MirrorBlast Análise

IOB - Indicator of Behavior (589)

Curso de tempo

Idioma

en490
zh36
ru28
fr12
es10

País

us184
sc130
cn88
ru62
de18

Actores

Actividades

Interesse

Curso de tempo

Tipo

Fabricante

Produto

Microsoft Windows18
Circontrol CirCarLife10
phpMyAdmin10
WordPress8
Apache HTTP Server8

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00251CVE-2013-5033
2Esoftpro Online Guestbook Pro ogp_show.php Injecção SQL7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.200.00108CVE-2009-4935
3Palo Alto PAN-OS GlobalProtect Clientless VPN Excesso de tampão8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00112CVE-2021-3056
4WordPress Injecção SQL6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00467CVE-2022-21664
5Daemon-tools DAEMON Tools mfc80loc.dll direitos alargados8.47.9$0-$5kCalculadoProof-of-ConceptNot Defined0.000.00045CVE-2010-5239
6Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
7Joomla CMS com_easyblog Injecção SQL6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.250.00000
8Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.97285CVE-2021-34473
9VeronaLabs wp-statistics Plugin API Endpoint Blind Injecção SQL8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00250CVE-2019-13275
10Jetty URI direitos alargados5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.45704CVE-2021-34429
11Microsoft IIS Roteiro Cruzado de Sítios5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
12phpMyAdmin Username Injecção SQL7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00326CVE-2016-9864
13HP Router/Switch SNMP Divulgação de Informação3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00285CVE-2012-3268
14Cisco Linksys Router tmUnblock.cgi direitos alargados9.89.2$25k-$100k$0-$5kHighWorkaround0.060.00000
15Linksys WRT54GL Web Management Interface SysInfo1.htm Divulgação de Informação4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00046CVE-2024-1406
16Esoftpro Online Guestbook Pro ogp_show.php Roteiro Cruzado de Sítios4.34.2$0-$5k$0-$5kHighUnavailable0.020.00209CVE-2009-2441
17Teclib GLPI unlock_tasks.php Injecção SQL8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.12149CVE-2019-10232
18portable SDK for UPnP unique_service_name Excesso de tampão10.09.5$0-$5k$0-$5kHighOfficial Fix0.030.97445CVE-2012-5958
19SourceCodester Online Pizza Ordering System POST Parameter ajax.php delete_category Fraca autenticação7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.050.00187CVE-2023-0906
20Apache Struts ExceptionDelegator direitos alargados8.88.4$5k-$25k$0-$5kHighOfficial Fix0.020.36440CVE-2012-0391

