Dark Tequila Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Idioma

en	40

País

us	30

Actores

Charming Kitten	1
Dark Tequila	1

Interesse

Tipo

Not Defined	8
Operating System	6
Database Software	4
Web Browser	4
Security Testing Software	2

Fabricante

Microsoft	10
Not Defined	10
Novell	4
Comcast	2
WEKA	2

Produto

MySQL Eventum	4
Comcast DPC3939	2
Microsoft Windows	2
WEKA INTEREST Security Scanner	2
CA BrightStor ARCserve Backup	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Siemens SiPass integrated File direitos alargados	7.2	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00055	0.02	CVE-2017-9940
2	Microsoft Edge Scripting Engine Excesso de tampão	6.0	5.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00543	0.00	CVE-2017-8661
3	Comcast DPC3939B Falsificação de Pedido Cross Site	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00112	0.00	CVE-2017-9489
4	Comcast DPC3939 Network Processor direitos alargados	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00194	0.00	CVE-2017-9481
5	Linux Kernel XFRM xfrm_user_policy Excesso de tampão	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00126	0.00	CVE-2005-2456
6	Mozilla Firefox String vulnerabilidade desconhecida	4.3	4.1	$25k-$100k	$0-$5k	Proof-of-Concept	Unavailable	0.00202	0.04	CVE-2005-2602
7	Mozilla Thunderbird Long String Privilege Escalation	6.3	6.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00000	0.00
8	CA BrightStor ARCserve Backup Backup Agent Excesso de tampão	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.97191	0.00	CVE-2005-1272
9	unzip File Decompression Condição de Corrida	6.3	6.3	$5k-$25k	$0-$5k	Not Defined	Unavailable	0.00064	0.00	CVE-2005-2475
10	MySQL Eventum Class Injecção SQL	6.3	6.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
11	Microsoft ActiveSync Equipment ID Reader Privilege Escalation	6.3	5.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.00
12	Microsoft ActiveSync Communication Negação de Serviço	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
13	MySQL Eventum view.php Roteiro Cruzado de Sítios	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01499	0.00	CVE-2005-2467
14	MySQL Eventum list.php Roteiro Cruzado de Sítios	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
15	MySQL Eventum get_jsrs_data.php Roteiro Cruzado de Sítios	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
16	Cisco IOS IPv6 Stack Negação de Serviço	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.13257	0.00	CVE-2005-2451
17	Linksys WRT54G Wireless-G Router SSL Private Key Encryption vulnerabilidade desconhecida	6.5	5.7	$5k-$25k	$0-$5k	Unproven	Official Fix	0.01038	0.00	CVE-2005-2434
18	Novell eDirectory Modular Authentication Service Fraca autenticação	5.4	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
19	Microsoft PowerPoint Shared Sections Negação de Serviço	4.8	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
20	Microsoft Word Shared Sections Negação de Serviço	4.8	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	46.17.97.12		Dark Tequila	27/08/2018	verified	Alto
2	XX.XXX.XX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxx Xxxxxxx	27/08/2018	verified	Alto
3	XXX.XX.X.XX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxx Xxxxxxx	27/08/2018	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059.007	CAPEC-18	CWE-80	Cross Site Scripting	predictive	Alto
3	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-102	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-157	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/etc/waipass	predictive	Médio
2	File	get_jsrs_data.php	predictive	Alto
3	File	xxxxxx??.xxx	predictive	Médio
4	File	xxxx.xxx	predictive	Médio
5	File	xxx-xxxx.x	predictive	Médio
6	File	xxxx.xxx	predictive	Médio
7	Argument	xx	predictive	Baixo
8	Argument	xxxx	predictive	Baixo
9	Argument	xxxxxxx	predictive	Baixo

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you know our Splunk app?

Download it now for free!