Leviathan Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

Idioma

it	18
en	16
sv	2

País

us	24
ru	4
fr	2

Actores

Leviathan	2
APT28	1
Zeus	1
Qakbot	1
Cobalt Strike	1

Interesse

Tipo

Not Defined	8
Virtualization Software	6
Operating System	4
IP Phone Software	2
Remote Access Software	2

Fabricante

Not Defined	12
Trend Micro	2
Cisco	2
Red Hat	2
Apple	2

Produto

Trend Micro Threat Discovery Appliance	2
Cisco IP Phone 6800	2
Cisco IP Phone 7800	2
Cisco IP Phone 8800	2
Red Hat Enterprise Linux	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	CTI	EPSS	CVE
1	Drupal Injecção SQL	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00	0.00135	CVE-2008-2999
2	Unisoc S8000 Telephony Service Negação de Serviço	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00042	CVE-2022-48447
3	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 Negação de Serviço	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00172	CVE-2023-20079
4	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 direitos alargados	9.8	9.7	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00	0.00327	CVE-2023-20078
5	iRZ RUH2 Firmware Patch Fraca autenticação	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00226	CVE-2016-2309
6	Joomla Injecção SQL	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00142	CVE-2022-23797
7	Microsoft Access Excesso de tampão	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00232	CVE-2020-1582
8	libvirtd API virDomainSaveImageGetXMLDesc direitos alargados	7.3	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00045	CVE-2019-10161
9	nginx direitos alargados	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.07	0.00241	CVE-2020-12440
10	Desiscripts Desi Short URL Script index.php Fraca autenticação	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00933	CVE-2009-2642
11	Cisco FirePOWER Management Center Web UI Excesso de tampão	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00107	CVE-2019-12688
12	vsftpd deny_file vulnerabilidade desconhecida	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00312	CVE-2015-1419
13	phpMyAdmin Divulgação de Informação	6.1	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.18290	CVE-2019-6799
14	WallacePOS resetpassword.php Roteiro Cruzado de Sítios	5.2	5.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00101	CVE-2017-7388
15	Linksys Spa921 Negação de Serviço	7.5	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00	0.01834	CVE-2006-7121
16	Zabbix zabbix_agentd Divulgação de Informação	4.0	3.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00042	CVE-2007-6210
17	BEA WebLogic Mobility Server Fraca autenticação	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.02056	CVE-2007-6384
18	Netop Remote Control Guest Client Excesso de tampão	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00063	CVE-2017-5216
19	Samsung Mobile Phone Application Installation bad_alloc direitos alargados	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00055	CVE-2017-5217
20	Splunk Header Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	High	Not Defined	0.05	0.00213	CVE-2014-8380

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	54.87.87.13	ec2-54-87-87-13.compute-1.amazonaws.com	Leviathan	23/12/2020	verified	Médio
2	54.242.66.219	ec2-54-242-66-219.compute-1.amazonaws.com	Leviathan	23/12/2020	verified	Médio
3	XX.XX.XXX.XXX		Xxxxxxxxx	23/12/2020	verified	Alto
4	XX.XX.XXX.XXX		Xxxxxxxxx	23/12/2020	verified	Alto
5	XX.XX.XXX.XXX		Xxxxxxxxx	23/12/2020	verified	Alto
6	XXX.XXX.XXX.XXX		Xxxxxxxxx	17/12/2020	verified	Alto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	encrypt.c	predictive	Médio
2	File	ept.c	predictive	Baixo
3	File	xxxxx.xxx	predictive	Médio
4	File	xxxxx:xxxxxxxxxxx.xx	predictive	Alto
5	File	xxxx-xxx.xxx	predictive	Médio
6	File	xxxxxxxxxx-xxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxx	predictive	Alto
7	Argument	xxxxxxx	predictive	Baixo
8	Argument	xxxxxxx_xx	predictive	Médio
9	Argument	xxx	predictive	Baixo
10	Argument	xxxxx	predictive	Baixo
11	Input Value	xxxxxx/**/xxxx.	predictive	Alto
12	Input Value	xxxxxxxxxx:xxxxxx("xxx xx xxxxxxxxxxx");	predictive	Alto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!