Retefe Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (233)

Oś czasu

Język

en174
ru26
sv18
pl4
zh4

Kraj

ru88
us86
cn12
me6
ca4

Aktorzy

Retefe7
RedLine Stealer6
TrickBot4
Locky3
Rig Exploit Kit1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined80
Content Management System16
Operating System12
Web Server10
Forum Software6

Sprzedawca

Not Defined72
Microsoft10
Apache8
SourceCodester6
GitLab4

Produkt

WordPress6
FreeBSD6
vBulletin4
Apache HTTP Server4
GitLab Enterprise Edition4

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.24CVE-2009-4935
3Htmly Blog Post cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001490.00CVE-2022-25022
4Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.44
5WordPress Private Post information disclosure4.94.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000650.00CVE-2021-39203
6HP Router/Switch SNMP information disclosure3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002850.04CVE-2012-3268
7Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002090.02CVE-2009-2441
8nginx privilege escalation6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.84CVE-2020-12440
9Apache Struts ExceptionDelegator privilege escalation8.88.4$5k-$25k$0-$5kHighOfficial Fix0.293160.02CVE-2012-0391
10Apache HTTP Server ap_get_basic_auth_pw weak authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.013990.09CVE-2017-3167
11Schneider Electric Vijeo Designer directory traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.00CVE-2021-22704
12Tiki Admin Password tiki-login.php weak authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.28CVE-2020-15906
13vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.20CVE-2018-6200
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.00CVE-2007-0354
15Hscripts PHP File Browser Script index.php directory traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2018-16549
16Microsoft IIS IP/Domain Restriction privilege escalation6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.32CVE-2014-4078
17ISC BIND DS Record resume_dslookup denial of service7.57.0$5k-$25k$0-$5kFunctionalOfficial Fix0.000970.00CVE-2022-0667
18Django Template Language information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001270.02CVE-2021-45116
19Video Downloader for TikTok Plugin privilege escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.002220.02CVE-2020-24142
20Microsoft Windows Win32k Privilege Escalation8.37.7$100k i więcej$0-$5kFunctionalOfficial Fix0.001480.00CVE-2021-40449

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
15.45.68.98Retefe2021-11-09verifiedWysoki
25.45.70.63Retefe2021-11-09verifiedWysoki
35.196.200.228a228.porelune.comRetefe2021-11-09verifiedWysoki
4X.XXX.XXX.XXXxxxx.xxxxxxxx.xxxXxxxxx2021-11-09verifiedWysoki
5XX.X.XXX.XXxxxxxx.xxxxxxx.xxxXxxxxx2021-11-09verifiedWysoki
6XX.XXX.XXX.XXxxxxxxxxx.xxxxXxxxxx2021-11-09verifiedWysoki
7XX.XXX.XXX.XXXXxxxxx2021-11-09verifiedWysoki
8XXX.XXX.XX.XXXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx2021-11-09verifiedWysoki
9XXX.XXX.XX.XXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx2021-11-09verifiedWysoki
10XXX.X.XXX.XXXxxxxx2021-11-09verifiedWysoki
11XXX.XX.XX.XXxxxxxxxxx.xxXxxxxx2021-11-09verifiedWysoki
12XXX.XX.XX.XXXxxxxxxxx.xxxxxxx.xxXxxxxx2021-11-09verifiedWysoki
13XXX.XX.XX.XXXxxxxx-xxxxxxx.xxxXxxxxx2021-11-09verifiedWysoki
14XXX.XX.XX.XXXxxxx.xxXxxxxx2021-11-09verifiedWysoki
15XXX.XX.XX.XXXxxx-xxxxxx.xxxxxx-xx-xxxxx.xxxXxxxxx2021-11-09verifiedWysoki

