SpeakUp Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

Oś czasu

Język

en104
de2
fr2
pl2

Kraj

us28
cn8
ie4
nl4
pl2

Aktorzy

SpeakUp3
Cobalt Strike2
Agrius1
Bashlite1
Mirai1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined46
Smartphone Operating System6
Operating System6
WordPress Plugin6
Bug Tracking Software4

Sprzedawca

Not Defined46
Microsoft8
Apple4
Reolink4
Google2

Produkt

Microsoft Windows6
Apple iOS4
Reolink RLC-410W4
Google Android2
Host2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB privilege escalation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00171CVE-2020-11953
3SmarterTools SmarterMail Email Stored cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00084CVE-2019-7211
4Backdoor.Win32.Psychward.b Service Port 8888 weak authentication7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.040.00000
5Echelon SmartServer 1/SmartServer 2/i.LON 100/i.LON 600 weak authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00205CVE-2018-8859
6Cybozu Garoon privilege escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00082CVE-2022-27661
7GitLab Community Edition/Enterprise Edition Rrunner Jobs API privilege escalation4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00081CVE-2022-2227
8Barco TransForm N Control Room Management Suite Web Application cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00078CVE-2022-26974
9BigBlueButton Chat Message information disclosure5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00069CVE-2022-29232
10wolfSSL BASE64 PEM File Decoding information disclosure2.22.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00063CVE-2021-24116
11Google Go IP Address net.ParseCIDR privilege escalation7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00208CVE-2021-29923
12Camunda Modeler IPC Message writeFile privilege escalation7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.030.00871CVE-2021-28154
13cocoapods-downloader privilege escalation6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00131CVE-2022-21223
14Deno privilege escalation8.68.5$0-$5kObliczenieNot DefinedOfficial Fix0.000.00197CVE-2022-24783
15Rockwell Automation ISaGRAF Runtime privilege escalation5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00045CVE-2020-25184
16Cost Calculator Plugin Cost Calculator Post's Layout directory traversal5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00065CVE-2021-24820
17Zabbix SAML weak authentication8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.020.97186CVE-2022-23131
18Shared Groovy Libraries Plugin privilege escalation5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00104CVE-2022-25183
19Sangoma Corporation Switchvox privilege escalation4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00109CVE-2021-45310
20Samsung Smartphone Edge Panel information disclosure2.72.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00047CVE-2022-24001

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
15.2.73.127SpeakUp2022-02-12verifiedWysoki
2X.XXX.XX.XXxxxxxxxx.xxxxxxx.xxxXxxxxxx2022-02-12verifiedWysoki
3XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxxx2022-02-12verifiedWysoki
4XXX.XX.XXX.XXXXxxxxxx2022-02-12verifiedWysoki
5XXX.XX.XXX.XXXxxx.xxxxx.xxXxxxxxx2022-02-12verifiedWysoki

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-21, CWE-22Path TraversalpredictiveWysoki
2T1059CWE-88, CWE-94Argument InjectionpredictiveWysoki
3T1059.007CWE-79Cross Site ScriptingpredictiveWysoki
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveWysoki
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveWysoki
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/cgi-bin/kerbynetpredictiveWysoki
2File/damicms-master/admin.php?s=/Article/doeditpredictiveWysoki
3File/etc/quaggapredictiveMedium
4File/main?cmd=invalid_browserpredictiveWysoki
5Filebackend/upcean.cpredictiveWysoki
6Filexxxxxxxxx.xxxpredictiveWysoki
7Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveWysoki
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
9Filexxxx-xxxxxxxx-xxxxxx.xxxpredictiveWysoki
10Filexxxx/xxxx_xxxxxxxx_xxx/xxx_xxxxpredictiveWysoki
11Filexxxxxxxxx.xxxpredictiveWysoki
12Filexx_xxx_xx.xpredictiveMedium
13Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveWysoki
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxx/xxxxxxxxxxxxxx.xxxxpredictiveWysoki
18Filexxxxxxx:xxxxxxxxxxxxxxxxpredictiveWysoki
19Filexx_xxxx/xx/predictiveMedium
20Filexxxx.xxxpredictiveMedium
21FilexxxxxxxpredictiveNiski
22Libraryxxxxxxxxxx.xxxpredictiveWysoki
23ArgumentxxxpredictiveNiski
24ArgumentxxxxxxxxxxxxxxxpredictiveWysoki
25ArgumentxxxxxxxxxxxxpredictiveMedium
26ArgumentxxxxxxpredictiveNiski
27Argumentxxxxxx_xxxxx_xxxpredictiveWysoki
28ArgumentxxpredictiveNiski
29ArgumentxxpredictiveNiski
30Argumentxxxx xxxxxpredictiveMedium
31ArgumentxxxxxxxxxxxxxxxxxxxpredictiveWysoki
32ArgumentxxxxxxxpredictiveNiski
33ArgumentxxxxpredictiveNiski
34Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Want to stay up to date on a daily basis?

Enable the mail alert feature now!