XDSpy Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

Oś czasu

Język

en12
es2

Kraj

us10
es2

Aktorzy

XDSpy1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined6
Service Management Software4
Web Server2
Operating System2

Sprzedawca

Not Defined6
Apache2
Apple2
Thomas R. Pasawicz2
DZCP2

Produkt

OTRS4
Apache HTTP Server2
Apple macOS2
Thomas R. Pasawicz HyperBook Guestbook2
DZCP deV!L`z Clanportal2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1GNU C Library vfprintf Local Privilege Escalation7.87.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.012960.00CVE-2012-0864
2nginx URI String privilege escalation6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.954330.04CVE-2013-4547
3Apache HTTP Server mod_proxy memory corruption7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.012280.02CVE-2004-0492
4Postfix Admin functions.inc.php sql injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.002530.03CVE-2014-2655
5Apple macOS iBooks Redirect6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002330.00CVE-2017-2497
6Apple macOS libarchive privilege escalation5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.07CVE-2016-7619
7HPE Aruba ClearPass privilege escalation9.28.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.026240.00CVE-2017-5824
8Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
9DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.84CVE-2010-0966
10Google Chrome OS Format String8.88.4$100k i więcej$5k-$25kNot DefinedOfficial Fix0.003450.00CVE-2016-5169
11phpEventMan text.ctrl.php privilege escalation7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.149020.04CVE-2007-0702
12OTRS sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003350.02CVE-2010-0438
13OTRS StateGetStatesByType sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004070.00CVE-2014-1471
14Oracle iPlanet Web Server Administration Console cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.008680.00CVE-2012-0516

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
162.213.213.17062-213-213-170.ip.stuart.beXDSpy2021-05-31verifiedWysoki
2XX.XX.XXX.XXxx-xx-xxx-xx.xxxxx.xxxxxxxxxx.xxXxxxx2021-05-31verifiedWysoki
3XX.XXX.XX.XXxx-xx-xxx-xx.xxxx.xxxxx.xxxXxxxx2021-05-31verifiedWysoki

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1059CWE-94Argument InjectionpredictiveWysoki
2T1059.007CWE-80Cross Site ScriptingpredictiveWysoki
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1Filedata/gbconfiguration.datpredictiveWysoki
2Filefunctions.inc.phppredictiveWysoki
3Filexxx/xxxxxx.xxxpredictiveWysoki
4Filexxxx.xxxx.xxxpredictiveWysoki
5ArgumentxxxxxxxxpredictiveMedium
6Argumentxxxxxxx-xxxxxxpredictiveWysoki
7ArgumentxxxxxpredictiveNiski
8Argumentxxxx_xxxxxpredictiveMedium
9Patternxxxxxxx-xxxxxx|xx|predictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you want to use VulDB in your project?

Use the official API to access entries easily!