Big Head Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Idioma

en	68

País

tr	68

Actores

Big Head	1

Interesse

Tipo

Not Defined	18
Programming Language Software	10
Content Management System	6
Connectivity Software	6
WordPress Plugin	4

Fabricante

Not Defined	30
Microsoft	4
Samsung	2
Google	2
Ivanti	2

Produto

OpenSSH	6
PHP	4
WordPress	4
Samsung Galaxy S20	2
Google Chrome	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Google Chrome WebRTC Excesso de tampão	6.3	6.0	$25k-$100k	$5k-$25k	High	Official Fix	0.01152	0.04	CVE-2022-2294
2	nginx direitos alargados	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.76	CVE-2020-12440
3	Telegram Divulgação de Informação	4.9	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00048	0.00	CVE-2021-27205
4	Joget Workflow account_new direitos alargados	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00091	0.03	CVE-2019-14352
5	KLog Server authenticate.php direitos alargados	5.5	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.95712	0.04	CVE-2020-35729
6	Nagios XI monitoringwizard.php Injecção SQL	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00043	0.07	CVE-2024-24401
7	Microsoft Windows direitos alargados	10.0	9.5	$100k e mais	$0-$5k	Not Defined	Official Fix	0.85597	0.02	CVE-2009-2512
8	Python SimpleHTTPServer Module SimpleHTTPServer.py list_directory Roteiro Cruzado de Sítios	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00422	0.04	CVE-2011-4940
9	CKeditor Paste Roteiro Cruzado de Sítios	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00123	0.00	CVE-2018-17960
10	CKEditor4 Advanced Content Filter Roteiro Cruzado de Sítios	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00448	0.04	CVE-2021-41164
11	OpenSSH Fraca autenticação	7.3	7.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.02241	0.02	CVE-2010-4478
12	MikroTik RouterOS Web Server Excesso de tampão	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.04	CVE-2023-30800
13	Microsoft .NET Framework Array Copy Excesso de tampão	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.24098	0.05	CVE-2015-2504
14	CodeBard Patron Button and Widgets for Patreon Plugin Roteiro Cruzado de Sítios	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.00	CVE-2023-30491
15	phpBB Error Message memberlist.php direitos alargados	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01803	0.03	CVE-2006-2219
16	WordPress REST API class-wp-rest-users-controller.php Divulgação de Informação	5.3	5.1	$5k-$25k	$0-$5k	Functional	Official Fix	0.87410	0.03	CVE-2017-5487
17	Ovidentia CMS index.php Injecção SQL	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00089	0.07	CVE-2021-29343
18	Zoho ManageEngine Desktop Central MSP DLL dcinventory.exe direitos alargados	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00102	0.00	CVE-2020-9367
19	Apple macOS Bluetooth Excesso de tampão	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00057	0.00	CVE-2022-42854
20	Flask-Caching Extension Pickle Roteiro Cruzado de Sítios	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00800	0.04	CVE-2021-33026

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	13.107.21.200		Big Head	10/08/2023	verified	Alto
2	20.99.133.109		Big Head	10/08/2023	verified	Alto
3	20.99.184.37		Big Head	10/08/2023	verified	Alto
4	23.41.86.106	a23-41-86-106.deploy.static.akamaitechnologies.com	Big Head	10/08/2023	verified	Alto
5	XX.XX.XX.XXX	xxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
6	XX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
7	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
8	XX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
9	XX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
10	XX.XXX.XX.XX	xx.xx.xxx.xx.xxx.xxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
11	XXX.XX.XXX.XX	xxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
12	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
13	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
14	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
15	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
16	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
17	XXX.XX.XXX.XXX	xx-xxx-xx-xxx-xxx-xxx.xxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto
18	XXX.XXX.X.X		Xxx Xxxx	10/08/2023	verified	Alto
19	XXX.XXX.XXX.XXX		Xxx Xxxx	10/08/2023	verified	Alto
20	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxx Xxxx	10/08/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Alto
4	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
10	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/alumni/admin/ajax.php?action=save_settings	predictive	Alto
2	File	/cwp_{SESSION_HASH}/admin/loader_ajax.php	predictive	Alto
3	File	actions/authenticate.php	predictive	Alto
4	File	admin/dashboard.php	predictive	Alto
5	File	college_website/admin/ajax.php?action=login	predictive	Alto
6	File	xxxxxxxxxx/xxx.xx	predictive	Alto
7	File	xxxxxxxxx/xxxxxxx/xxxx.xxx	predictive	Alto
8	File	xxxxxxxxxxx.xxx	predictive	Alto
9	File	xxxxxxxx/xxxxxxxx.x	predictive	Alto
10	File	xxx/xxxxxxx.xxx	predictive	Alto
11	File	xxxxxxx_xxxx_xxxxxx.xxx	predictive	Alto
12	File	xxxx_xxxxxxx.xxx.xxx	predictive	Alto
13	File	xxxxx.xxx	predictive	Médio
14	File	xx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxx	predictive	Alto
15	File	xxxxxxxxxx.xxx	predictive	Alto
16	File	xxxxxxx/xxxx/xxxx_xxxx.xx	predictive	Alto
17	File	xxxxxxxxxxxxxxxx.xxx	predictive	Alto
18	File	xxx/xxxxxx/xx_xxxxxx.x	predictive	Alto
19	File	xxxxxxxxxxxxxxxx.xx	predictive	Alto
20	File	xxx/xxxxxxx.x	predictive	Alto
21	File	xxxxxxxxx.x	predictive	Médio
22	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	Alto
23	File	\xxx\xxxxx_xxxxxxxxxxxx.xxx	predictive	Alto
24	Library	xxxxxxxx.xxx	predictive	Médio
25	Argument	xxxxxxx xx/xxxxxxx xxxx	predictive	Alto
26	Argument	xxxxxxxxxxx	predictive	Médio
27	Argument	xxxxxxxx	predictive	Médio
28	Argument	xx	predictive	Baixo
29	Argument	xxxxxxxxxxxxxxx	predictive	Alto
30	Argument	xxxxxxxxx	predictive	Médio
31	Argument	xxxx_xxxxxxx	predictive	Médio
32	Argument	xxxx	predictive	Baixo
33	Argument	xxxx	predictive	Baixo
34	Input Value	xxxxxxxx	predictive	Médio
35	Input Value	xxxx+x@!xxxx+	predictive	Alto
36	Pattern	() {	predictive	Baixo

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!