xmrig.pe Analiza

IOB - Indicator of Behavior (129)

Oś czasu

Język

en70
zh32
ru10
de6
sv4

Kraj

us68
cn32
ru6
gb4
ir4

Aktorzy

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Sprzedawca

Produkt

Linux Kernel8
Microsoft SQL Server6
Microsoft Windows6
Qualcomm Snapdragon Auto4
Qualcomm Snapdragon Consumer Electronics Connectiv ...4

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.72CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3Cisco Wireless LAN Controller 802.11v privilege escalation5.85.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2017-12275
4LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.41
5Cisco Wireless LAN Controller ANQP memory corruption5.24.9$5k-$25kObliczenieNot DefinedOfficial Fix0.001020.00CVE-2017-12282
6jeecg-boot qurestSql sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.113110.13CVE-2023-1454
7Webmin privilege escalation7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.971960.04CVE-2022-0824
8Atlassian Jira Server/Jira Data Center Mobile Plugin privilege escalation6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.033120.03CVE-2022-26135
9SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.51CVE-2022-28959
10Jetty Login Password.java information disclosure5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002990.04CVE-2017-9735
11FileRun index.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.006490.00CVE-2007-2469
12I-O DATA DEVICE LAN DISK Connect memory corruption6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000800.03CVE-2017-10875
13Cisco Wireless LAN Controller SNMP denial of service5.35.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001430.00CVE-2017-12278
14D-Link DIR-850L LAN Traffic privilege escalation5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.002770.00CVE-2017-14430
15Apple iOS/iPadOS Attachment BLASTPASS privilege escalation7.06.9$25k-$100k$5k-$25kHighOfficial Fix0.000700.03CVE-2023-41061
16MikroTik RouterOS igmp-proxy denial of service4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002010.05CVE-2020-20219
17TIBCO Spotfire Statistics Services Splus Server privilege escalation9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.001400.00CVE-2023-29268
18Google Chrome V8 privilege escalation7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.026350.00CVE-2023-2033
19Tenda W30E editUserName memory corruption6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2022-45508
20Traefik information disclosure4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.02CVE-2022-23469

Kampanie (1)

These are the campaigns that can be associated with the actor:

  • Log4Shell

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/.ssh/authorized_keyspredictiveWysoki
2File/forum/away.phppredictiveWysoki
3File/goform/delFileNamepredictiveWysoki
4File/goform/editUserNamepredictiveWysoki
5File/index/user/upload_img.htmlpredictiveWysoki
6File/xxxxx/xxxx/xxxx_xxxx.xxxxpredictiveWysoki
7File/xxxx/xxx/xxxx-xxxxxpredictiveWysoki
8File/xxxx.xxxpredictiveMedium
9File/xxxxxxx/predictiveMedium
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxxx/xxxxxx/xxx_xxxx.xpredictiveWysoki
13Filex_xxxxxxpredictiveMedium
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
15Filexxxx.xxxpredictiveMedium
16Filexxx/xxxxxx.xxxpredictiveWysoki
17Filexxxxx.xxxpredictiveMedium
18Filexxxx.xxxpredictiveMedium
19Filexxxxxxxx/xxxxxxxxxpredictiveWysoki
20Filexxxxxx/xxx/xxxxxxxx.xpredictiveWysoki
21Filexxxxx.xxxpredictiveMedium
22Filexxx_xxxxx_xxxxx.xpredictiveWysoki
23Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveWysoki
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveWysoki
26Filexxxxxxxxxxxxxxx.xxxxpredictiveWysoki
27ArgumentxxxxxxxxxxxpredictiveMedium
28Argumentxxx_xxxpredictiveNiski
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxxxxxpredictiveNiski
31Argumentxxxxxxx-xxxx/xxxxxxx-xxxxxxxx-xxxxxxxxpredictiveWysoki
32Argumentxx_xxxxx_xxpredictiveMedium
33ArgumentxxxpredictiveNiski
34ArgumentxxxxpredictiveNiski
35ArgumentxxxxxxxxxxxpredictiveMedium
36Argumentxxxx/xxx/xxx_xxpredictiveWysoki
37ArgumentxxxxxxxxpredictiveMedium
38Argumentxxx_xxxxxxxxxxxpredictiveWysoki
39ArgumentxxxxxxpredictiveNiski
40Argumentxxx_xxxxxxxpredictiveMedium
41ArgumentxxxpredictiveNiski
42ArgumentxxxxxxxxpredictiveMedium
43Input Value../predictiveNiski
44Input Valuexxxxxxxxx' xxx 'x'='xpredictiveWysoki

Referencje (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!