NDSW Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (77)

Idioma

en	60
ru	12
zh	2
it	2
de	2

País

ru	66
us	10
hr	2

Actores

NDSW	3
Locky	2
Emotet (Trickbot + Zeus Panda)	1
Hancitor (HelloFax Theme)	1
YKCOL (Locky Variant)	1

Interesse

Tipo

Not Defined	14
Programming Language Software	6
Router Operating System	6
Forum Software	4
Operating System	4

Fabricante

Not Defined	8
Microsoft	8
D-Link	4
Simple	2
TP-LINK	2

Produto

Microsoft Windows	4
beContent	2
WPML	2
Simple PHP Guestbook	2
Laravel	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	PHP Link Directory Administration Page index.html Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00374	1.02	CVE-2007-0529
2	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	2.21
3	Esoftpro Online Guestbook Pro ogp_show.php Injecção SQL	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00108	0.62	CVE-2009-4935
4	phpMyAdmin phpinfo.php Divulgação de Informação	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00142	0.04	CVE-2016-9848
5	MGB OpenSource Guestbook email.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	1.32	CVE-2007-0354
6	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.75	CVE-2010-0966
7	Flat PHP Board Directório Traversal	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.01
8	Simple PHP Guestbook guestbook.php Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02
9	212cafe 212cafeboard view.php Injecção SQL	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00064	0.06	CVE-2008-4713
10	Microsoft Office Object Remote Code Execution	7.0	6.9	$5k-$25k	$0-$5k	High	Official Fix	0.97339	0.57	CVE-2017-8570
11	LushiWarPlaner register.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00821	0.05	CVE-2007-0864
12	Lars Ellingsen Guestserver guestbook.cgi Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00169	0.04	CVE-2005-4222
13	Huawei SmartCare Dashboard Stored Roteiro Cruzado de Sítios	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00065	0.00	CVE-2017-15312
14	Flat PHP Board Directório Traversal	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.04
15	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
16	D-Link DIR-865L register_send.php Fraca autenticação	7.5	7.1	$5k-$25k	$5k-$25k	Proof-of-Concept	Not Defined	0.00109	0.02	CVE-2013-3096
17	jforum User direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.05	CVE-2019-7550
18	Cannot PHP infoBoard direitos alargados	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01049	0.00	CVE-2008-4334
19	Phplinkdirectory PHP Link Directory conf_users_edit.php Falsificação de Pedido Cross Site	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00526	0.04	CVE-2011-0643
20	Add Comments Plugin Setting Roteiro Cruzado de Sítios	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.00	CVE-2022-3909

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	109.234.35.249	v1020533.hosted-by-vdsina.ru	NDSW	29/07/2022	verified	Alto
2	XXX.XX.XXX.XX		Xxxx	29/07/2022	verified	Alto
3	XXX.XXX.XXX.XXX	xxxx.xx	Xxxx	29/07/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (41)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/forum/away.php	predictive	Alto
2	File	admin/conf_users_edit.php	predictive	Alto
3	File	admin/index.php	predictive	Alto
4	File	blog.php	predictive	Médio
5	File	comments/feed	predictive	Alto
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
7	File	xxxxxxxx.xxx	predictive	Médio
8	File	xxx/xxx/xxxxx	predictive	Alto
9	File	xxxxx.xxx	predictive	Médio
10	File	xxxxx.xxx	predictive	Médio
11	File	xxxxxxxxx.xxx	predictive	Alto
12	File	xxxxxxxxx.xxx	predictive	Alto
13	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxx	predictive	Alto
14	File	xxx/xxxxxx.xxx	predictive	Alto
15	File	xxxxx.xxxx	predictive	Médio
16	File	xxxxxxxx.xxx	predictive	Médio
17	File	xxxx.xxx	predictive	Médio
18	File	xxx_xxxx.xxx	predictive	Médio
19	File	xxxxxxx.xxx	predictive	Médio
20	File	xxxxxxxx.xxx	predictive	Médio
21	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Alto
22	File	xxxxxxxx_xxxx.xxx	predictive	Alto
23	File	xxx.x	predictive	Baixo
24	File	xxxxxx.xxx	predictive	Médio
25	File	xxxx.xxx	predictive	Médio
26	File	xxxxxx.xxx	predictive	Médio
27	Argument	xxxxxx	predictive	Baixo
28	Argument	xxxxxxxx	predictive	Médio
29	Argument	xxx	predictive	Baixo
30	Argument	xxxxxxxxxxx	predictive	Médio
31	Argument	xxxxxxx	predictive	Baixo
32	Argument	xx	predictive	Baixo
33	Argument	xxxx	predictive	Baixo
34	Argument	xxx	predictive	Baixo
35	Argument	xxxxxxxx	predictive	Médio
36	Argument	xxxxxxxx	predictive	Médio
37	Argument	xxxxxxxx	predictive	Médio
38	Argument	xxxxxx	predictive	Baixo
39	Argument	xxxx	predictive	Baixo
40	Argument	xxxxx	predictive	Baixo
41	Argument	xxxxxxxx	predictive	Médio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!