Not Petya Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (132)

Curso de tempo

Idioma

en108
pl8
de4
es4
ru4

País

us110
ru6
at2
fr2
es2

Actores

Not Petya2
Remcos1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined54
Content Management System16
Operating System4
Forum Software4
Web Server4

Fabricante

Not Defined40
DUware6
Joomla4
Microsoft4
Oracle4

Produto

Joomla CMS4
Microsoft Windows4
Oracle WebDB4
nginx4
Synacor Zimbra Collaboration Suite4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Tiki Admin Password tiki-login.php Fraca autenticação8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.27CVE-2020-15906
2SPIP spip.php Roteiro Cruzado de Sítios3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.44CVE-2022-28959
3LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.20
4DZCP deV!L`z Clanportal config.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.75CVE-2010-0966
5Joomla CMS com_easyblog Injecção SQL6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.48
6MGB OpenSource Guestbook email.php Injecção SQL7.37.3$0-$5k$0-$5kHighUnavailable0.013021.32CVE-2007-0354
7TikiWiki tiki-register.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.36CVE-2006-6168
8DUware DUdownload detail.asp Injecção SQL7.37.1$0-$5k$0-$5kHighUnavailable0.002540.03CVE-2006-6367
9Grandstream GAC2500/GXP2200/GVC3202/GXV3275/GXV3240 Excesso de tampão8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.927770.04CVE-2019-10655
10Canon Imagerunner 5000i Negação de Serviço7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.011100.00CVE-2004-2166
11jforum Roteiro Cruzado de Sítios4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001180.00CVE-2012-5337
12Pivotal RabbitMQ password direitos alargados7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003430.00CVE-2016-9877
13Adminer direitos alargados8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006790.03CVE-2018-7667
14logwatch logwatch.pl direitos alargados9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.051510.03CVE-2011-1018
15Microsoft Windows direitos alargados7.87.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.001750.00CVE-2017-0165
16DZOIC Handshakes index.php Injecção SQL7.37.1$0-$5k$0-$5kHighUnavailable0.001070.07CVE-2008-2781
17Qt-cute QuickTalk guestbook qtg_msg_view.php Injecção SQL7.37.1$0-$5k$0-$5kHighUnavailable0.002690.00CVE-2007-3538
18KENT-WEB ACCESS REPORT Web Access Roteiro Cruzado de Sítios4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001360.02CVE-2012-5176
19WP-ViperGB Plugin remove_query_arg Roteiro Cruzado de Sítios5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.02CVE-2015-9356
20Phpsugar PHP Melody page_manager.php Roteiro Cruzado de Sítios5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000830.00CVE-2017-15648

