Palevo Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (379)

Idioma

en	330
zh	34
de	4
pl	4
es	4

País

cn	232
us	122
ru	6
es	2

Actores

Palevo	5
Cobalt Strike	2
PingPull	1
pupy	1
Locky	1

Interesse

Tipo

Not Defined	90
Router Operating System	36
Content Management System	34
Firewall Software	12
WordPress Plugin	12

Fabricante

Not Defined	110
D-Link	18
Apache	12
Joomla	10
Cisco	10

Produto

WordPress	12
Joomla CMS	10
Cisco ASA	8
Netgear R6220	6
Linux Kernel	6

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	AWStats Config awstats.pl Privilege Escalation	5.0	4.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.44
2	Trend Micro Apex One/Apex One as a Service Management Server Directório Traversal	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00215	0.00	CVE-2023-32557
3	WordPress Metadata direitos alargados	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01829	0.00	CVE-2018-20148
4	Hitron CODA-5310 System Configuration Interface Fraca autenticação	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00148	0.02	CVE-2023-30604
5	request-baskets API Request {name} direitos alargados	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08109	0.05	CVE-2023-27163
6	Galaxy gunicorn Directório Traversal	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00131	0.04	CVE-2022-23470
7	Cisco Identity Services Engine tcpdump direitos alargados	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00097	0.04	CVE-2022-20964
8	Drupal File direitos alargados	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00729	0.04	CVE-2017-6922
9	VMware Horizon DaaS RDP File direitos alargados	5.9	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00079	0.00	CVE-2017-4897
10	Ubiquiti EdgeRouter X OSPF direitos alargados [Questionado]	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01049	0.08	CVE-2023-1458
11	AWStats awstats.pl Path Divulgação de Informação	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00183	0.08	CVE-2018-10245
12	Fortinet FortiOS SSH Server direitos alargados	9.8	9.6	$25k-$100k	$0-$5k	High	Official Fix	0.68188	0.04	CVE-2016-1909
13	D-Link DIR-815 getcfg.php Divulgação de Informação	8.5	7.9	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00438	0.03	CVE-2018-10106
14	Hitron CODA-5310 Telnet Fraca autenticação	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00147	0.00	CVE-2023-30603
15	D-Link DIR-867/DIR-878/DIR-882 Fraca autenticação	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00098	0.04	CVE-2020-15633
16	Linux Kernel Page Table Isolation EntryBleed Divulgação de Informação	4.9	4.9	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00042	0.04	CVE-2022-4543
17	vsftpd deny_file vulnerabilidade desconhecida	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00312	0.05	CVE-2015-1419
18	D-Link DIR-820L lan.asp Privilege Escalation	6.3	6.1	$5k-$25k	$5k-$25k	High	Not Defined	0.45615	0.04	CVE-2022-26258
19	Netgear RV340/RV340W/RV345/RV345P direitos alargados	4.9	4.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00142	0.00	CVE-2023-20007
20	Realtek Jungle SDK MP Daemon UDPServer Excesso de tampão	7.3	7.3	$0-$5k	$0-$5k	High	Not Defined	0.96679	0.09	CVE-2021-35394

