Generic Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (70)

Idioma

en	48
pl	18
de	2
zh	2

País

pl	42
cn	4
us	2
de	2
ru	2

Actores

Generic	7
XLoader	1
Cobalt Strike	1
Cerber	1
Ramnit	1

Interesse

Tipo

Not Defined	30
Enterprise Resource Planning Software	6
Operating System	6
Web Browser	4
Content Management System	4

Fabricante

Not Defined	22
Microsoft	6
Google	6
VWar	4
DZCP	2

Produto

Dolibarr	6
Google Chrome	4
VWar Virtual War	4
Microsoft Windows	4
DZCP deV!L`z Clanportal	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	CTI	EPSS	CVE
1	cURL/libcURL Cookie File stat Condição de Corrida	4.7	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00043	CVE-2023-32001
2	Hypersilence Silentum Guestbook silentum_guestbook.php Injecção SQL	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.02	0.00107	CVE-2009-4687
3	F5 BIG-IP Configuration Utility Directório Traversal	9.3	9.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.00321	CVE-2023-41373
4	Google WebP libwebp Excesso de tampão	7.5	7.4	$5k-$25k	$0-$5k	High	Official Fix	0.02	0.49095	CVE-2023-4863
5	ZyXEL P660HN-T1A Remote System Log Forwarder ViewLog.asp direitos alargados	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.97521	CVE-2017-18368
6	SailPoint IdentityIQ Lifecycle Manager direitos alargados	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00043	CVE-2024-1714
7	Bricks Plugin Fraca autenticação	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00000	CVE-2024-25600
8	agnivade easy-scrypt scrypt.go VerifyPassphrase Divulgação de Informação	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00188	CVE-2014-125055
9	GNU C Library __vsyslog_internal Excesso de tampão	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00770	CVE-2023-6246
10	Apache Tomcat Commons FileUpload Negação de Serviço	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00045	CVE-2023-42794
11	HP Integrated Lights-Out IPMI Protocol direitos alargados	8.2	8.0	$5k-$25k	$0-$5k	High	Workaround	0.02	0.27196	CVE-2013-4786
12	Microsoft Outlook Fraca autenticação	9.0	8.6	$5k-$25k	$0-$5k	Functional	Official Fix	0.03	0.92353	CVE-2023-23397
13	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.63	0.00943	CVE-2010-0966
14	Tiki Admin Password tiki-login.php Fraca autenticação	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	2.71	0.00936	CVE-2020-15906
15	Proofpoint Enterprise Protection AdminUI Roteiro Cruzado de Sítios	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00052	CVE-2023-5771
16	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.01	0.00065	CVE-2023-36756
17	Apache Log4j Chainsaw/SocketAppender Negação de Serviço	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00260	CVE-2023-26464
18	Fortinet FortiSandbox HTTP Request Directório Traversal	7.4	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00094	CVE-2023-41682
19	Oracle MySQL Workbench Negação de Serviço	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00303	CVE-2023-0215
20	Cacti Regular Expression Injecção SQL	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00112	CVE-2023-39365

