FelixRoot Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (620)

Curso de tempo

Idioma

en552
pl12
zh12
de12
es10

País

us278
ru32
cn10
ua8
it6

Actores

FelixRoot3
BianLian2
Bashlite1
APT331
APT281

Actividades

Interesse

Curso de tempo

Tipo

Not Defined212
Content Management System16
WordPress Plugin14
Programming Language Software12
Web Browser12

Fabricante

Not Defined178
Microsoft22
Google12
Apple10
IBM8

Produto

PHP10
cPanel8
Microsoft Windows8
Google Chrome6
Google Android6

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1DZCP deV!L`z Clanportal config.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.74CVE-2010-0966
2Pligg cloud.php Injecção SQL6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.09
3Trivantis Coursemill Learning Management System userlogin.jsp direitos alargados9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002300.00CVE-2013-3599
4Moodle Manifest locallib.php Divulgação de Informação5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003130.00CVE-2014-3543
5TikiWiki tiki-register.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.27CVE-2006-6168
6Tiki Admin Password tiki-login.php Fraca autenticação8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.19CVE-2020-15906
7jforum User direitos alargados5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550
8LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.18
9PHPizabi index.php Directório Traversal6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.04CVE-2008-3723
10MGB OpenSource Guestbook email.php Injecção SQL7.37.3$0-$5k$0-$5kHighUnavailable0.013021.35CVE-2007-0354
11V-EVA Press Release Script page.php Injecção SQL7.37.1$0-$5k$0-$5kHighUnavailable0.001870.09CVE-2010-5047
12Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
13eTicket newticket.php Roteiro Cruzado de Sítios4.34.1$0-$5k$0-$5kHighOfficial Fix0.002200.07CVE-2008-0093
14PHP phpinfo Roteiro Cruzado de Sítios6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
15Hypersilence Silentum Guestbook silentum_guestbook.php Injecção SQL7.37.1$0-$5k$0-$5kHighUnavailable0.001070.04CVE-2009-4687
16Apple Mac OS X Server Wiki Server Injecção SQL5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003391.44CVE-2015-5911
17cPanel Boxtrapper cgi-sys Script bxd.cgi Negação de Serviço4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
18PHPizabi template.class.php assignuser Divulgação de Informação4.34.2$0-$5k$0-$5kHighUnavailable0.005070.05CVE-2008-2018
19PHP phpinfo Roteiro Cruzado de Sítios4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
20vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.07CVE-2018-6200

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
188.198.13.116static.88.198.13.116.clients.your-server.deFelixRoot31/07/2018verifiedAlto
2XXX.XX.XXX.XXXxxxxxxxxx.xxxx.xxxxXxxxxxxxx31/07/2018verifiedAlto
3XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxxx31/07/2018verifiedAlto