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-21, CWE-22Path TraversalpredictiveWysoki
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3T1059CWE-94, CWE-1321Argument InjectionpredictiveWysoki
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveWysoki
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
10TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveWysoki
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveWysoki
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
14TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveWysoki
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveWysoki
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/admin/config.php?display=disa&view=formpredictiveWysoki
2File/api/baskets/{name}predictiveWysoki
3File/cgi-bin/wlogin.cgipredictiveWysoki
4File/index.phppredictiveMedium
5File/members/view_member.phppredictiveWysoki
6File/mhds/clinic/view_details.phppredictiveWysoki
7File/owa/auth/logon.aspxpredictiveWysoki
8File/product.phppredictiveMedium
9File/rest/api/latest/projectvalidate/keypredictiveWysoki
10File/SSOPOST/metaAlias/%realm%/idpv2predictiveWysoki
11File/uncpath/predictiveMedium
12Fileadclick.phppredictiveMedium
13Fileadmin.jcomments.phppredictiveWysoki
14Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictiveWysoki
15Filexxx/xxx.xxxpredictiveMedium
16Filexxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxx/xxxx/xxxx_xxxxxxxx/xxxxxx.xxpredictiveWysoki
17Filexxxxxx.xxxpredictiveMedium
18Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveWysoki
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
20Filexx.xxxpredictiveNiski
21Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveWysoki
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxx.xxxpredictiveMedium
24Filexxx/xxxx/xxxx.xpredictiveWysoki
25Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveWysoki
26Filexxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxxxx.xxxpredictiveWysoki
28Filexxxxx.xxxxpredictiveMedium
29Filexxx/xxxxxx.xxxpredictiveWysoki
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxxx/xx/xxxx.xxpredictiveWysoki
32Filexx.xxxpredictiveNiski
33Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveWysoki
34Filexxxxxxxxxxxx.xxxpredictiveWysoki
35Filexxxxxxxxxxx.xxxpredictiveWysoki
36Filexxxxxxxxxx_xxxxxxx.xxxpredictiveWysoki
37Filexxx/xxxxxpredictiveMedium
38Filexxx_xxxx.xxxpredictiveMedium
39Filexxxxx_xxxxxxxx_xxxxx.xxxpredictiveWysoki
40Filexxxxx_xxxx_xxxxxx.xxxpredictiveWysoki
41Filexxxxxx_xxxxxxxxxx_xxxxx.xxxpredictiveWysoki
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveWysoki
44Filexxxx.xxxpredictiveMedium
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxxxxxx.xxxpredictiveWysoki
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxx-xxxxx.xxxpredictiveWysoki
49Filexxx.xpredictiveNiski
50Filexxxxxxxx/xxxxxxxxpredictiveWysoki
51Filexx-xxxx.xxxpredictiveMedium
52Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveWysoki
53Library/_xxx_xxx/xxxxx.xxxpredictiveWysoki
54Libraryxxxxxx/xxxxxxx/xxx/xxx/xxxxx/xxxxxx/xxxxxxxxx.xxxpredictiveWysoki
55Libraryxxx/xxxxxx.xpredictiveMedium
56LibraryxxxxxxxxxpredictiveMedium
57Argumentxx/xxpredictiveNiski
58Argumentxxxxxxx_xxxxxxpredictiveWysoki
59Argumentxxx_xxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxxxxpredictiveMedium
62ArgumentxxxxxxxpredictiveNiski
63ArgumentxxxxxxxxxxxxxxxxpredictiveWysoki
64ArgumentxxxxpredictiveNiski
65ArgumentxxxxxxxpredictiveNiski
66ArgumentxxxxxpredictiveNiski
67ArgumentxxxxpredictiveNiski
68Argumentxx_xxpredictiveNiski
69ArgumentxxxxxxpredictiveNiski
70ArgumentxxxxxxpredictiveNiski
71ArgumentxxxxxxpredictiveNiski
72ArgumentxxxxpredictiveNiski
73ArgumentxxxxpredictiveNiski
74ArgumentxxpredictiveNiski
75ArgumentxxxxpredictiveNiski
76ArgumentxxxpredictiveNiski
77ArgumentxxxxpredictiveNiski
78Argumentxxx-xx-xxxxxxxx-xxxxxpredictiveWysoki
79ArgumentxxxxxxxpredictiveNiski
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxpredictiveNiski
82ArgumentxxxxxxxpredictiveNiski
83Argumentxxxxxxx_xxpredictiveMedium
84ArgumentxxxxxxpredictiveNiski
85ArgumentxxxxxxxxxxxpredictiveMedium
86ArgumentxxxxxxpredictiveNiski
87Argumentxxx:xxxpredictiveNiski
88ArgumentxxxpredictiveNiski
89Argumentxxxxx/xxxxxxxxxxxpredictiveWysoki
90ArgumentxxxpredictiveNiski
91ArgumentxxxpredictiveNiski
92ArgumentxxxxxxxxpredictiveMedium
93Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveWysoki
94ArgumentxxxxxpredictiveNiski
95Argumentx-xxxxxxxxx-xxxxxxpredictiveWysoki
96Input Value../predictiveNiski
97Input Valuexxxxxxxxx--><xxxxxx%xx>xxxxx(xxxx)</xxxxxx><!--predictiveWysoki
98Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveWysoki
99Input Valuexxxxxxx xxxxx'"()&%<xxx><xxxxxx >xxxxx(xxxx)</xxxxxx>predictiveWysoki
100Network Portxxx/xxx (xxxx)predictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you need the next level of professionalism?

Upgrade your account now!