UTA0178 Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Oś czasu

Język

en16
jp2
zh2

Kraj

us16
it2
gb2

Aktorzy

UTA01783
Indexsinas1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined8
Web Server2
Smartphone Operating System2
Bug Tracking Software2

Sprzedawca

Not Defined6
Apache2
WarHound2
Apple2
Metalinks2

Produkt

Boa Webserver2
Apache Kafka2
Coolpad Defiant2
T-Mobile Revvl Plus2
WarHound WarHound General Shopping Cart2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Apple iOS WebKit memory corruption6.46.1$100k i więcej$5k-$25kNot DefinedOfficial Fix0.006010.03CVE-2018-4273
3SourceCodester Online Admission System index.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001380.00CVE-2022-2646
4Boa Webserver GET wapopen directory traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.09CVE-2017-9833
5Apache HTTP Server mod_proxy_uwsgi memory corruption8.58.5$25k-$100k$25k-$100kNot DefinedNot Defined0.015260.04CVE-2020-11984
6Metalinks MetaCart e-Shop product.asp sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002100.00CVE-2005-1361
7WarHound WarHound General Shopping Cart item.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.004630.00CVE-2006-6206
8AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.04CVE-2006-3681
9SSH RC4 Encryption weak encryption7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005520.00CVE-2001-1475
10Apache Kafka Broker Data Loss information disclosure4.84.8$5k-$25k$0-$5kNot DefinedNot Defined0.001040.00CVE-2018-1288
11PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.04CVE-2015-4134
12Coolpad Defiant/T-Mobile Revvl Plus Factory Reset privilege escalation7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001240.00CVE-2018-15003
13Oracle WebLogic Server jQuery XML External Entity9.19.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.005310.03CVE-2015-1832
14Mantis bug_api.php privilege escalation7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007570.00CVE-2004-1734

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
147.207.9.89UTA01782024-01-17verifiedWysoki
250.213.208.8950-213-208-89-static.hfc.comcastbusiness.netUTA01782024-01-17verifiedWysoki
350.215.39.49UTA01782024-01-17verifiedWysoki
4XX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxxxxx.xxx.xxxxxxxxxxxxxxx.xxxXxxxxxx2024-01-17verifiedWysoki
5XX.XX.XXX.XXXXxxxxxx2024-01-17verifiedWysoki
6XX.XXX.XXX.XXXxxxx.xxxxxxx.xxxXxxxxxx2024-01-17verifiedWysoki
7XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxx.xxxXxxxxxx2024-01-17verifiedWysoki
8XX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxxxx.xxx.xxxxxxxxxxxxxxx.xxxXxxxxxx2024-01-17verifiedWysoki
9XX.XXX.XXX.XXxx-xxx-xxx-xx-xxxxxxxx-xx.xxx.xxxxxxxxxxxxxxx.xxxXxxxxxx2024-01-17verifiedWysoki
10XX.XXX.XX.XXXxxxx-xx-xxx-xx-xxx.xx.xx.xxx.xxxXxxxxxx2024-01-17verifiedWysoki
11XXX.XX.XX.Xxxxxxx-xxx-xx-xx-x.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxx2024-01-17verifiedWysoki
12XXX.XXX.XXX.XXXxxx-xxxxxxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxx2024-01-17verifiedWysoki
13XXX.XXX.XXX.XXXXxxxxxx2024-01-17verifiedWysoki

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveWysoki
3TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
6TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/cgi-bin/wapopenpredictiveWysoki
2Fileawstats.plpredictiveMedium
3Filebug_api.phppredictiveMedium
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
5Filexxxx.xxxpredictiveMedium
6Filexxxxx.xxxpredictiveMedium
7Filexxxx.xxxpredictiveMedium
8Filexxxxxxx.xxxpredictiveMedium
9ArgumentxxxxxxpredictiveNiski
10ArgumentxxxpredictiveNiski
11ArgumentxxxxxxxxxxpredictiveMedium
12ArgumentxxxxxxpredictiveNiski
13Argumentxxxxxxxxxx_xxxxpredictiveWysoki
14Argumentx_xxxx_xxxpredictiveMedium
15ArgumentxxxpredictiveNiski
16Input Value../..predictiveNiski
17Input Valuex</xx><xxxxxx>xxxxx(x)</xxxxxx>predictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Want to stay up to date on a daily basis?

Enable the mail alert feature now!