Worok Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (49)

Język

en	36
zh	10
ar	2
es	2

Kraj

us	36
cn	12
gb	2

Aktorzy

Worok	3
APT41	1
Cobalt Strike	1

Wysiłek

Rodzaj

Not Defined	20
Operating System	4
Web Browser	2
Versioning Software	2
Content Management System	2

Sprzedawca

Not Defined	14
Microsoft	6
MB connect line	2
DZCP	2
ISS	2

Produkt

Microsoft Windows	4
Responsive Menus	2
MB connect line mymbCONNECT24	2
MB connect line mbCONNECT24	2
DZCP deV!L`z Clanportal	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.51	CVE-2010-0966
2	Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting	3.2	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.02	CVE-2018-25085
3	xiaozhuai imageinfo imageinfo.hpp memory corruption	5.8	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00056	0.02	CVE-2023-1190
4	finixbit elf-parser elf_parser.cpp get_segments denial of service	3.7	3.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00049	0.02	CVE-2023-1157
5	DrayTek Vigor3900/Vigor2960/Vigor300B execution privilege escalation	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00892	0.03	CVE-2020-14472
6	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	1.96
7	ISS BlackICE PC Protection Update weak encryption	3.7	3.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00067	0.12	CVE-2003-5002
8	Pligg cloud.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.61
9	DZCP deV!L`z Clanportal browser.php information disclosure	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.51	CVE-2007-1167
10	SPIP spip.php cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00132	0.54	CVE-2022-28959
11	FusionPBX fax_send.php privilege escalation	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00121	0.02	CVE-2022-35153
12	NoneCms App.php privilege escalation	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.96678	0.02	CVE-2018-20062
13	Cisco Small Business RV345 memory corruption	9.9	9.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.96250	0.04	CVE-2022-20699
14	Git Plugin Build privilege escalation	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01156	0.02	CVE-2022-36883
15	Fortinet FortiOS ECDSA PRNG weak encryption	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00169	0.00	CVE-2019-15703
16	Ivanti Pulse Connect Secure Header privilege escalation	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00053	0.07	CVE-2022-21826
17	Jfinal CMS sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00172	0.00	CVE-2022-30500
18	Samba DCE/RPC privilege escalation	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00100	0.00	CVE-2021-23192
19	Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation	7.2	6.5	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.02	CVE-2022-30151
20	Microsoft Windows Kernel Privilege Escalation	8.3	7.7	$100k i więcej	$5k-$25k	Functional	Official Fix	0.00406	0.00	CVE-2021-33771

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	5.183.101.9		Worok	2022-10-05	verified	Wysoki
2	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxx	2022-10-05	verified	Wysoki
3	XXX.XXX.XX.XX		Xxxxx	2022-10-05	verified	Wysoki
4	XXX.XXX.XX.XX		Xxxxx	2022-10-05	verified	Wysoki

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Wysoki
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
3	T1059	CWE-94	Argument Injection	predictive	Wysoki
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Wysoki
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
11	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Wysoki

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/fax/fax_send.php	predictive	Wysoki
2	File	/forum/away.php	predictive	Wysoki
3	File	/spip.php	predictive	Medium
4	File	adclick.php	predictive	Medium
5	File	xxxxx.xxx	predictive	Medium
6	File	xxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxx	predictive	Wysoki
7	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
8	File	xxx_xxxxxx.xxx	predictive	Wysoki
9	File	xxxx-xxxxx.x	predictive	Medium
10	File	xxxxxxx.xxx	predictive	Medium
11	File	xxxxxxxxx.xxx	predictive	Wysoki
12	File	xxx/xxxxxx.xxx	predictive	Wysoki
13	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Wysoki
14	File	xxxxxxxxx/xxxxxxxxx	predictive	Wysoki
15	File	xxxxxxxxx.xxx.xxx	predictive	Wysoki
16	File	xxxxxxxx.xxx	predictive	Medium
17	File	xxxxxxxxxx.xxx	predictive	Wysoki
18	File	xxxxxxxxxx_xxxxx.xxxxxx	predictive	Wysoki
19	File	xxxxxxxxx.xxx	predictive	Wysoki
20	File	xxxx-xxxxxxxx.xxx	predictive	Wysoki
21	Library	xxxxx.xxx	predictive	Medium
22	Library	xxxxxxxx/xxxxxxx/xxxxx/xxx.xxx	predictive	Wysoki
23	Library	xxxxxxxx.xxx	predictive	Medium
24	Argument	xxxxxxxx	predictive	Medium
25	Argument	xxxxxx-xxxx	predictive	Medium
26	Argument	xxxxxxxxxx	predictive	Medium
27	Argument	xxxxxxx-xxxxxx	predictive	Wysoki
28	Argument	xxxx	predictive	Niski
29	Argument	xxxx	predictive	Niski
30	Argument	xxxxxx	predictive	Niski
31	Argument	xx	predictive	Niski
32	Argument	xxxxx	predictive	Niski
33	Argument	xxxxxxxxx	predictive	Medium
34	Argument	xxx	predictive	Niski

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you know our Splunk app?

Download it now for free!