IOC - Indicator of Compromise (33)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	52.15.72.79	ec2-52-15-72-79.us-east-2.compute.amazonaws.com	Generic	08/04/2022	verified	Médio
2	52.15.194.28	ec2-52-15-194-28.us-east-2.compute.amazonaws.com	Generic	08/04/2022	verified	Médio
3	52.72.89.116	ec2-52-72-89-116.compute-1.amazonaws.com	Generic	08/04/2022	verified	Médio
4	52.204.47.183	ec2-52-204-47-183.compute-1.amazonaws.com	Generic	08/04/2022	verified	Médio
5	64.98.145.30	url.hover.com	Generic	08/04/2022	verified	Alto
6	67.228.43.214	d6.2b.e443.ip4.static.sl-reverse.com	Generic	08/04/2022	verified	Alto
7	68.65.121.51	strategic.com.ua	Generic	08/04/2022	verified	Alto
8	XX.XX.XX.XX	xxxxxxxxx-x.xxxxxxxxxxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
9	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
10	XX.XX.XXX.XXX	xxxxx.xxxxxxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
11	XX.XXX.XXX.XX		Xxxxxxx	08/04/2022	verified	Alto
12	XXX.XX.XX.XX		Xxxxxxx	08/04/2022	verified	Alto
13	XXX.XX.XXX.XX		Xxxxxxx	08/04/2022	verified	Alto
14	XXX.XX.XXX.XXX		Xxxxxxx	08/04/2022	verified	Alto
15	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xxxxxx.xxxxxxxxxxxx.xxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
16	XXX.XXX.XXX.XXX	xxxxxx.xxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
17	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
18	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
19	XXX.XXX.XXX.XXX		Xxxxxxx	08/04/2022	verified	Alto
20	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
21	XXX.XX.XXX.XX		Xxxxxxx	08/04/2022	verified	Alto
22	XXX.XX.XXX.XX	xxxxxx.xxxxxxx.xx	Xxxxxxx	08/04/2022	verified	Alto
23	XXX.XXX.XXX.XXX	xx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
24	XXX.XXX.XXX.XX	xxxx-xxxxxxx-xxxxxxx.xxxxxxxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
25	XXX.XX.XXX.XXX		Xxxxxxx	08/04/2022	verified	Alto
26	XXX.XX.XXX.XXX		Xxxxxxx	08/04/2022	verified	Alto
27	XXX.XXX.XXX.XXX	xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
28	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
29	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
30	XXX.XX.XXX.XX	xxxxxxxx.xxx.xxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
31	XXX.XX.XXX.XX	xxxxxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxx	08/04/2022	verified	Alto
32	XXX.XXX.XX.XX		Xxxxxxx	08/04/2022	verified	Alto
33	XXX.XXX.XXX.XXX		Xxxxxxx	08/04/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1040	CWE-294	Authentication Bypass by Capture-replay	predictive	Alto
3	T1059	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
10	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
12	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
13	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/accountancy/admin/accountmodel.php	predictive	Alto
2	File	/apply_noauth.cgi	predictive	Alto
3	File	/dev/mapper/control	predictive	Alto
4	File	announcements.php	predictive	Alto
5	File	xxxxxxxx.xxx	predictive	Médio
6	File	xxxxxxxxxxxx_xxxx.xxx	predictive	Alto
7	File	xxx/xxxxxx.xxx	predictive	Alto
8	File	xxxxxxx.xxx	predictive	Médio
9	File	xxxxx.xxx	predictive	Médio
10	File	xxxxxxxx/xxxxxxxxx	predictive	Alto
11	File	xxxxxxxx.xxx	predictive	Médio
12	File	xxxxxxxx.xxx	predictive	Médio
13	File	xxxx_xxx.x	predictive	Médio
14	File	xxxxxx.xx	predictive	Médio
15	File	xxxxxxxx_xxxxxxxxx.xxx	predictive	Alto
16	File	xxxx-xxxxx.xxx	predictive	Alto
17	File	xxxxxxx.xxx	predictive	Médio
18	File	xxx.xxx	predictive	Baixo
19	File	xx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxx	predictive	Alto
20	File	xxxx/xxxx_xxxxxx.x	predictive	Alto
21	Argument	xxxxxxxxxxx	predictive	Médio
22	Argument	xxxxxxxx	predictive	Médio
23	Argument	xxxxxxxx	predictive	Médio
24	Argument	xxxx	predictive	Baixo
25	Argument	xxxxx	predictive	Baixo
26	Argument	xxxx_xxxx	predictive	Médio
27	Argument	xxxxxxxxx	predictive	Médio
28	Argument	xxxxx	predictive	Baixo
29	Argument	xxxxxxx_xxx	predictive	Médio
30	Argument	xxxxxx_xxxx	predictive	Médio
31	Argument	xxxxxxxxx	predictive	Médio
32	Argument	xxxxxxx	predictive	Baixo

Referências (9)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!