AvosLocker Análise

IOB - Indicator of Behavior (66)

Curso de tempo

Idioma

en54
fr6
pl2
de2
es2

País

Actores

Actividades

Interesse

Curso de tempo

Tipo

Fabricante

Produto

Microsoft Windows6
IW Guestbook4
Ilohamail2
Sapplica Sentrifugo2
OmniSecure2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1HP SAN/iQ hydra.exe direitos alargados4.33.9$25k-$100kCalculadoProof-of-ConceptOfficial Fix0.000.00277CVE-2012-4362
2Hydra HTTP Header read.c process_header_end Negação de Serviço6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00117CVE-2019-17502
3IW Guestbook badwords_edit.asp Injecção SQL6.35.7$0-$5kCalculadoProof-of-ConceptNot Defined0.030.00000
4Hydra Fraca autenticação5.65.0$0-$5kCalculadoNot DefinedOfficial Fix0.000.00099CVE-2020-5300
5OmniSecure AddUrlShield index.php Injecção SQL6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00000
6ORY Hydra error Reflected Roteiro Cruzado de Sítios5.25.1$0-$5kCalculadoNot DefinedOfficial Fix0.000.00097CVE-2019-8400
7PHPGurukul Hospital Management System dashboard.php direitos alargados5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00661CVE-2020-35745
8HP SAN/iQ Login hydra.exe Excesso de tampão10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.46643CVE-2011-4157
9HP LeftHand Virtual SAN Appliance hydra Excesso de tampão10.09.5$25k-$100k$0-$5kHighOfficial Fix0.000.77622CVE-2013-2343
10Coinsoft Technologies phpCOIN db.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.07606CVE-2005-4211
11Coinsoft Technologies phpCOIN db.php Directório Traversal5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.03877CVE-2005-4212
12Ilohamail Roteiro Cruzado de Sítios4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000
13Small CRM Roteiro Cruzado de Sítios3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00052CVE-2023-44075
14Intern Record System controller.php Roteiro Cruzado de Sítios4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00087CVE-2022-40348
15Sitekit CMS registration-form.html Roteiro Cruzado de Sítios3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
16Microsoft Windows Backup Service Privilege Escalation7.77.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.00389CVE-2023-21752
17SunHater KCFinder upload.php Roteiro Cruzado de Sítios5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.030.00131CVE-2019-14315
18Canto Cumulus login direitos alargados8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00252CVE-2022-40305
19IW Guestbook messages_edit.asp Injecção SQL6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
20CKEditor Clipboard Package direitos alargados6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00163CVE-2021-32809

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
145.136.230.191www.seedbox.vipAvosLocker21/12/2022verifiedAlto
2XXX.XXX.XXX.XXXXxxxxxxxxx21/12/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1006CWE-22Path TraversalpredictiveAlto
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveAlto
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/cwc/loginpredictiveMédio
2File/intern/controller.phppredictiveAlto
3File/iwguestbook/admin/badwords_edit.asppredictiveAlto
4File/iwguestbook/admin/messages_edit.asppredictiveAlto
5Filexxxxx/xxxxxxxxx.xxxpredictiveAlto
6Filexxxxx.xxxpredictiveMédio
7Filexxxx_xxxxxxxx/xx.xxxpredictiveAlto
8Filexxxxx.xxxpredictiveMédio
9Filexxxxx.xxxpredictiveMédio
10Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveAlto
11Filexxxxxx/xxxxxxxxx/xxxxxpredictiveAlto
12Filexxxx.xpredictiveBaixo
13Filexxxxxxxxxxxx-xxxx.xxxxpredictiveAlto
14Filexxxxxx.xxxpredictiveMédio
15Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveAlto
16ArgumentxxxxxxxpredictiveBaixo
17ArgumentxxxxxxpredictiveBaixo
18ArgumentxxxxxxxxxxxxxxxpredictiveAlto
19ArgumentxxxxxxxxxpredictiveMédio
20Argumentxxxxxxx-xxxxxxpredictiveAlto
21Argumentxxxxx_xxxxpredictiveMédio
22Argumentxxxxxx$xxxxxpredictiveMédio
23ArgumentxxpredictiveBaixo
24ArgumentxxxxxpredictiveBaixo
25Argumentxxxx/xxxxxpredictiveMédio
26Argumentxxxx_xxpredictiveBaixo
27ArgumentxxxxxxpredictiveBaixo
28Argument_xxxx[_xxx_xxxx_xxxxpredictiveAlto
29Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!