Bronze Butler Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Curso de tempo

Idioma

en18
de2

País

cn8
us8
kr2
jp2

Actores

Daserf1
Winnti1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined10
Content Management System4
JavaScript Library2
Software Management Software2

Fabricante

Not Defined10
Hisilicon4
Shenzhen Yunni Technology4

Produto

WordPress4
Hisilicon HI35104
Hisilicon HI35184
Hisilicon LOOSAFE4
Hisilicon LEVCOECAM4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Coremail Document Attachment Roteiro Cruzado de Sítios5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001200.00CVE-2015-6942
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25kCalculadoHighWorkaround0.020160.02CVE-2007-1192
3Webmin Roteiro Cruzado de Sítios5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001180.01CVE-2017-2106
4Webmin Login Form miniserv.pl Negação de Serviço7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.039780.00CVE-2005-3912
5ExpressVPN Service Port 2015 Xvpnd.exe XVPN.SetPreference Directório Traversal6.26.0$0-$5k$0-$5kNot DefinedWorkaround0.000440.00CVE-2018-15490
6Shenzhen Yunni Technology iLnkP2P UID Generator Random Encriptação fraca7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.001760.03CVE-2019-11219
7Shenzhen Yunni Technology iLnkP2P Authentication Fraca autenticação7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.006690.05CVE-2019-11220
8Hisilicon HI3510 Web Management Portal Credentials direitos alargados6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001040.04CVE-2019-10710
9Hisilicon HI3510 RTSP Stream/Web Portal direitos alargados6.46.3$0-$5k$0-$5kNot DefinedWorkaround0.001680.00CVE-2019-10711
10WordPress URL Validator Redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.005090.03CVE-2018-10101
11WordPress Password Reset wp-login.php mail direitos alargados6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.028270.05CVE-2017-8295
12WordPress Admin Shell direitos alargados7.36.6$25k-$100k$0-$5kFunctionalWorkaround0.000000.03
13My Link Trader out.php Injecção SQL6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.15
14Apple macOS AppleSMC Negação de Serviço7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.02CVE-2016-4678
15Node.js ServerResponse#writeHead Split direitos alargados6.15.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004370.00CVE-2016-5325
16Microsoft Internet Explorer Garbage Collection jscript9.dll ProcessMark Divulgação de Informação5.34.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
17IBM Java Virtual Machine Divulgação de Informação5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.005550.02CVE-2015-1914

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
127.255.69.209Bronze Butler16/12/2020verifiedAlto
227.255.91.238Bronze Butler16/12/2020verifiedAlto
3XXX.XXX.X.XXXxxxxx Xxxxxx16/12/2020verifiedAlto
4XXX.XXX.XXX.XXXXxxxxx Xxxxxx16/12/2020verifiedAlto
5XXX.XX.XXX.XXXxxx-xxx-xxxxx.xx.xxxxxx.xx.xxXxxxxx Xxxxxx16/12/2020verifiedAlto
6XXX.XXX.XXX.XXXxxxxx Xxxxxx16/12/2020verifiedAlto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveAlto
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
5TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/out.phppredictiveMédio
2Filedata/gbconfiguration.datpredictiveAlto
3Filexxxxxxxx.xxpredictiveMédio
4Filexx-xxxxx.xxxpredictiveMédio
5Filexxxxx.xxxpredictiveMédio
6Libraryxxxxxxxx.xxxpredictiveMédio
7ArgumentxxxxpredictiveBaixo
8ArgumentxxpredictiveBaixo
9ArgumentxxxxxxpredictiveBaixo
10ArgumentxxxxxxxxpredictiveMédio
11Network Portxxx/xxxxpredictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!