QNAPCrypt Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Język

en	20
sv	2

Kraj

us	16
ru	2
gb	2

Aktorzy

QNAPCrypt	3
Nobelium	1
Mirai	1
BianLian	1
Raccoon	1

Wysiłek

Rodzaj

Not Defined	14
Groupware Software	2
Web Server	2
Database Software	2
Content Management System	2

Sprzedawca

Not Defined	10
Microsoft	6
eMeeting	2
Teradata	2
Hikvision	2

Produkt

eMeeting Online Dating Software	2
Microsoft Outlook Web App	2
Microsoft IIS	2
Teradata Virtual Machine Community Edition	2
Microsoft SQL Server	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Fortinet FortiOS SSL-VPN Daemon denial of service	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.03	CVE-2023-29180
2	QNAP Multimedia Console/QTS/Media Streaming Add-on privilege escalation	9.0	8.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00067	0.04	CVE-2023-23369
3	OpenSSH Authentication Username information disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.15	CVE-2016-6210
4	Mikrotik RouterOS SNMP information disclosure	8.0	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00307	0.04	CVE-2022-45315
5	Odoo Community/Enterprise Database Manager privilege escalation	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00493	0.00	CVE-2018-14885
6	1C:Enterprise URL Parameter information disclosure	5.9	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00168	0.06	CVE-2021-3131
7	Hikvision Wwireless Bridge Web Server privilege escalation	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00142	0.05	CVE-2022-28173
8	Synology DiskStation Manager Web Interface info.cgi Reflected cross site scripting	5.5	5.1	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.03
9	Online Student Admission sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00172	0.03	CVE-2022-28467
10	Mini-Inventory-and-Sales-Management-System Inventory cross site request forgery	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2021-44321
11	TightVNC InitialiseRFBConnection memory corruption	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01927	0.02	CVE-2019-15679
12	Host Web Server phpinfo.php phpinfo information disclosure	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00000	0.04
13	Microsoft Outlook Web App redir.aspx weak authentication	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.00
14	Teradata Virtual Machine Community Edition Temp File t2a.pl privilege escalation	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01796	0.00	CVE-2016-7489
15	Microsoft SQL Server Virtual Function privilege escalation	6.3	6.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02571	0.04	CVE-2015-1763
16	Mlffat index.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00099	0.00	CVE-2009-2585
17	Microsoft IIS FTP Server memory corruption	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.96843	0.05	CVE-2010-3972
18	WordPress wp_crop_image directory traversal	5.9	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.95884	0.02	CVE-2019-8943
19	Gempar Script Toko Online shop_display_products.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.02	CVE-2009-0296
20	Drupal System Module Reflected privilege escalation	6.4	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00263	0.03	CVE-2016-3168

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	167.99.218.114		QNAPCrypt	2022-09-08	verified	Wysoki
2	XXX.XXX.XX.XX		Xxxxxxxxx	2021-08-11	verified	Wysoki
3	XXX.XXX.XXX.XXX	xxxxxxxx.xxxx.xxxxxx.xxx	Xxxxxxxxx	2022-06-17	verified	Wysoki
4	XXX.XX.XXX.XX	xxxx.xx-xxx-xx-xxx.xxx	Xxxxxxxxx	2024-02-12	verified	Wysoki

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1059.007	CWE-80	Cross Site Scripting	predictive	Wysoki
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Wysoki
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/opt/teradata/gsctools/bin/t2a.pl	predictive	Wysoki
2	File	/webman/info.cgi	predictive	Wysoki
3	File	account/gallery.php	predictive	Wysoki
4	File	xxxxx.xxx	predictive	Medium
5	File	xxx/xxxxx.xxxx	predictive	Wysoki
6	File	xxxxxxx.xxx	predictive	Medium
7	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Wysoki
8	Argument	xxx_xx	predictive	Niski
9	Argument	xxxx/xxxxxx/xxx	predictive	Wysoki
10	Argument	xx	predictive	Niski
11	Argument	xxxxxxxx	predictive	Medium
12	Argument	xxxxxxxxxxxxxxxx	predictive	Wysoki
13	Argument	xxx	predictive	Niski
14	Input Value	.xxx?/../../xxxx.xxx	predictive	Wysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

Samples (3)

The following list contains associated samples:

◂ PoprzedniPrzeglądKolejny ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!