TunnelVision Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Oś czasu

Język

en44
fr2

Kraj

us34
mx8
br2
gb2

Aktorzy

TunnelVision6
Mint Sandstorm2
IcedID1
AsyncRAT1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined10
Programming Language Software4
Content Management System4
Domain Name Software2
WordPress Plugin2

Sprzedawca

Not Defined12
Microsoft4
D-Link2
SourceCodester2
DZCP2

Produkt

D-Link DNR-320L2
D-Link DNS-320LW2
D-Link DNR-322L2
D-Link DNR-3262
D-Link DNS-327L2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2SAP NetWeaver MigrationService privilege escalation9.29.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000770.02CVE-2021-21481
3WordPress cross site scripting5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003640.02CVE-2022-21662
4WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.935360.04CVE-2022-21661
5Microsoft Windows RDP privilege escalation8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.001210.00CVE-2021-1669
6DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.72CVE-2010-0966
7SourceCodester Petrol Pump Management Software service_crud.php privilege escalation4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.08CVE-2024-2059
8Cacti Request Parameter remote_agent.php privilege escalation8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.965280.00CVE-2022-46169
9All in One SEO Plugin REST API Endpoint privilege escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.024070.02CVE-2021-25036
10YITH WooCommerce Gift Cards Premium Plugin Shopping Cart php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.134510.00CVE-2021-3120
11WordPress wp-publications Plugin Archive bibtexbrowser.php directory traversal7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.005290.03CVE-2021-38360
12WP Import Export Plugin class-wpie-general.php wpie_process_file_download privilege escalation6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.001610.00CVE-2022-0236
13Cisco Small Business RV345 memory corruption9.99.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.962500.04CVE-2022-20699
14WordPress Object privilege escalation5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
15Oracle GlassFish Open Source Edition Demo Feature weak authentication8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001870.03CVE-2018-14324
16Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$0-$5kUnprovenOfficial Fix0.965140.04CVE-2021-42321
17F5 BIG-IP TMUI Privilege Escalation8.88.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.001590.00CVE-2021-22988
18Microsoft SharePoint Server Privilege Escalation8.87.7$25k-$100k$0-$5kUnprovenOfficial Fix0.282920.00CVE-2021-31181
19Umbraco CMS Installation directory traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.003710.06CVE-2020-5811
20Dnsmasq helper.c create_helper information disclosure3.73.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003470.00CVE-2019-14834

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
151.89.135.142ip142.ip-51-89-135.euTunnelVision2022-02-25verifiedWysoki
251.89.169.198ip198.ip-51-89-169.euTunnelVision2022-02-25verifiedWysoki
3XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxxxxxx2022-02-25verifiedWysoki
4XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxxxxxx2022-02-25verifiedWysoki
5XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxxx2022-02-25verifiedWysoki
6XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxxx2022-02-25verifiedWysoki
7XXX.XX.XXX.XXxxxxxxxxxxx2022-02-25verifiedWysoki

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveWysoki
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
8TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveWysoki
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
10TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/admin/app/service_crud.phppredictiveWysoki
2File/cgi-bin/user/Config.cgipredictiveWysoki
3File/etc/sudoerspredictiveMedium
4File/src/helper.cpredictiveWysoki
5Filexxxxx.xxx/xxxx/xxx/xxxxx/predictiveWysoki
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
7Filexxxxxx.xxxpredictiveMedium
8Filexxx/xxxxxx.xxxpredictiveWysoki
9Filexxxxx_xxx.xxxpredictiveWysoki
10FilexxxpredictiveNiski
11Filexxxx.xxxpredictiveMedium
12Filexxxxxxxxx.xxxpredictiveWysoki
13Filexxxxxx_xxxxx.xxxpredictiveWysoki
14Filexxxx.xxxpredictiveMedium
15Filexxxxxx/xxxxx.xxx/xxxx/xxxxpredictiveWysoki
16Filexxxxxxxxx.xxxpredictiveWysoki
17Filexxxxxx/xxxxx/xxxx_xxx.xxxpredictiveWysoki
18File~/xxxxxxxxxxxxx.xxxpredictiveWysoki
19File~/xxxxxxxx/xxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveWysoki
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxpredictiveNiski
22Argumentxxxx/xxxxxxxpredictiveMedium
23Argumentxxxx_xxpredictiveNiski
24ArgumentxxxxxxxxpredictiveMedium
25ArgumentxxxxpredictiveNiski
26ArgumentxxxxxpredictiveNiski
27ArgumentxxxxxxxpredictiveNiski
28Argumentx_xxxxpredictiveNiski
29Argumentxxxxx_xxpredictiveMedium
30ArgumentxxxxxxxxpredictiveMedium
31Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveWysoki
32Input ValuexxxxxpredictiveNiski
33Input Valuexxxxxxxxx xxxxxpredictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Interested in the pricing of exploits?

See the underground prices here!