East Timor Unknown Análise

IOB - Indicator of Behavior (28)

Curso de tempo

Idioma

en24
de4

País

Actores

Actividades

Interesse

Curso de tempo

Tipo

Fabricante

Produto

Apache HTTP Server4
Microsoft IIS2
Benjamin Arnaudetr Ginkgocms2
Aruba Networks ArubaOS2
DZCP deV!L`z Clanportal2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1Microsoft IIS WebDav Excesso de tampão5.65.2$25k-$100k$0-$5kHighOfficial Fix0.020.97418CVE-2003-0109
2LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.830.00000
3YaBB yabb.pl Roteiro Cruzado de Sítios4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01240CVE-2004-2402
4Benjamin Arnaudetr Ginkgocms index.php Injecção SQL7.37.3$0-$5k$0-$5kHighNot Defined0.000.00161CVE-2013-5318
5Microsoft IIS Roteiro Cruzado de Sítios5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
6Apache HTTP Server mod_proxy_uwsgi direitos alargados6.96.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.020.01374CVE-2023-27522
7Apache HTTP Server mod_proxy direitos alargados7.47.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00634CVE-2023-25690
8Apache HTTP Server Limit Directive ap_limit_section Excesso de tampão6.46.3$5k-$25k$0-$5kHighOfficial Fix0.030.97305CVE-2017-9798
9Aruba Networks ArubaOS Command Line Interface Negação de Serviço5.15.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00073CVE-2022-37910
10Arvados PAM Fraca autenticação6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00093CVE-2022-39238
11Apple macOS wifivelocityd direitos alargados8.27.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00148CVE-2020-3838
12Trend Micro Antivirus 2021 direitos alargados8.38.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00045CVE-2021-43771
13Backdoor.Win32.Wollf.h Service Port 7300 Fraca autenticação9.88.6$0-$5kCalculadoProof-of-ConceptWorkaround0.000.00000
14Microsoft Exchange Server ProxyShell vulnerabilidade desconhecida9.48.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.72231CVE-2021-34523
15Microsoft Windows Multimedia Library winmm.dll Excesso de tampão10.09.5$100k e mais$0-$5kHighOfficial Fix0.040.97281CVE-2012-0003
16Microsoft Excel MergeCells Record Heap direitos alargados4.43.9$5k-$25k$0-$5kUnprovenOfficial Fix0.020.94726CVE-2012-0185
17ZTE ZXDT22 SF01 Directório Traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00320CVE-2017-10933
18Apache OpenMeetings Password Reset sendHashByUser Divulgação de Informação7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00223CVE-2016-0783
19Host Web Server phpinfo.php phpinfo Divulgação de Informação5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.080.00000
20IBM Tivoli Endpoint Manager HTTPOnly Flag Cookie Handling Divulgação de Informação7.57.2$5k-$25kCalculadoNot DefinedOfficial Fix0.030.00305CVE-2012-1837

IOC - Indicator of Compromise (46)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
114.137.33.0East Timor Unknown30/05/2023verifiedAlto
235.248.7.128East Timor Unknown30/05/2023verifiedAlto
335.248.7.144East Timor Unknown30/05/2023verifiedAlto
435.248.7.148East Timor Unknown30/05/2023verifiedAlto
535.248.7.150var1.bch1-ae21-0.us.twtelecom.netEast Timor Unknown30/05/2023verifiedAlto
635.248.7.152East Timor Unknown30/05/2023verifiedAlto
735.248.7.156East Timor Unknown30/05/2023verifiedAlto
835.248.7.158var2.bch1-ae21-0.3549.level3.netEast Timor Unknown30/05/2023verifiedAlto
943.243.120.0East Timor Unknown30/05/2023verifiedAlto
1043.254.56.0East Timor Unknown13/01/2023verifiedAlto
11XX.XX.XX.XXXxx-xxxx-xx.xxxxxxxxxxxx.xxxXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
12XX.XX.XX.XXXXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
13XX.XXX.XX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
14XX.XX.XXX.XXXXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
15XX.XX.XXX.XXXXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
16XX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
17XXX.XX.XX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
18XXX.XX.XXX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
19XXX.XX.XX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
20XXX.XX.XXX.XXxxx Xxxxx Xxxxxxx30/05/2023verifiedAlto
21XXX.XX.XX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
22XXX.XX.XXX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
23XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
24XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx30/05/2023verifiedAlto
25XXX.XXX.XXX.Xxxx-xxx-xxx-x.xxxxx.xxXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
26XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
27XXX.XXX.XXX.Xxx-xxx-x.xxxxxxxxx.xxXxxx Xxxxx Xxxxxxx30/05/2023verifiedAlto
28XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx30/05/2023verifiedAlto
29XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx30/05/2023verifiedAlto
30XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx30/05/2023verifiedAlto
31XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
32XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
33XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx30/05/2023verifiedAlto
34XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
35XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
36XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
37XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
38XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
39XXX.XX.XXX.XXxxx Xxxxx Xxxxxxx30/05/2023verifiedAlto
40XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
41XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
42XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx30/05/2023verifiedAlto
43XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx30/05/2023verifiedAlto
44XXX.XX.XX.XXXXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
45XXX.XX.XXX.XXXXxxx Xxxxx Xxxxxxx13/01/2023verifiedAlto
46XXX.XX.XXX.XXxxx Xxxxx Xxxxxxx30/05/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/forum/away.phppredictiveAlto
2File/uncpath/predictiveMédio
3Filefetchsettings.phppredictiveAlto
4Filexxx/xxxxxx.xxxpredictiveAlto
5Filexxxxx.xxxpredictiveMédio
6Filexxxxx/xxxxx.xxxpredictiveAlto
7Filexxxxxxx.xxxpredictiveMédio
8Filexxxx.xxpredictiveBaixo
9Libraryxxxxx.xxxpredictiveMédio
10ArgumentxxxxxxxxpredictiveMédio
11ArgumentxxxxxpredictiveBaixo
12ArgumentxxxxxxxxxxxpredictiveMédio
13ArgumentxxpredictiveBaixo
14ArgumentxxxxpredictiveBaixo
15ArgumentxxxxxxxxxxpredictiveMédio
16ArgumentxxxxxxpredictiveBaixo
17Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveAlto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!