DNSpionage Análise

IOB - Indicator of Behavior (20)

Curso de tempo

Idioma

en16
de2
fr2

País

us16
ua2
fr2

Actores

Actividades

Interesse

Curso de tempo

Tipo

Fabricante

Produto

Thomas R. Pasawicz HyperBook Guestbook2
AOL ICQ2
Intelliants Subrion CMS2
Siemens Cerberus DMS2
Siemens Desigo CC Compact2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1Microsoft PowerPoint Excesso de tampão6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.24904CVE-2017-8743
2Joomla CMS Injecção SQL7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.00264CVE-2013-1453
3PHP Link Directory Administration Page index.html Roteiro Cruzado de Sítios4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.500.00374CVE-2007-0529
4Phplinkdirectory PHP Link Directory conf_users_edit.php Falsificação de Pedido Cross Site6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00526CVE-2011-0643
5AlienVault Open Source Security Information Management direitos alargados9.89.4$0-$5k$0-$5kHighOfficial Fix0.020.95527CVE-2014-3804
6Intelliants Subrion CMS Members Administrator Falsificação de Pedido Cross Site4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00150CVE-2020-18326
7SonicWALL SMA 100/SMA 200/SMA 210/SMA 400/SMA 410/SMA 500v File Path direitos alargados6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.78714CVE-2021-20034
8HGiga OAKlouds Mobile Portal Network Interface Card Setting Page direitos alargados9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00336CVE-2021-37913
9Siemens Cerberus DMS/Desigo CC Compact/Desigo CC CCOM Communication direitos alargados6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00478CVE-2021-37181
10Apache Struts OGNL Evaluation Privilege Escalation6.36.3$5k-$25k$5k-$25kProof-of-ConceptOfficial Fix0.040.97232CVE-2020-17530
11Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
12OSClass index.php findBySlug Injecção SQL7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00589CVE-2012-0973
13AOL ICQ MCRegEx__Search Excesso de tampão7.36.4$25k-$100kCalculadoProof-of-ConceptOfficial Fix0.050.35348CVE-2006-4662
14GitLab Enterprise Edition Access Control direitos alargados6.76.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00064CVE-2019-16170
15Joomla CMS index.php direitos alargados7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.02958CVE-2012-1563
16Zemanta Search Everything index.php Injecção SQL7.37.0$0-$5kCalculadoHighOfficial Fix0.000.00279CVE-2014-2316
17Roundcube Webmail rcube_washtml.php Roteiro Cruzado de Sítios4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00489CVE-2015-1433
18WordPress Password Reset wp-login.php mail direitos alargados6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.02827CVE-2017-8295

Campanhas (1)

These are the campaigns that can be associated with the actor:

  • Middle East

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
1185.20.184.138185.20.184.138.deltahost-ptrDNSpionageMiddle East27/03/2022verifiedAlto
2XXX.XX.XXX.Xxxx.xx.xxx.x.xxxxxxxxx-xxxXxxxxxxxxxXxxxxx Xxxx27/03/2022verifiedAlto
3XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxxxxxxXxxxxx Xxxx27/03/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1059CWE-94Argument InjectionpredictiveAlto
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1Fileadmin/conf_users_edit.phppredictiveAlto
2Filedata/gbconfiguration.datpredictiveAlto
3Filexxxxx.xxxxpredictiveMédio
4Filexxxxx.xxxpredictiveMédio
5Filexx-xxxxx.xxxpredictiveMédio
6Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveAlto
7ArgumentxxxxxxxxxpredictiveMédio
8ArgumentxxxxpredictiveBaixo
9Argumentxxxx xxxxxxxpredictiveMédio
10Argumentxxxxx[xxxxxx]predictiveAlto
11ArgumentxxxxxxxxxpredictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!