXxxxxxxx.xxxxxx.xxxXxxxxx2023-10-09verifiedWysoki
19XX.XXX.XXX.XXXXxxxxx2022-10-17verifiedWysoki
20XXX.XX.XXX.XXXXxxxxx2021-06-22verifiedWysoki
21XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx2023-11-22verifiedWysoki
22XXX.XXX.XXX.XXXxxxxx2023-11-07verifiedWysoki
23XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxx2024-01-02verifiedWysoki
24XXX.XXX.XXX.XXXxxxxx2023-12-10verifiedWysoki
25XXX.XXX.XX.XXXXxxxxx2023-10-19verifiedWysoki
26XXX.XX.XX.XXXXxxxxx2024-01-09verifiedWysoki
27XXX.XX.XXX.XXXxxxxx2024-02-20verifiedWysoki
28XXX.XXX.XXX.XXXXxxxxx2024-01-25verifiedWysoki
29XXX.XXX.XX.XXxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx2023-12-15verifiedWysoki
30XXX.XX.XXX.XXxxx-xxx-xx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx2023-11-09verifiedMedium
31XXX.XXX.XX.XXXxxxxx2024-01-26verifiedWysoki
32XXX.XXX.XXX.XXXxxxxx2023-10-17verifiedWysoki
33XXX.XXX.XX.XXXxxxxx2021-06-22verifiedWysoki
34XXX.XXX.XXX.XXXXxxxxx2023-10-09verifiedWysoki
35XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx2023-10-20verifiedWysoki
36XXX.XXX.XXX.XXXxxxxXxxxxx2021-05-31verifiedWysoki

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveWysoki
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3T1059CWE-94Argument InjectionpredictiveWysoki
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveWysoki
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveWysoki
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveWysoki
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (114)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/admin/config/uploadicon.phppredictiveWysoki
2File/admin/del_feedback.phppredictiveWysoki
3File/cms/category/listpredictiveWysoki
4File/inquiries/view_inquiry.phppredictiveWysoki
5File/LoginpredictiveNiski
6File/product/savenewproduct.php?flag=1predictiveWysoki
7File/searchpredictiveNiski
8File/start_apply.htmpredictiveWysoki
9File/sysmanage/updatelib.phppredictiveWysoki
10File/thruk/#cgi-bin/extinfo.cgi?type=2predictiveWysoki
11File/var/log/nginxpredictiveWysoki
12Filebooking.phppredictiveMedium
13Filebrowse-category.phppredictiveWysoki
14FileBSW_cxttongr.htmpredictiveWysoki
15Filecat.asppredictiveNiski
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveWysoki
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxxxxxxxxxx.xxxpredictiveWysoki
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxxxxxxx.xxxpredictiveWysoki
24Filexxxx.xxxpredictiveMedium
25Filexxx_xxxxxxxxxxx.xxxpredictiveWysoki
26Filexxxx.xxxpredictiveMedium
27Filexxx/xxxxxx.xxxpredictiveWysoki
28Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveWysoki
29Filexxxxx.xxxpredictiveMedium
30Filexxxxx.xxxpredictiveMedium
31Filexxxxx.xxx?xx=xxxxxxxxxx&xxxxpredictiveWysoki
32Filexxxxxxx.xpredictiveMedium
33Filexxxxxxxxxxx-xxxxxxx-xxxx.xxxx.xxxpredictiveWysoki
34Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveWysoki
35Filexxxx.xxxpredictiveMedium
