Royal Road Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (175)

Oś czasu

Język

en152
de8
fr6
es6
it2

Kraj

us92
gb14
cz10
ca10
ru8

Aktorzy

Royal Road4
APT281
TrickBot1
Zeus1
Pikabot1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined60
Content Management System16
Web Server14
Operating System6
Router Operating System6

Sprzedawca

Not Defined56
Microsoft16
Apache10
Oracle4
BigTree2

Produkt

WordPress10
Microsoft Windows6
Apache HTTP Server6
Microsoft IIS4
Microsoft Exchange Server4

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1nginx privilege escalation6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.38CVE-2020-12440
2MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
3WordPress Private Post privilege escalation4.64.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002720.03CVE-2020-11028
4Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.00CVE-2020-1927
5ProFTPD mod_copy privilege escalation8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.944620.00CVE-2019-12815
6Microsoft Exchange Server Privilege Escalation8.57.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.035630.00CVE-2021-26412
7Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
8Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
9Mihalism Multi Host users.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001520.00CVE-2008-0714
10Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.06CVE-2017-0055
11Mailman privilege escalation6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2018-13796
12WordPress Thumbnail privilege escalation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.009900.03CVE-2018-1000773
13XenForo privilege escalation8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
14DCP-Portal forums.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
15Ideal BB.NET forums.aspx cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
16logwatch logwatch.pl privilege escalation9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.051510.03CVE-2011-1018
17OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.51CVE-2016-6210
18Apache Shiro API directory traversal8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000710.05CVE-2023-34478
19Subversion svn+ssh:/ URL privilege escalation8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.128510.03CVE-2017-9800
20Apache Subversion mod_authz_svn authenticated information disclosure5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003800.03CVE-2015-3184

Kampanie (1)

These are the campaigns that can be associated with the actor:

  • Royal Road

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
1138.68.133.211share.sawblade.org.ukRoyal RoadRoyal Road2020-12-22verifiedWysoki
2XXX.XXX.XX.XXXxxxx XxxxXxxxx Xxxx2020-12-22verifiedWysoki
3XXX.XXX.XX.XXxxxx XxxxXxxxx Xxxx2020-12-22verifiedWysoki
4XXX.XX.X.XXXxxx.xx.x.xxx.xxxxx.xxxXxxxx XxxxXxxxx Xxxx2020-12-22verifiedMedium

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3T1059CWE-94Argument InjectionpredictiveWysoki
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveWysoki
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
11TXXXX.XXXCWE-XXXXxxxxxxxpredictiveWysoki
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveWysoki
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (92)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/bin/shpredictiveNiski
2File/oauth/authorizepredictiveWysoki
3File/see_more_details.phppredictiveWysoki
4File/uncpath/predictiveMedium
5File/webmail/predictiveMedium
6File/_nextpredictiveNiski
7Fileadmin/index.phppredictiveWysoki
8Fileanonymous/authenticatedpredictiveWysoki
9Fileassets/add/registrar.phppredictiveWysoki
10Filebooking.phppredictiveMedium
11Filebooks.phppredictiveMedium
12Filexxxx.xxxpredictiveMedium
13Filexxxxxxxxx.xxxxpredictiveWysoki
14Filexxx-xxxx.xxxpredictiveMedium
15Filexxx-xxxpredictiveNiski
16Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveWysoki
17Filexxxxxx/xxx/x_xxxxxxxx_xxxxxxxx.xpredictiveWysoki
18Filexxxxxxxx_xxxxxxxxxxxx.xxxpredictiveWysoki
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
20Filexxxxx.xxx?xxx=xxxx&xxxxxx=xxxxxxxxxpredictiveWysoki
21Filexxxxxx.xxxxpredictiveMedium
22Filexxxxxx.xxxpredictiveMedium
23Filexxxx.xpredictiveNiski
24Filexxxx.xxxpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxx_xxxx.xxxpredictiveWysoki
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxxx.xxpredictiveMedium
29Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveWysoki
30Filexxx/xxxxx.xxxxpredictiveWysoki
31Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveWysoki
32Filexxxxxxxxx.xxxxpredictiveWysoki
33Filexxxx.xxxpredictiveMedium
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxxxxxxxx/xxxxxx.xpredictiveWysoki
36Filexxx.xpredictiveNiski
37Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictiveWysoki
38Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveWysoki
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveWysoki
41Filexxxx-xxxxx_xxxxxxx.xxxpredictiveWysoki
42Filexxxxx.xxxpredictiveMedium
43Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveWysoki
44Filexxxxxx.xxxpredictiveMedium
45Filexxxxxx/xx/xxxx.xxxpredictiveWysoki
46Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveWysoki
47Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveWysoki
48Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxx-xxxx&xxpredictiveWysoki
49Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxxpredictiveWysoki
50Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveWysoki
51Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveWysoki
52Libraryxxxxxxxx.xxxpredictiveMedium
53Argument--xxxpredictiveNiski
54Argumentxxx_xxxxpredictiveMedium
55ArgumentxxxxxpredictiveNiski
56ArgumentxxxxxxpredictiveNiski
57ArgumentxxxpredictiveNiski
58ArgumentxxxxxpredictiveNiski
59Argumentxxx_xxpredictiveNiski
60ArgumentxxxpredictiveNiski
61Argumentxxxx_xxpredictiveNiski
62Argumentxxxx/xxxxpredictiveMedium
63ArgumentxxxxxxxpredictiveNiski
64ArgumentxxpredictiveNiski
65Argumentxxxx_xxxxxxxpredictiveMedium
66ArgumentxxpredictiveNiski
67ArgumentxxxxpredictiveNiski
68ArgumentxxxxpredictiveNiski
69ArgumentxxpredictiveNiski
70ArgumentxxxxxxpredictiveNiski
71ArgumentxxxxpredictiveNiski
72ArgumentxxxxxpredictiveNiski
73ArgumentxxpredictiveNiski
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxxpredictiveMedium
76Argumentxxxx_xxpredictiveNiski
77Argumentxxxxxxxx_xxxx/xxxxxx_xx/xxxxxxxx_xxxpredictiveWysoki
78Argumentxxxxxx/xxxxxpredictiveMedium
79ArgumentxxxxxxpredictiveNiski
80ArgumentxxxxxxpredictiveNiski
81ArgumentxxxxxpredictiveNiski
82Argumentxxxxxxxxxx[xxxx]predictiveWysoki
83Argumentxxxxxxxxxxx_xxpredictiveWysoki
84ArgumentxxxpredictiveNiski
85ArgumentxxxpredictiveNiski
86ArgumentxxxxxxxxpredictiveMedium
87Argumentxxxx->xxxxxxxpredictiveWysoki
88Input Value.%xx.../.%xx.../predictiveWysoki
89Input Valuexxx.xxx[xxxxx]predictiveWysoki
90Input Value…/.predictiveNiski
91PatternxxxxxxxxpredictiveMedium
92Pattern|xx xx xx xx|predictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you need the next level of professionalism?

Upgrade your account now!