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22, CWE-23, CWE-425Path TraversalpredictiveAlto
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveAlto
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveAlto
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
6TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-0CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCAPEC-0CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
16TXXXXCAPEC-102CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveAlto
17TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
18TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
19TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
20TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
21TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
22TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
23TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (189)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/admin/?page=system_info/contact_infopredictiveAlto
2File/admin/login.phppredictiveAlto
3File/admin/produts/controller.phppredictiveAlto
4File/admin/user/teampredictiveAlto
5File/book-services.phppredictiveAlto
6File/cgi-bin/system_mgr.cgipredictiveAlto
7File/common/logViewer/logViewer.jsfpredictiveAlto
8File/crmeb/app/admin/controller/store/CopyTaobao.phppredictiveAlto
9File/DXR.axdpredictiveMédio
10File/en/blog-comment-4predictiveAlto
11File/forum/away.phppredictiveAlto
12File/goform/aspFormpredictiveAlto
13File/h/predictiveBaixo
14File/hocms/classes/Master.php?f=delete_collectionpredictiveAlto
15File/InternalPages/ExecuteTask.aspxpredictiveAlto
16File/mifs/c/i/reg/reg.htmlpredictiveAlto
17File/ms/cms/content/list.dopredictiveAlto
18File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveAlto
19File/orms/predictiveBaixo
20File/plesk-site-preview/predictiveAlto
21File/project/PROJECTNAME/reports/predictiveAlto
22File/school/model/get_admin_profile.phppredictiveAlto
23File/show_news.phppredictiveAlto
24File/xxxxxxx-xxxxxxx-xxxxxx/xxx.xxx?xxxx=xxxxxpredictiveAlto
25File/xxxxxxxxx.xxxpredictiveAlto
26File/xxxxxxx/predictiveMédio
27Filexxxxxxx.xxxpredictiveMédio
28Filexxxxxxx.xxxpredictiveMédio
29Filexxxxxxx.xxxpredictiveMédio
30Filexxxxx-xxxx.xxxpredictiveAlto
31Filexxxxx.xxxpredictiveMédio
32Filexxxxx/xxxxxxxxxx.xxxpredictiveAlto
33Filexxxxx/xxxx-xxxx.xxxpredictiveAlto
34Filexxxxx/xxxxx.xxxpredictiveAlto
35Filexxxxx_xxxxxxx_xxxxx.xxxpredictiveAlto
36Filexxx.xxxpredictiveBaixo
37Filexxx/xxxx/xxxxxxxxxxxxx/xxxx.xxxpredictiveAlto
38Filexxxx.xxx_xxxxx_xxxx_xxxxx.xxxpredictiveAlto
39Filexxxx.xxxpredictiveMédio
40Filexxxxxx.xxxpredictiveMédio
41Filexxx.xxxpredictiveBaixo
42Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
43Filexxxxxxxxx.xxxpredictiveAlto
44Filexxxxx.xxxpredictiveMédio
45Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveAlto
46Filexxxxxxxxxx/xxx.xxxxxxxxxx/xxx.xxxxxxxxxx.xxpredictiveAlto
47Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
48Filexxxxxxx.xxxpredictiveMédio
49Filexxxxxx.xxxpredictiveMédio
50Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
51Filexxxxxxxxxxx/xx/xxx/xxxxxx/xxxxxx_xxx.xpredictiveAlto
52Filexxxxx.xxxpredictiveMédio
53Filexxx/xxxx/xxxxxxxx/xxxxxxxx_xxxx.xpredictiveAlto
54Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveAlto
55Filexxxxxxx.xxxpredictiveMédio
56Filexxxxx.xxxpredictiveMédio
57Filexxxxxxxxx.xxxpredictiveAlto
58Filexxx/xxxxxx.xxxpredictiveAlto
59Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
60Filexxxxx.xxxxpredictiveMédio
61Filexxxxx.xxxpredictiveMédio
62Filexxxx.xpredictiveBaixo
63Filexx/xxx.xxpredictiveMédio
64Filexxxxxxxxx_xx.x/xxxxx/xxxxx.xxx?x=xxxxxxxxxxxxx&x=xxxpredictiveAlto
65Filexxxxxx.xpredictiveMédio
66Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
67Filexxxxxxxxxxx.xxxpredictiveAlto
68Filexxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
69Filexxx/xxxxxx/xxxxxxxxx.xxxpredictiveAlto
70Filexxx/xxx/xxxx.xxxpredictiveAlto
71Filexxxxxxx/xxxxxx/xxxxx.xxxpredictiveAlto
72Filexxxxxxxxx/xxxx-xxxxpredictiveAlto
73Filexxxxxxxxx.xxxpredictiveAlto
74Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
75Filexxx_xxxx.xxxpredictiveMédio
76Filexxxxxxx.xxxxpredictiveMédio
77Filexxxx.xxxpredictiveMédio
78Filexxxxxxxxxxx.xxpredictiveAlto
79Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
