Arid Viper Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (400)

Idioma

en	366
ru	18
de	8
fr	4
es	2

País

us	344
ru	26
de	12
fr	4
gb	4

Actores

Arid Viper	8
Sliver	2
Desert Falcons	2
BianLian	2
MuddyWater	2

Interesse

Tipo

Not Defined	26
Content Management System	12
Web Browser	6
Programming Language Software	4
Web Server	4

Fabricante

Not Defined	38
Joomla	4
Oracle	4
Apple	4
Google	2

Produto

SPIP	4
Joomla CMS	4
nginx	4
Google Chrome	2
InsydeH2O	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	CTI	EPSS	CVE
1	jforum User direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00289	CVE-2019-7550
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.61	0.00943	CVE-2010-0966
4	Dreaxteam Xt-News add_comment.php Roteiro Cruzado de Sítios	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.02	0.00599	CVE-2006-6746
5	Enigma2 Coppermine Bridge e2_header.inc.php direitos alargados	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.10026	CVE-2006-6864
6	IBM WebSphere Service Registry/Repository Access Restriction direitos alargados	4.3	4.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.00162	CVE-2014-6160
7	Big Webmaster Big Webmaster Guestbook Script addguest.cgi Roteiro Cruzado de Sítios	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00615	CVE-2006-2231
8	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	5.21	0.00000
9	Joomla CMS remember.php direitos alargados	5.4	4.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.03044	CVE-2013-3242
10	Joomla CMS Media Manager Directório Traversal	8.5	8.2	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.90167	CVE-2019-10945
11	Pligg cloud.php Injecção SQL	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.49	0.00000
12	Apple macOS Fraca autenticação	5.6	5.4	$5k-$25k	$0-$5k	High	Official Fix	0.02	0.02181	CVE-2023-41991
13	Oracle Java SE JSSE vulnerabilidade desconhecida	7.4	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.03	0.00111	CVE-2023-21930
14	ICQ fetch direitos alargados	10.0	9.5	$0-$5k	Calculado	Not Defined	Official Fix	0.00	0.00346	CVE-2011-0487
15	WebP Converter for Media Plugin passthru.php Redirect	4.9	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00106	CVE-2021-25074
16	CasaOS API direitos alargados	5.5	5.3	$0-$5k	Calculado	Not Defined	Official Fix	0.04	0.01187	CVE-2022-24193
17	jQuery Roteiro Cruzado de Sítios	4.3	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00306	CVE-2011-4969
18	Oracle Retail Central Office Security Roteiro Cruzado de Sítios	6.2	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00384	CVE-2021-41184
19	InsydeH2O SMM HandleProtocol Negação de Serviço	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2021-41839
20	PHP zip Extension php_zip.c Excesso de tampão	9.8	9.3	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.06326	CVE-2016-5773

Campanhas (1)

These are the campaigns that can be associated with the actor:

