AnyDesk Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Curso de tempo

Idioma

en50
es2
ru2

País

ru14
us10
tk4
tr2

Actores

Silence1
Carbanak1
FIN71
LokiBot1
Remcos1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined28
Router Operating System4
Web Server4
Groupware Software2
E-Commerce Management Software2

Fabricante

Not Defined16
Intel4
Microsoft2
Cisco2
ZyXEL2

Produto

Microsoft Exchange2
Intel oneMKL2
Cisco IOS XR2
OpenX2
ZyXEL PK5001Z2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1WordPress Customizer Directório Traversal7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.002950.02CVE-2017-14722
2Synology VPN Plus Server Remote Desktop Excesso de tampão9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.02CVE-2022-43931
3GajShield Data Security Firewall firmware Web-based Management Interface Fraca autenticação9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.04CVE-2023-1778
4PaperCut NG/MF HTTP Request direitos alargados6.96.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-1884
5MojofyWP WP Affiliate Disclosure Plugin Roteiro Cruzado de Sítios5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2023-52178
6WP Zinc Page Generator Plugin Injecção SQL6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2023-52131
7nginx direitos alargados6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.52CVE-2020-12440
8Impress GiveWP Give Plugin class-payments-query.php Injecção SQL8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001750.02CVE-2019-13578
9Synchroweb SynConnect Login index.php Injecção SQL7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001900.00CVE-2013-2690
10Trustwave ModSecurity Chunked HTTP Transfer modsecurity.c modsecurity_tx_init direitos alargados5.34.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.467290.00CVE-2013-5704
11Tenda AC8 SetNetControlList Excesso de tampão7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.04CVE-2023-40900
12Tracker Software PDF-XChange Editor XPS File Parser Divulgação de Informação4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00CVE-2023-40469
13Tracker Software PDF-XChange Editor JP2 File Parser Excesso de tampão6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00CVE-2023-39486
14CSZ CMS Carousel Wiget Roteiro Cruzado de Sítios4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-38910
15Online Travel Agency System PHP File artical.php direitos alargados6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2023-31946
16Control iD Gerencia Web Cookie Encriptação fraca4.24.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2023-4392
17Tenda A18 formAddMacfilterRule Excesso de tampão6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-39827
18lmxcms BookAction.class.php reply Injecção SQL6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.09CVE-2023-1322
19HCL Traveler Companion Task Switcher Divulgação de Informação4.04.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2023-37512
20Intel oneMKL Local Privilege Escalation7.27.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2023-28658

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
152.89.196.49ec2-52-89-196-49.us-west-2.compute.amazonaws.comAnyDesk02/04/2024verifiedMédio
2XXX.XX.XXX.XXXXxxxxxx02/04/2024verifiedAlto
3XXX.XX.X.XXXxxx.xxxxxxxxxxxxxxxxxxx.xxxxXxxxxxx02/04/2024verifiedAlto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveAlto
3T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
5TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
10TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/goform/SetNetControlListpredictiveAlto
2File/index.php/newsletter/subscriber/new/predictiveAlto
3File/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072predictiveAlto
4Filexxxxxxx/xxxxxxxxxxx.xpredictiveAlto
5Filexxxxxxx.xxxpredictiveMédio
6Filexxxxxxxxxx.xxxxx.xxxpredictiveAlto
7Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictiveAlto
8Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveAlto
9Filexxxxx.xxxpredictiveMédio
10FilexxxxxxxxxxpredictiveMédio
11Filexxxxxxxxxxxx.xxxpredictiveAlto
12Filexx-xxxxxxxx/xxxx.xxxpredictiveAlto
13Filexxx/xxxxxxxx/xxxxxxx.xxxpredictiveAlto
14ArgumentxxxxxxxxpredictiveMédio
15ArgumentxxpredictiveBaixo
16ArgumentxxxxpredictiveBaixo
17ArgumentxxxxxxxpredictiveBaixo
18Argumentxxxx_xxxxpredictiveMédio
19ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
20ArgumentxxxxpredictiveBaixo
21Input Valuex) xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#predictiveAlto
22Input ValuexxxxxxxxpredictiveMédio

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!