TA406 Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (59)

Oś czasu

Język

en54
es2
de2
ja2

Kraj

us42
gb6
ru4
de2

Aktorzy

TA4064
BumbleBee3
Cobalt Strike3
Ryuk2
Meterpreter2

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined18
Operating System10
Photo Gallery Software4
Content Management System4
Office Suite Software2

Sprzedawca

Not Defined16
Microsoft8
Encode2
Gallery2
Kingsoft2

Produkt

Microsoft Windows8
Encode httpx2
Gallery My Photo Gallery2
Kingsoft WPS Office2
YzmCMS2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.006620.00CVE-2022-37958
2Secomea GateManager privilege escalation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.04CVE-2022-25782
3Microsoft Windows Mark of the Web nieznana luka5.44.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.003130.00CVE-2022-41091
4Synacor Zimbra Collaboration Suite sudo Configuration zmslapd privilege escalation8.38.3$0-$5k$0-$5kHighOfficial Fix0.001140.02CVE-2022-37393
5vsftpd Service Port 6200 privilege escalation8.58.4$25k-$100k$25k-$100kNot DefinedWorkaround0.842150.08CVE-2011-2523
6Genivia gSOAP WS-Addressing Plugin memory corruption8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.037860.02CVE-2020-13576
7Citrix ADC/Gateway cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.072180.01CVE-2023-24488
8sitepress-multilingual-cms Plugin class-wp-installer.php cross site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004270.04CVE-2020-10568
9Kingsoft WPS Office Registry wpsupdater.exe privilege escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.009240.02CVE-2022-24934
10Microsoft Windows Scripting Language race condition7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.004680.00CVE-2022-41118
11php-fusion downloads.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001590.00CVE-2020-12708
12Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001120.04CVE-2011-0519
13Gallery My Photo Gallery image.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
14Host Web Server phpinfo.php phpinfo information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000000.04
15ESMI PayPal Storefront products1h.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.054680.00CVE-2005-0936
16Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
17Simple Real Estate Portal System sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001720.00CVE-2022-28410
18Microsoft Office Remote Code Execution5.85.3$5k-$25k$0-$5kUnprovenOfficial Fix0.002200.00CVE-2022-29107
19automad Dashboard cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000540.00CVE-2022-1536
20Encode httpx privilege escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.00CVE-2021-41945

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
1108.62.12.11TA4062021-11-21verifiedWysoki
2XXX.XXX.XXX.XXXXxxxx2021-11-21verifiedWysoki
3XXX.XXX.XXX.Xxxxxxx-xx.xxxxxxxxxxx.xxxXxxxx2021-11-21verifiedWysoki
4XXX.XXX.XX.XXXXxxxx2021-11-21verifiedWysoki
5XXX.XXX.XXX.XXXXxxxx2021-11-21verifiedWysoki

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1059CWE-94Argument InjectionpredictiveWysoki
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
4TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
7TXXXX.XXXCWE-XXXXxxxxxxxpredictiveWysoki
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
9TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/admin/admin_manage/deletepredictiveWysoki
2File/my_photo_gallery/image.phppredictiveWysoki
3File/reps/classes/Users.php?f=delete_agentpredictiveWysoki
4File/s/predictiveNiski
5Filexxxxxxxxx.xxxpredictiveWysoki
6Filexx.xxxpredictiveNiski
7Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveWysoki
8Filexxxxxxx/xxx/xxxxxxxx/xx.xpredictiveWysoki
9Filexxxxxxx.xxxpredictiveMedium
10Filexxx/xxxxxx.xxxpredictiveWysoki
11Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveWysoki
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxxxxxxx.xxxpredictiveWysoki
14Filexxxx.xxxpredictiveMedium
15Filexxxx.xxxpredictiveMedium
16Filexxxxxxxxxx.xxxpredictiveWysoki
17FilexxxxxxxpredictiveNiski
18ArgumentxxxxxxxxpredictiveMedium
19Argumentxxx_xxpredictiveNiski
20Argumentxxxxx.xxx/xxxxx.xxxxxxpredictiveWysoki
21ArgumentxxpredictiveNiski
22ArgumentxxxxxpredictiveNiski
23ArgumentxxxxxxpredictiveNiski
24ArgumentxxxpredictiveNiski
25ArgumentxxxxxpredictiveNiski
26Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictiveWysoki
27Input Valuexxxx</xxxxx><xxxxxx>xxxxx("xxxx")</xxxxxx><xxxxx>predictiveWysoki
28Network Portxxx/xxxxpredictiveMedium
29Network Portxxx/xxxxxpredictiveMedium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you need the next level of professionalism?

Upgrade your account now!