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxxx.xxxpredictiveMedium
38Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveWysoki
39Filexxx_xxxx.xxxpredictiveMedium
40Filexxxx_xxxxxxx.xxxpredictiveWysoki
41Filexxxxx_xxx.xxxpredictiveWysoki
42Filexxxxx.xxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxxxxxx.xxxpredictiveWysoki
45Filexxxxxxxx.xxxxpredictiveWysoki
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveWysoki
48Filexxxxxxxx_xxxxxx.xxxpredictiveWysoki
49Filexxxxxxx/xxxxxxxxxx.xxxpredictiveWysoki
50Filexxxxxx.xxpredictiveMedium
51Filexxxxxxx/xxxxxxxx.xxxpredictiveWysoki
52Filexxxxx.xxxpredictiveMedium
53Filexxxxxx.xxxpredictiveMedium
54Filexxxxxx-xxxxxx.xxxpredictiveWysoki
55Filexxxx-xxxxxxxx.xxxpredictiveWysoki
56Filexxxxx_xxxxxx.xxxpredictiveWysoki
57Filexxxxxx.xxxpredictiveMedium
58Filexx-xxxxx/xxxxx-xxx.xxx?xxxxxxx-xxxxxxxxpredictiveWysoki
59Filexxxx.xxpredictiveNiski
60File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveWysoki
61File~/xxx-xxx-xxxx.xxxpredictiveWysoki
62Libraryxxxxxxxx.xxxpredictiveMedium
63Libraryxxxxxx.xxxxx.xxxxxxxpredictiveWysoki
64Argumentxx_xxxx_xxxxpredictiveMedium
65ArgumentxxxxxxxpredictiveNiski
66ArgumentxxxxxxxxxpredictiveMedium
67ArgumentxxxxxxpredictiveNiski
68ArgumentxxxxxxxxpredictiveMedium
69ArgumentxxxpredictiveNiski
70ArgumentxxxpredictiveNiski
71Argumentxxx/xxxxx_xxxx/xxxxxx_xxxx/xxxxxxx_x/xxxxxxxpredictiveWysoki
72Argumentxxxxxxx_xxxxxpredictiveWysoki
73Argumentxxxxxxx/xxxx/xxxxx_xxxxx_xxpredictiveWysoki
74Argumentx[xxxxx]predictiveMedium
75ArgumentxxxxxxxpredictiveNiski
76ArgumentxxxxxxxxpredictiveMedium
77Argumentxxxxxxx=xxxxxxxxpredictiveWysoki
78Argumentxx_xxxxxpredictiveMedium
79ArgumentxxxxpredictiveNiski
80ArgumentxxxxxxxxpredictiveMedium
81Argumentxxxx_xxxxxxpredictiveMedium
82ArgumentxxxxxxxxxxpredictiveMedium
83Argumentxxxx/xxxxxxx/xxxxxxxpredictiveWysoki
84Argumentxxxx_xxpredictiveNiski
85ArgumentxxxxpredictiveNiski
86ArgumentxxpredictiveNiski
87Argumentxx_xxxxxpredictiveMedium
88ArgumentxxxxxpredictiveNiski
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxpredictiveNiski
91ArgumentxxxxxxxxxxxpredictiveMedium
92Argumentxxxx-xxx-xxxxxxxxxpredictiveWysoki
93Argumentxxxxx_xxpredictiveMedium
94ArgumentxxxxpredictiveNiski
95Argumentxxxx_xxxxxpredictiveMedium
96Argumentxxxxxxx_xxxpredictiveMedium
97ArgumentxxxxxxxxpredictiveMedium
98Argumentxx_xxxxpredictiveNiski
99Argumentxxxxxxx_xxxxpredictiveMedium
100ArgumentxxxxxxpredictiveNiski
101ArgumentxxxpredictiveNiski
102ArgumentxxxpredictiveNiski
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxxx/xxxpredictiveMedium
105ArgumentxxxxxxpredictiveNiski
106ArgumentxxxxxxxpredictiveNiski
107ArgumentxxxxxpredictiveNiski
108ArgumentxxxxxpredictiveNiski
109ArgumentxxxxxxpredictiveNiski
110ArgumentxxxpredictiveNiski
111ArgumentxxxpredictiveNiski
112ArgumentxxxxxxxxpredictiveMedium
113ArgumentxxxpredictiveNiski
114Pattern|xx|predictiveNiski

Referencje (30)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!