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (26)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveAlto
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-94, CWE-1321Argument InjectionpredictiveAlto
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
6T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
13TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveAlto
18TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveAlto
19TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
20TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveAlto
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
22TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
23TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto
24TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
25TXXXX.XXXCWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
26TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (222)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/admin/sysmon.phppredictiveAlto
2File/api/content/posts/commentspredictiveAlto
3File/api/RecordingList/DownloadRecord?file=predictiveAlto
4File/apply.cgipredictiveMédio
5File/cgi-bin/koha/acqui/supplier.pl?op=enterpredictiveAlto
6File/debug/pprofpredictiveMédio
7File/Home/GetAttachmentpredictiveAlto
8File/html/device-idpredictiveAlto
9File/html/devstat.htmlpredictiveAlto
10File/html/repositorypredictiveAlto
11File/index.phppredictiveMédio
12File/members/view_member.phppredictiveAlto
13File/mhds/clinic/view_details.phppredictiveAlto
14File/modules/projects/vw_files.phppredictiveAlto
15File/nova/bin/consolepredictiveAlto
16File/owa/auth/logon.aspxpredictiveAlto
17File/php/ping.phppredictiveAlto
18File/rapi/read_urlpredictiveAlto
19File/rest/api/latest/projectvalidate/keypredictiveAlto
20File/scripts/unlock_tasks.phppredictiveAlto
21File/services/config/config.xmlpredictiveAlto
22File/services/system/setup.jsonpredictiveAlto
23File/SSOPOST/metaAlias/%realm%/idpv2predictiveAlto
24File/SysInfo1.htmpredictiveAlto
25File/sysinfo_json.cgipredictiveAlto
26File/xxxxxx/xxxx/xxxxxxx/xxx_xxxxx/xxxxxxxxxx.xxxpredictiveAlto
27File/xxxxxxx/predictiveMédio
28File/xxx-xxx/xxx.xxxpredictiveAlto
29File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveAlto
30Filexxxxxxx.xxxpredictiveMédio
31Filexxxxx.xxxxxxxxx.xxxpredictiveAlto
32Filexxxxx/xxxxxx.xxxpredictiveAlto
33Filexxxx.xxxpredictiveMédio
34Filexxxxxxx/xxxx.xxxpredictiveAlto
35Filexxx/xxx.xxxpredictiveMédio
36Filexxx-xxx/xxxx_xxx.xxxpredictiveAlto
37Filexxxxxx/xxx.xpredictiveMédio
38Filexxxxxxx.xxxpredictiveMédio
39Filexxxxxx.xpredictiveMédio
40Filexxxx/xxxxx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveAlto
41Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveAlto
42Filexxxxxxxxx.xxx.xxxpredictiveAlto
43Filexxxxx/xxxxx.xxxpredictiveAlto
44Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
45Filexxxx_xxxxx.xxxpredictiveAlto
46Filexxxx/xxxxpredictiveMédio
47Filexxxxx.xxxpredictiveMédio
48Filexxxxxx.xxxpredictiveMédio
49Filexxxxx.xxxpredictiveMédio
50Filexxxxxx_xxx.xpredictiveMédio
51Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveAlto
52Filexxx/xxxx/xxxx.xpredictiveAlto
53Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
54Filexxxxxxxxxxxxxx.xxpredictiveAlto
55Filexx/xx-xx.xpredictiveMédio
56Filexxx/xxxx_xxxx.xpredictiveAlto
57Filexxxxxx/xxxxxxxxxxxpredictiveAlto
58Filexxxx_xxxxxx.xpredictiveAlto
59Filexxxx/xxxxxxx.xpredictiveAlto
60Filexxxxx.xxxxpredictiveMédio
61Filexx/xxxxxxx/xxx.xpredictiveAlto
62Filexxx/xxxxxx.xxxpredictiveAlto
63Filexxx/xx/xxxx/xxxx.xxxxx.xxxpredictiveAlto
64Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveAlto
65Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveAlto
66Filexxxxx.xxxpredictiveMédio
67Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveAlto
68Filexxxxxxxx/xx/xxxx.xxpredictiveAlto
69Filexxxxxxxxxx.xxxpredictiveAlto
70Filexxxxxx.xpredictiveMédio
71Filexxxxxxxx.xxxpredictiveMédio
72Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveAlto
73Filexxxxxx/xxxxxx.xpredictiveAlto
74Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveAlto
75Filexxxxxxxxxxxx/xxx.xpredictiveAlto
76Filexxxxx.xxxpredictiveMédio
77Filexxx_xxxxxxxxx.xpredictiveAlto
78Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
79Filexxxxxxx.xxxpredictiveMédio
80Filexxx/xxx.xxxpredictiveMédio
81Filexxx_xxxxx_xxxx.xpredictiveAlto
82Filexxx/xxxxxpredictiveMédio
83Filexxx_xxxx.xxxpredictiveMédio
84Filexxx_xxxx.xxxpredictiveMédio
85Filexxxxxxx/xxxxpredictiveMédio
86Filexxxxxxx.xxxpredictiveMédio
87Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
88Filexxxx_xxxxxxx.xxxpredictiveAlto
89Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
90Filexxxxxx.xpredictiveMédio
91Filexxxx.xxxpredictiveMédio
92Filexxxxx.xxxpredictiveMédio
93Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveAlto
94Filexxxx.xxxpredictiveMédio
95Filexxxxxxxx.xxpredictiveMédio
96Filexxxxxxxxxx.xxxpredictiveAlto
97Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictiveAlto
