WindShift Analiza

IOB - Indicator of Behavior (83)

Oś czasu

Język

en74
pt6
pl2
zh2

Kraj

Aktorzy

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Sprzedawca

Produkt

Microsoft Windows6
Linux Kernel4
Backdoor.Win32.GateHell.212
Ivanti Pulse Connect Secure2
Backdoor.Win32.Hupigon.acio2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1Cisco SD-WAN CLI Privilege Escalation8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2022-20818
2Cisco IOS XE Self-Healing privilege escalation7.37.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2022-20855
3Apple iOS ImageIO denial of service6.46.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.03533CVE-2016-1811
4Acme Mini HTTPd Terminal privilege escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00303CVE-2009-4490
5Cisco SD-WAN CLI Privilege Escalation8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2022-20775
6Apple iOS CommonCrypto information disclosure5.45.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00181CVE-2016-1802
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
8Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.45352CVE-2023-21716
9Linux Kernel TPM Device memory corruption7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2022-2977
10D-Link Go-RT-AC750 gena.php privilege escalation7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00121CVE-2022-36523
11Multivendor Marketplace Solution for WooCommerce Order Status cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00053CVE-2022-2657
12taviso Lotus 1-2-3 Worksheet process_fmt memory corruption7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00068CVE-2022-39843
13image-tiler privilege escalation8.58.4$0-$5kObliczenieNot DefinedOfficial Fix0.000.00194CVE-2020-28451
14Apple macOS Kernel information disclosure3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00062CVE-2022-32817
15Irfan Skiljan IrfanView ShowPlugInSaveOptions_W memory corruption5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00057CVE-2020-23561
16Microsoft Windows Defender Credential Guard Privilege Escalation8.37.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00043CVE-2022-34711
17Microsoft Windows Kerberos Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00121CVE-2022-30165
18Microsoft Windows Kerberos AppContainer Privilege Escalation8.98.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00043CVE-2022-30164
19Microsoft Windows Network File System Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.050.88073CVE-2022-30136
20Vmware Workspace ONE Access weak authentication9.89.1$25k-$100k$0-$5kFunctionalOfficial Fix0.000.58483CVE-2022-22972

Kampanie (1)

These are the campaigns that can be associated with the actor:

  • WindShift

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22, CWE-25Path TraversalpredictiveWysoki
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3T1059CWE-94Argument InjectionpredictiveWysoki
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
8TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveWysoki
9TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveWysoki
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveWysoki
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
12TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File.procmailrcpredictiveMedium
2File/cgi-bin/wapopenpredictiveWysoki
3File/htdocs/upnpinc/gena.phppredictiveWysoki
4File/it-IT/splunkd/__raw/services/get_snapshotpredictiveWysoki
5File/xxxxxxx/xxxxx/xxxxx.xxxpredictiveWysoki
6File/xxxxxxx/predictiveMedium
7Filexxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xpredictiveWysoki
8Filexxxx/xxxxxxxxxxxx.xxxpredictiveWysoki
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxx.xxx?xxx=xxxxx_xxxxpredictiveWysoki
11Filexxxxxxxxxxxxxx/xxxxxxx.xxxpredictiveWysoki
12Filexxxxxxxx.xxxpredictiveMedium
13Filexx-xxxxxxxxxxx.xxxpredictiveWysoki
14File~/xx-xxxxxxxx.xxxpredictiveWysoki
15Argument$_xxxxxx['xxx_xxxx']predictiveWysoki
16Argument--xxxx=xxxpredictiveMedium
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxxpredictiveNiski
19ArgumentxxxxxxxxxxpredictiveMedium
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxxxpredictiveNiski
22Argumentxxxxxx_xxpredictiveMedium
23Argumentxxxx_xxxxpredictiveMedium
24ArgumentxxxpredictiveNiski
25ArgumentxxxpredictiveNiski
26Argumentxxxxxxxx/xxxxpredictiveWysoki
27Input Value../..predictiveNiski

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!