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
1159.148.186.214whattimeisnow.netNot Petya24/12/2017verifiedAlto
2XXX.XX.XXX.XXXxxxxxxxxx.xx-xxx-xx-xxx.xxXxx Xxxxx24/12/2017verifiedAlto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
11TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (88)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File.htaccesspredictiveMédio
2File/forum/away.phppredictiveAlto
3File/manager?action=getlogcatpredictiveAlto
4File/spip.phppredictiveMédio
5File/tmppredictiveBaixo
6Fileadmin/admin.phppredictiveAlto
7Fileadmin/conf_users_edit.phppredictiveAlto
8Fileadmin/developer/predictiveAlto
9Fileadmin/index.phppredictiveAlto
10Fileadmin/ueditor/uploadFilepredictiveAlto
11Filexxxxxxxxxxx/xxxxxxxxxx.xxpredictiveAlto
12Filexxx.xxxpredictiveBaixo
13Filexxxxxxx.xxpredictiveMédio
14Filexxxxx.xxxpredictiveMédio
15Filexxx.xxxpredictiveBaixo
16Filexxx.xxxpredictiveBaixo
17Filexxxx/xxxxxxxx.xxpredictiveAlto
18Filexxxxxx.xxpredictiveMédio
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
20Filexxxxxxx.xxxpredictiveMédio
21Filexxxxxx.xxxpredictiveMédio
22Filexxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
23Filexxxxx.xxxpredictiveMédio
24Filexxxxxxxx.xxxpredictiveMédio
25Filexxxxx_xxxxxxxx.xxxpredictiveAlto
26Filexxxx/xxxxxxx.xpredictiveAlto
27Filexxx/xxxxxx.xxxpredictiveAlto
28Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
29Filexxxxxxxx/xxxxxxx.xxxpredictiveAlto
30Filexxxxx.xxxpredictiveMédio
31Filexxxxxxxxxxx/xxxxxxx.xpredictiveAlto
32Filexxxxx.xxxpredictiveMédio
33Filexxxxxxxx.xxpredictiveMédio
34Filexxx.xxxpredictiveBaixo
35Filexxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveAlto
36Filexxxxxxx/xxxxxxx_xxxxxxx_xxxxxxx/xxxxxxx.xxxxxx.xxxxxxx_xxxxxxx_xxxxxxx.xxxpredictiveAlto
37Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveAlto
38Filexxxx_xxxxxxx.xxxpredictiveAlto
39Filexxxxxxx.xxxpredictiveMédio
40Filexxxxxxxx.xpredictiveMédio
41Filexxx_xxx_xxxx.xxxpredictiveAlto
42Filexxxx_xxxx.xxxpredictiveAlto
43Filexxxxxxxx.xxxpredictiveMédio
44Filexxx.xxxpredictiveBaixo
45Filexxxxxxxx.xxxpredictiveMédio
46Filexxxxxx.xxxpredictiveMédio
47Filexxx_xxxxx.xxxpredictiveAlto
48Filexxxxxxxx/xxxxxxxxxxx.xxpredictiveAlto
49Filexxxx-xxxxx.xxxpredictiveAlto
50Filexxxx-xxxxxxxx.xxxpredictiveAlto
51Filexxxxxxxx/xxxxxxxxpredictiveAlto
52FilexxxxxxxpredictiveBaixo
53ArgumentxxxxxxxpredictiveBaixo
54Argumentxxxxxxx_xxxxxxx_xxxxxpredictiveAlto
55ArgumentxxxxxxxxpredictiveMédio
56ArgumentxxxxxxpredictiveBaixo
57ArgumentxxxxxxxpredictiveBaixo
58ArgumentxxxpredictiveBaixo
59Argumentxxx_xxxxpredictiveMédio
60Argumentxxxx/xxxx/xxxxxxxxxpredictiveAlto
61ArgumentxxxxpredictiveBaixo
62ArgumentxxxxxpredictiveBaixo
63ArgumentxxxxxxxxxpredictiveMédio
64ArgumentxxxxpredictiveBaixo
65ArgumentxxpredictiveBaixo
66Argumentxx[]predictiveBaixo
67ArgumentxxxxpredictiveBaixo
68ArgumentxxxxxxpredictiveBaixo
69ArgumentxxxxxpredictiveBaixo
70ArgumentxxxxxxxpredictiveBaixo
71ArgumentxxxxxxxxxxxxpredictiveMédio
72Argumentxxxxxxx/xxxxxx_xxpredictiveAlto
73Argumentx_xxxxxx_xxxxx_xxxxpredictiveAlto
74Argumentxxxx_xxxxxpredictiveMédio
75ArgumentxxxxxxxxpredictiveMédio
76ArgumentxxxxxxxxpredictiveMédio
77ArgumentxxxxxxxxpredictiveMédio
78ArgumentxxxxpredictiveBaixo
79ArgumentxxxxxxpredictiveBaixo
80Argumentxxxxxx[xxxx]predictiveMédio
81ArgumentxxxxxpredictiveBaixo
82ArgumentxxxxpredictiveBaixo
83ArgumentxxxxxxxxpredictiveMédio
84Argumentx-xxxxxxxxx-xxxpredictiveAlto
85Input Value../predictiveBaixo
86Input Value<xxx xxx=x xxxxxxx=xxxxx('xxx') />predictiveAlto
87Input Valuexxxx.xxx::$xxxxpredictiveAlto
88Network Portxxxx/xxxxpredictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!