80Filexxxx/xxxx_xxxxxx.xxxpredictiveAlto
81Filexxxx.xxxpredictiveMédio
82Filexxxx.xxxpredictiveMédio
83Filexxxxx.xxxpredictiveMédio
84Filexxxxxxxxxx.xxxpredictiveAlto
85Filexxxxxxxx.xxxpredictiveMédio
86Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
87Filexxxxxxxx_xxxxxx.xxxpredictiveAlto
88Filexxxxxxx/xxx-xxxxxx-xxxxpredictiveAlto
89Filexxx/xxxxxxx_xxxxxxx.xxxpredictiveAlto
90Filexxxxx.xxxpredictiveMédio
91Filexxxxxxxx_xxxxxxxxx.xxxpredictiveAlto
92Filexxx/xxxxxx.xpredictiveMédio
93Filexxx_xxxx.xxxpredictiveMédio
94Filexxxxxx_xxxxxxx.xpredictiveAlto
95Filexxxxxxx_xxxxxxxx.xxxpredictiveAlto
96Filexxxxxxxx.xxxxx.xxxpredictiveAlto
97Filexxxx-xxxxxx_xxxxxxxxxx.xxxpredictiveAlto
98Filexxxx-xxxxxxxx.xxxpredictiveAlto
99Filexxxx-xxxxx.xxxpredictiveAlto
100Filexxxx-xxxxx.xxxpredictiveAlto
101Filexxxx-xxxxxxxx.xxxpredictiveAlto
102Filexxxxxx/xxxxx/xxxxx_xxxxx.xxxpredictiveAlto
103Filexxxxxxx/xxxxxxxx-xxxxpredictiveAlto
104Filexxxxxxxxx.xxxpredictiveAlto
105Filexxx/xxx/xxx-xxxxxxpredictiveAlto
106Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
107Filexx-xxxxx/xxxx.xxxpredictiveAlto
108Library/xxxxxxxx/xxxxxxx.xxxpredictiveAlto
109Library/xxx/xxx/xxxx.xxxpredictiveAlto
110Library/xxx/xxxxxx.xxxxx.xxxpredictiveAlto
111Libraryxxx/xxxx_xxxxxxx/xxxxxxpredictiveAlto
112Libraryxxx/xxxxxxx.xxxpredictiveAlto
113Libraryxxx/xxxxx/xxxxxxxx.xxxpredictiveAlto
114Libraryxxx/xxx/xxxxxxxx.xxxpredictiveAlto
115Libraryxxx.xxxpredictiveBaixo
116Libraryxxxxxxx.xxxpredictiveMédio
117Libraryxxxxxxxx.xxxpredictiveMédio
118Libraryxxxxxxxxxxxx.xxxpredictiveAlto
119Libraryxxxxxxx.xxxpredictiveMédio
120Argument-xpredictiveBaixo
121ArgumentxxxxxxxxxxxxxxpredictiveAlto
122ArgumentxxxxxxxxpredictiveMédio
123ArgumentxxxxpredictiveBaixo
124ArgumentxxxpredictiveBaixo
125ArgumentxxxxxxxxxxpredictiveMédio
126Argumentxxx_xxpredictiveBaixo
127Argumentxx_xxxxxpredictiveMédio
128ArgumentxxxxxxxpredictiveBaixo
129Argumentxxxxxxx_xxxx/xxxxxxx_xxxxxxxpredictiveAlto
130Argumentxxxxxxx_xxpredictiveMédio
131ArgumentxxxxpredictiveBaixo
132ArgumentxxxpredictiveBaixo
133ArgumentxxxxxxxpredictiveBaixo
134ArgumentxxxxpredictiveBaixo
135ArgumentxxxxxxxxxxxxxxpredictiveAlto
136ArgumentxxxxxpredictiveBaixo
137Argumentxxxxx_xxxpredictiveMédio
138ArgumentxxxxpredictiveBaixo
139ArgumentxxpredictiveBaixo
140ArgumentxxxxxxxxpredictiveMédio
141Argumentxxxx_xxxxxpredictiveMédio
142Argumentxxxx_xxxxxxx_xxxxxxxxxpredictiveAlto
143Argumentxxxx_xxxxxxxpredictiveMédio
144ArgumentxxpredictiveBaixo
145Argumentxxx_xxxxxxxxpredictiveMédio
146Argumentxxxxx_xxx_xxxxxxxxxpredictiveAlto
147ArgumentxxxxxxpredictiveBaixo
148ArgumentxxxxxpredictiveBaixo
149Argumentxx_xxxxxxxxpredictiveMédio
150ArgumentxxxxxxxpredictiveBaixo
151ArgumentxxxxpredictiveBaixo
152ArgumentxxxxpredictiveBaixo
153ArgumentxxxxxxxpredictiveBaixo
154ArgumentxxxxxxxxxpredictiveMédio
155Argumentxx_xxxxxxxxpredictiveMédio
156Argumentxx_xxxxxpredictiveMédio
157Argumentxxx_xxxxxxxpredictiveMédio
158ArgumentxxxxxpredictiveBaixo
159ArgumentxxxxxxxxpredictiveMédio
160ArgumentxxxxxxxxxpredictiveMédio
161Argumentx_xxxxxxxpredictiveMédio
162ArgumentxxxxxxxxpredictiveMédio
163Argumentxxxxxxxx_xxxpredictiveMédio
164ArgumentxxxxxxpredictiveBaixo
165Argumentxxx_xxxxxxpredictiveMédio
166Argumentxxxxxx/xxxxxxxxxxxx/xxxxxxxxpredictiveAlto
167Argumentxxxxxx_xxxxpredictiveMédio
168ArgumentxxxxxxxxxxxxxpredictiveAlto
169Argumentxxx_xxxxx/xxx_xxxxxx/xxx_xxxxxpredictiveAlto
170ArgumentxxxxxxpredictiveBaixo
171ArgumentxxxxxxxxpredictiveMédio
172ArgumentxxxxxxxpredictiveBaixo
173ArgumentxxxxxxxxxpredictiveMédio
174ArgumentxxxpredictiveBaixo
175ArgumentxxxxxxxxpredictiveMédio
176Argumentxxxxxx_xxxxpredictiveMédio
177ArgumentxxxpredictiveBaixo
178ArgumentxxxpredictiveBaixo
179ArgumentxxxxxxxxpredictiveMédio
180Argument_xxxxxxpredictiveBaixo
181Argument__x/xxxxxxpredictiveMédio
182Argument__xxxxxxxxxxxxxpredictiveAlto
183Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveAlto
184Input Value<xxxxxx>xxxxx(x);</xxxxxx>predictiveAlto
185Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveAlto
186Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)predictiveAlto
187Input Valuexxxx:./../predictiveMédio
188Network Portxxx/xxxxxpredictiveMédio
189Network Portxxx xxxxxx xxxxpredictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!