Andromeda Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

Curso de tempo

Idioma

en14
es2
de2

País

us10
gb4
ru2
de2

Actores

Patchwork1
TA4061
IcedID1
DanaBot1
Hackers-for-Hire1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined6
Photo Gallery Software4
Smartphone Operating System2
WordPress Plugin2

Fabricante

Not Defined4
Liferay2
Google2
Gallery2
ESMI2

Produto

Liferay Portal2
Google Android2
sitepress-multilingual-cms Plugin2
Gallery My Photo Gallery2
ESMI PayPal Storefront2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Secomea GateManager direitos alargados5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.04CVE-2022-25782
2sitepress-multilingual-cms Plugin class-wp-installer.php Falsificação de Pedido Cross Site6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005790.04CVE-2020-10568
3php-fusion downloads.php Roteiro Cruzado de Sítios5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001590.04CVE-2020-12708
4Gallarific PHP Photo Gallery script gallery.php Injecção SQL7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001360.05CVE-2011-0519
5Gallery My Photo Gallery image.php Injecção SQL6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
6Host Web Server phpinfo.php phpinfo Divulgação de Informação5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000000.05
7ESMI PayPal Storefront products1h.php Roteiro Cruzado de Sítios4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.054680.00CVE-2005-0936
8Ecommerce Online Store Kit shop.php Injecção SQL9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
9Simple Real Estate Portal System Injecção SQL6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001720.00CVE-2022-28410
10Microsoft Windows Win32k direitos alargados7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-1709
11Google Android Widevine QSEE TrustZone Application direitos alargados7.87.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003200.00CVE-2015-6639
12Joomla CMS InputFilter Upload direitos alargados8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.014270.03CVE-2018-15882
13Huawei iBMC Intelligent Baseboard Management Controller Fraca autenticação7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.002640.03CVE-2018-7942
14Liferay Portal direitos alargados9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.008570.00CVE-2011-1571

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
135.205.61.6767.61.205.35.bc.googleusercontent.comAndromeda16/01/2023verifiedMédio
2XXX.XXX.XX.XXXxxxxxxxx16/01/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
2TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
3TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
4TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/my_photo_gallery/image.phppredictiveAlto
2File/reps/classes/Users.php?f=delete_agentpredictiveAlto
3Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
4Filexxxxxxx.xxxpredictiveMédio
5Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveAlto
6Filexxxxxxx.xxxpredictiveMédio
7Filexxxxxxxxxx.xxxpredictiveAlto
8Filexxxx.xxxpredictiveMédio
9Argumentxxx_xxpredictiveBaixo
10ArgumentxxpredictiveBaixo
11ArgumentxxxxxpredictiveBaixo
12Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!