FamousSparrow Análise

IOB - Indicator of Behavior (151)

Curso de tempo

Idioma

en100
zh48
ja4

País

cn106
us46

Actores

Actividades

Interesse

Curso de tempo

Tipo

Fabricante

Produto

Arcadia Internet Store6
Google Android4
QNAP QTS4
WordPress4
Wagtail2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1ipTIME NAS-I Bulletin Manage direitos alargados7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00988CVE-2020-7847
2mm-wiki Markdown Editor Roteiro Cruzado de Sítios4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00078CVE-2021-39393
3EspoCRM direitos alargados7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.040.00086CVE-2022-38843
4Palo Alto PAN-OS vulnerabilidade desconhecida4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.040.00069CVE-2023-0004
5Joomla! Blacklist Injecção SQL6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00196CVE-2020-35613
6koha Directório Traversal5.35.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.06656CVE-2011-4715
7Synacor Zimbra Collaboration mboximport Directório Traversal4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.96501CVE-2022-27925
8WordPress WP_Query class-wp-query.php Injecção SQL8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611
9Synacor Zimbra Webmail Subsystem upload direitos alargados6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00466CVE-2020-12846
10Vmware Workspace ONE Access/Identity Manager Template direitos alargados9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.97436CVE-2022-22954
11UniSharp laravel-filemanager Image File upload direitos alargados5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.030.00193CVE-2021-23814
12Citrix XenServer Directório Traversal8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.03280CVE-2018-14007
13PHPMailer validateAddress direitos alargados5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00344CVE-2021-3603
14Spamsniper Mail From Excesso de tampão7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01404CVE-2020-7845
15ThinkPHP index.php Injecção SQL8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00173CVE-2018-10225
16IBM MQ TLS Key Renegotiation direitos alargados6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00199CVE-2019-4055
17Hiroyuki Oyama DBD::mysqlPP MySQL Injecção SQL7.37.1$0-$5k$0-$5kHighUnavailable0.000.00135CVE-2011-3989
18Atlassian JIRA Server/Data Center QueryComponent!Default.jspa Divulgação de Informação5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00628CVE-2020-14179
19Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi direitos alargados9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.08915CVE-2023-30806
20MicroWorld Technologies eScan Agent Service mwagent.exe direitos alargados9.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00361CVE-2007-0655

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
127.102.113.240power.playtimeins.netFamousSparrow24/09/2021verifiedAlto
2XX.XXX.XXX.XXXXxxxxxxxxxxxx24/09/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/api/v1/terminal/sessions/?limit=1predictiveAlto
2File/cgi-bin/login.cgipredictiveAlto
3File/login.htmlpredictiveMédio
4File/newpredictiveBaixo
5File/secure/QueryComponent!Default.jspapredictiveAlto
6File/service/uploadpredictiveAlto
7File/system?action=ServiceAdminpredictiveAlto
8File/xxx/xxx/xxxxxpredictiveAlto
9File/xx-xxxxpredictiveMédio
10Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveAlto
11Filexxxxx/xxxxx.xxx?x=xxxxxxxx&x=xxxpredictiveAlto
12Filexxxxx/xxxxxxx/xxxxxxxxxxpredictiveAlto
13Filexxx_xxxxxxx.xxxpredictiveAlto
14Filexxxxxx/xxxxx/xxxxx.xxxpredictiveAlto
15Filexxxxxxx.xxxxx.xxxpredictiveAlto
16Filexxxxxxx_xxxxxxx.xxpredictiveAlto
17Filexxxxxxxxxxxx.xxxpredictiveAlto
18Filexxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
19Filexxxxxx_xxx_xxxx_xxxxx_xx_xxxxx.xpredictiveAlto
20Filexxxxx.xxxpredictiveMédio
21Filexxxxxx/xxxxxx.xpredictiveAlto
22Filexxxxxxxxxxx/xxxxx.xpredictiveAlto
23Filexxxxxxxxx.xxxpredictiveAlto
24Filexxxxxxx/xxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveAlto
25Filexxxxxxx/xxxx_xxx_xxxxx.xxxpredictiveAlto
26Filexxxxxxx.xxxpredictiveMédio
27Filexxxxxxx.xxxpredictiveMédio
28Filexxxxxx_xxxxx.xxxpredictiveAlto
29Filexxx_xxxx_xxxxxxx.xxxpredictiveAlto
30Filexx_xxx.xxpredictiveMédio
31Filexxxxxxxx/xxxxx/xxxxxxx.xxxx?xxxxxxxxxx=xxxxxxxxxxxxxxxx/xxxxpredictiveAlto
32Filexxxxxx-xxxxxxx-xxxx.xxxpredictiveAlto
33Filexxxxxxx/xxxxxxxx_xxxx_xx_xxx.xpredictiveAlto
34Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
35Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
36File__xxxx_xxxxxxxx.xxxpredictiveAlto
37Libraryxxxxxxxx.xxxpredictiveMédio
38Libraryxxxxxxxx.xxxpredictiveMédio
39Libraryxxxxxxxx.xxxpredictiveMédio
40Argument--xxxxxx/--xxxxxxxxpredictiveAlto
41Argumentxxx_xxxxx_xxxxpredictiveAlto
42ArgumentxxxxxxxxpredictiveMédio
43Argumentxxxx xxxxpredictiveMédio
44Argumentxxxxxxxx_xxxxx[]predictiveAlto
45ArgumentxxxxpredictiveBaixo
46ArgumentxxxxxpredictiveBaixo
47ArgumentxxxxxxxxpredictiveMédio
48Argumentxxxx_xxpredictiveBaixo
49ArgumentxxxxxxxxxxxxxpredictiveAlto
50Argumentxxxxxxxxx_predictiveMédio
51ArgumentxxxxxxpredictiveBaixo
52ArgumentxxxxxxxxpredictiveMédio
53ArgumentxxxxxxxxpredictiveMédio
54Input Value%xx%xx%xxpredictiveMédio
55Input Value../predictiveBaixo
56Input Valuexxxx.xxx::$xxxxpredictiveAlto
57Network Portxxx/xxxxpredictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!