98Filexxxxxxxxxxx.xxxpredictiveAlto
99Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveAlto
100Filexxx_xxxxx_xxxxxxxxx.xpredictiveAlto
101Filexxxxxxxx.xxxpredictiveMédio
102Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveAlto
103Filexxxxx.xxxpredictiveMédio
104Filexxxx.xxxpredictiveMédio
105Filexxxxx/xxxxx.xxxpredictiveAlto
106Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
107Filexxxxxxxx.xxxpredictiveMédio
108Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxpredictiveAlto
109Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveAlto
110Filexxxx.xxxpredictiveMédio
111Filexxxx-xxxxx.xxxpredictiveAlto
112Filexxx.xpredictiveBaixo
113Filexxxxxxxxx.xxxpredictiveAlto
114Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveAlto
115Filexxxxxx.xxxpredictiveMédio
116Filexxx xxxx xxxxxxxpredictiveAlto
117Filexxxx.xpredictiveBaixo
118FilexxxxxxxxxxpredictiveMédio
119Filexxxxxxx/xxxxx.xxxpredictiveAlto
120Filexxxxxx.xxxpredictiveMédio
121Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
122Filexxxxxxxxxxxxx.xxpredictiveAlto
123Library/_xxx_xxx/xxxxx.xxxpredictiveAlto
124Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveAlto
125Libraryxxx/xxxxxx.xpredictiveMédio
126Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveAlto
127Libraryxxxxxxxx.xxxpredictiveMédio
128Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveAlto
129Libraryxxxxxx.xxxpredictiveMédio
130Argument-xpredictiveBaixo
131Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveAlto
132ArgumentxxxxxxpredictiveBaixo
133Argumentxxxxxxx_xxxxpredictiveMédio
134Argumentxxxxxx_xxxxpredictiveMédio
135ArgumentxxxxxxxxxxxxxxpredictiveAlto
136ArgumentxxxxxxxxpredictiveMédio
137ArgumentxxxpredictiveBaixo
138ArgumentxxxxxxxxxxxxxxxpredictiveAlto
139ArgumentxxxpredictiveBaixo
140ArgumentxxxxxxxxxpredictiveMédio
141ArgumentxxxxxxxxxxxxxxxxxpredictiveAlto
142ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
143ArgumentxxxxxpredictiveBaixo
144Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveAlto
145ArgumentxxxxpredictiveBaixo
146Argumentxxxxxx_xxpredictiveMédio
147ArgumentxxxxxxxpredictiveBaixo
148Argumentxxxxxx/xxxxxxxpredictiveAlto
149Argumentxxxxxxxx[xxxx_xxx]predictiveAlto
150Argumentxxxxx->xxxxpredictiveMédio
151ArgumentxxxxxpredictiveBaixo
152ArgumentxxxxpredictiveBaixo
153ArgumentxxxxxxpredictiveBaixo
154Argumentxx_xxpredictiveBaixo
155Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictiveAlto
156ArgumentxxxxpredictiveBaixo
157ArgumentxxxxpredictiveBaixo
158ArgumentxxxxxxxxpredictiveMédio
159ArgumentxxxxpredictiveBaixo
160ArgumentxxpredictiveBaixo
161Argumentxxxxx_xxxxpredictiveMédio
162ArgumentxxxxpredictiveBaixo
163Argumentxxxxxxxx[xx]predictiveMédio
164ArgumentxxxpredictiveBaixo
165ArgumentxxxxxxxpredictiveBaixo
166ArgumentxxxxxxxxpredictiveMédio
167ArgumentxxxxxxxxxxpredictiveMédio
168Argumentxxxx_xxx_xxxxxxxx_xxxpredictiveAlto
169Argumentxxx_xxxxpredictiveMédio
170ArgumentxxxxxxpredictiveBaixo
171ArgumentxxxxpredictiveBaixo
172Argumentxxx_xxxxxxpredictiveMédio
173ArgumentxxxxxxxpredictiveBaixo
174ArgumentxxxxxxxpredictiveBaixo
175Argumentxxxx_xxxxxpredictiveMédio
176ArgumentxxxxxxxxpredictiveMédio
177ArgumentxxxxxxxxpredictiveMédio
178ArgumentxxxxpredictiveBaixo
179Argumentxxxxxx_xxxxpredictiveMédio
180ArgumentxxxxxxxpredictiveBaixo
181Argumentxxxxxx_xxxxxxxpredictiveAlto
182Argumentxxxxxxx/xxxxxpredictiveAlto
183Argumentxxxxx/xxxxxxxxpredictiveAlto
184ArgumentxxxxxxpredictiveBaixo
185ArgumentxxxxxpredictiveBaixo
186ArgumentxxxxxxxxxxxpredictiveMédio
187Argumentxxxxxx_xxxpredictiveMédio
188ArgumentxxxpredictiveBaixo
189Argumentxxxx_xxpredictiveBaixo
190Argumentxxxxxxxx_xxxxxxxxpredictiveAlto
191Argumentxx_xxx_xxxxxpredictiveMédio
192ArgumentxxxpredictiveBaixo
193ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
194Argumentxxxx_xxpredictiveBaixo
195ArgumentxxxpredictiveBaixo
196ArgumentxxxpredictiveBaixo
197ArgumentxxxxpredictiveBaixo
198ArgumentxxxxxxxxpredictiveMédio
199ArgumentxxxxxpredictiveBaixo
200Argumentxxxx/xx/xxxx/xxxpredictiveAlto
201ArgumentxxxxxxxxxpredictiveMédio
202Argumentx-xxxxxxxxx-xxxxxxpredictiveAlto
203Input Value.%xx.../.%xx.../predictiveAlto
204Input Value../predictiveBaixo
205Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveAlto
206Input ValuexxxxxpredictiveBaixo
207Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveAlto
208Input Valuexxxxxxx -xxxpredictiveMédio
209Input ValuexxxxxxxxxxpredictiveMédio
210Input Value\xpredictiveBaixo
211Input Value|<xxxxxxx>predictiveMédio
212Patternxxxxxx.xxxxxxpredictiveAlto
213Network PortxxxxpredictiveBaixo
214Network PortxxxxpredictiveBaixo
215Network Portxxxx xxxxpredictiveMédio
216Network Portxxx/xxpredictiveBaixo
217Network Portxxx/xxxpredictiveBaixo
218Network Portxxx/xxxpredictiveBaixo
219Network Portxxx/xxxx (xxx)predictiveAlto
220Network Portxxx/xxxxpredictiveMédio
221Network Portxxx/xxxxpredictiveMédio
222Network Portxxx/xxx (xxxx)predictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!