Hamas

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	54.255.143.112	ec2-54-255-143-112.ap-southeast-1.compute.amazonaws.com	Arid Viper		24/12/2020	verified	Médio
2	91.199.147.84	s726618.srvape.com	Arid Viper	Hamas	30/10/2023	verified	Alto
3	94.131.98.3	stockdc1.com	Arid Viper	Hamas	30/10/2023	verified	Alto
4	95.164.18.204	vm1554543.stark-industries.solutions	Arid Viper	Hamas	30/10/2023	verified	Alto
5	XX.XXX.XX.XX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	30/10/2023	verified	Alto
6	XXX.XX.XXX.XX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	30/10/2023	verified	Alto
7	XXX.XX.XXX.XX	xxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	30/10/2023	verified	Alto
8	XXX.XXX.XX.XX	xx.xx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxx	Xxxx Xxxxx		24/12/2020	verified	Alto
9	XXX.XX.XX.XXX		Xxxx Xxxxx	Xxxxx	30/10/2023	verified	Alto
10	XXX.XX.XXX.XXX	xxx.xxxxxxxx.xxx	Xxxx Xxxxx	Xxxxx	30/10/2023	verified	Alto
11	XXX.XXX.XXX.XX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	30/10/2023	verified	Alto
12	XXX.XXX.XXX.XX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	30/10/2023	verified	Alto
13	XXX.XX.XX.XXX	xxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx Xxxxx		24/12/2020	verified	Alto
14	XXX.XX.XX.XXX	xxxxxxxxx.xxx.xx	Xxxx Xxxxx		24/12/2020	verified	Alto
15	XXX.XXX.XXX.XX	xxx.xxxxxxxxx.xxx	Xxxx Xxxxx		24/12/2020	verified	Alto
16	XXX.X.XX.XXX	xxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	30/10/2023	verified	Alto
17	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxx.xxxxxxxxxxxx.xx	Xxxx Xxxxx		24/12/2020	verified	Alto
18	XXX.XXX.XXX.X	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxx Xxxxx		24/12/2020	verified	Alto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/forum/away.php	predictive	Alto
2	File	addguest.cgi	predictive	Médio
3	File	add_comment.php	predictive	Alto
4	File	admin/index.php	predictive	Alto
5	File	api_jsonrpc.php	predictive	Alto
6	File	cloud.php	predictive	Médio
7	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
8	File	xx_xxxxxx.xxx.xxx	predictive	Alto
9	File	xxxxxx/xxx/xxxxxxx.xxx	predictive	Alto
10	File	xxxxx.xxx	predictive	Médio
11	File	xxxxx/xxxxx_xxxxx_x	predictive	Alto
12	File	xxxxxx.x	predictive	Médio
13	File	xx.xxx	predictive	Baixo
14	File	xxxx/xxx_xxxx_xxxxx.x	predictive	Alto
15	File	xxx/xxxxxx.xxx	predictive	Alto
16	File	xxxxx.xxx	predictive	Médio
17	File	xxxxxxxxxxx.xxx	predictive	Alto
18	File	xxxxxx/xxxxxx/xxxx.x	predictive	Alto
19	File	xxxxxxxx.xxx	predictive	Médio
20	File	xxxxxxx_xxx.xxx	predictive	Alto
21	File	xxxxx/xxxxx.xxx.xxx	predictive	Alto
22	File	xxxxxxxx.xxx	predictive	Médio
23	File	xxx_xxx.x	predictive	Médio
24	File	xxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxx.xxx	predictive	Alto
25	File	xxxxxxxxxxxx.xxx	predictive	Alto
26	File	xxxxx/xxxxxxxxxxx/xxxxx.xxx	predictive	Alto
27	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Alto
28	File	xxx.x	predictive	Baixo
29	File	xxxx-xxxx.x	predictive	Médio
30	File	xxxxx/xxxxxxxx.xxx	predictive	Alto
31	File	xx/xx/xxxxx	predictive	Médio
32	Argument	xxxxxxxx	predictive	Médio
33	Argument	xxxxxxxx	predictive	Médio
34	Argument	xxxxxxxxxx	predictive	Médio
35	Argument	xxxxxxxxxxxx/xxxxxxx	predictive	Alto
36	Argument	xxxx/xxxx	predictive	Médio
37	Argument	xxxxxxxxx	predictive	Médio
38	Argument	xxxx_xxx	predictive	Médio
39	Argument	xxxxxx	predictive	Baixo
40	Argument	xxxxxxxxxxx	predictive	Médio
41	Argument	xxx_xxxx_xxxxxxxx	predictive	Alto
42	Argument	xxxxx xxxx/xxxx xxxx	predictive	Alto
43	Argument	xxxxxx	predictive	Baixo
44	Argument	xx	predictive	Baixo
45	Argument	xx_xxxx	predictive	Baixo
46	Argument	xxxx_xxx	predictive	Médio
47	Argument	xxxxxxxx	predictive	Médio
48	Argument	xxxxxxx_xxxxx_xxxxx_xxxxxxx=xxxxx	predictive	Alto
49	Argument	xxxxxxxx_xxx	predictive	Médio
50	Argument	xxx	predictive	Baixo

Referências (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!