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	42.120.158.78		Palevo	13/06/2021	verified	Alto
2	67.210.170.169	67-210-170.169.static.tel-ott.com	Palevo	13/06/2021	verified	Alto
3	76.74.255.138	loom.com	Palevo	13/06/2021	verified	Alto
4	XX.XXX.X.XXX		Xxxxxx	13/06/2021	verified	Alto
5	XX.XXX.XXX.XX	xxx.xxxxxxxxx.xx	Xxxxxx	13/06/2021	verified	Alto
6	XXX.XX.XXX.XXX	xxxx.xxxxx.xxx	Xxxxxx	13/06/2021	verified	Alto
7	XXX.XXX.XX.XXX		Xxxxxx	13/06/2021	verified	Alto
8	XXX.XXX.XXX.XX	xxxxx-xx.xxxxxxx.xxxxxx.xxx	Xxxxxx	13/06/2021	verified	Alto
9	XXX.XXX.XXX.XXX	xxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxxxx	13/06/2021	verified	Alto
10	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xx	Xxxxxx	13/06/2021	verified	Alto
11	XXX.X.XXX.XX		Xxxxxx	13/06/2021	verified	Alto
12	XXX.X.XXX.XX		Xxxxxx	13/06/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CAPEC-137	CWE-88, CWE-94	Argument Injection	predictive	Alto
4	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
5	T1068	CAPEC-122	CWE-264, CWE-269, CWE-284	Execution with Unnecessary Privileges	predictive	Alto
6	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-150	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	Alto
8	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
11	TXXXX	CAPEC-	CWE-XXX, CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
12	TXXXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
13	TXXXX.XXX	CAPEC-492	CWE-XXXX	Xxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxx	predictive	Alto
14	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
15	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
16	TXXXX	CAPEC-102	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
17	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
18	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
19	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
20	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
21	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
22	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (165)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/+CSCOE+/logon.html	predictive	Alto
2	File	/addnews.html	predictive	Alto
3	File	/admin/system/database/filedown.php	predictive	Alto
4	File	/api/baskets/{name}	predictive	Alto
5	File	/bin/boa	predictive	Médio
6	File	/bin/protest	predictive	Médio
7	File	/cgi-bin/cstecgi.cgi	predictive	Alto
8	File	/cgi-bin/ExportSettings.sh	predictive	Alto
9	File	/cgi-bin/upload_vpntar	predictive	Alto
10	File	/getcfg.php	predictive	Médio
11	File	/HNAP1	predictive	Baixo
12	File	/htdocs/web/getcfg.php	predictive	Alto
13	File	/lan.asp	predictive	Médio
14	File	/MTFWU	predictive	Baixo
15	File	/network_test.php	predictive	Alto
16	File	/okm:root	predictive	Médio
17	File	/SetTriggerLEDBlink/Blink	predictive	Alto
18	File	/spip.php	predictive	Médio
19	File	/wp-content/plugins/updraftplus/admin.php	predictive	Alto
20	File	xxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxx	predictive	Alto
21	File	xxx.xxx	predictive	Baixo
22	File	xxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxx	predictive	Alto
23	File	xxxxx/xxxx_xxxxx_xxxx.xxx	predictive	Alto
24	File	xxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxx	predictive	Alto
25	File	xxxxx/xxxxx.xxx?x=xx_xxx&x=xxxxx&x=xxxxx&x=xxxxx_xxxx_xxxxxxx&xxxxx=xxxx&xxxxx=x	predictive	Alto
26	File	xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx	predictive	Alto
27	File	xxx.xxx	predictive	Baixo
28	File	xxxxx/xxxxxxx/xxxxxxxxxxxxx	predictive	Alto
29	File	xxxxxx.xxx	predictive	Médio
30	File	xxxxxxx.xx	predictive	Médio
31	File	xxx-xxx/xxxxxxxxxxxx.xxx/xxxxxxxxxxxx	predictive	Alto
32	File	xxxx/xxxxxx/xxxxx.xxx	predictive	Alto
33	File	xxxxxx.xxx	predictive	Médio
34	File	xxxxxxxx.xxx	predictive	Médio
35	File	xxx/xxxx_xxxxx	predictive	Alto
36	File	xxxxxx.xxx	predictive	Médio
37	File	xxxxx.xxx	predictive	Médio
38	File	xxxx/xxxxxxxxxx/xxxxxx-xxxx.x	predictive	Alto
39	File	xxxx/xxxxxxxxxx/xxxxxx-xxxxx.x	predictive	Alto
40	File	xxxx/xxxxxxxxxx/xxxxxx-xxx.x	predictive	Alto
41	File	xx_xxx_xx.x	predictive	Médio
42	File	xxxxxxxxx.xxx	predictive	Alto
43	File	xxxxx.xxx	predictive	Médio
44	File	xxxx.xxx	predictive	Médio
45	File	xxxxx.xxxx	predictive	Médio
46	File	xxxxx_xxxxx.xxx	predictive	Alto
47	File	xxxxxxxx/xxxxxxx/xxxxx.xxxxx.xxx	predictive	Alto
48	File	xxxxxxxx/xxxxxx.xxx	predictive	Alto
49	File	xxxxx.xxx	predictive	Médio
50	File	xxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxx	predictive	Alto
51	File	xxxxxxx.xxx	predictive	Médio
52	File	xxx/xxx.x	predictive	Médio
53	File	xxx_xxxxxxxxx.xxx	predictive	Alto
54	File	xxxxxx.x	predictive	Médio
55	File	xxxxxx/xxx_xxxxxx.x	predictive	Alto
56	File	xxxxxx.xx	predictive	Médio
57	File	xxxxxxx/xxxxx/xx/xxxxxx.xxxxx.xxx	predictive	Alto
58	File	xxxx/xxxxxx/xxxxx.xxx	predictive	Alto
59	File	xxxxx.xxx	predictive	Médio
60	File	xxxxxxxx.xxx	predictive	Médio
61	File	xxxxxxxx.xxx	predictive	Médio
62	File	xxx_xxx.x	predictive	Médio
63	File	xxx/xxxx/xxxx.x	predictive	Alto
64	File	xxxxxxx.xxx	predictive	Médio
65	File	xxxxxxxxxxx-xxxx.xx	predictive	Alto
66	File	xxxxxxx.xxx	predictive	Médio
67	File	xxxxxxxxxxx.xxx	predictive	Alto
68	File	xxxxx.x	predictive	Baixo
69	File	xxxxxxxx.xxxxx.xxx	predictive	Alto
70	File	xxxx/xxxxxxxxx.xxx	predictive	Alto
71	File	xxxx.xxx	predictive	Médio
72	File	xxxxx_xxxxx.xxx	predictive	Alto
73	File	xxxxxxxx.xxx	predictive	Médio
74	File	xxxxxx/xxxxx/xxx.x	predictive	Alto
75	File	xxxxxxx.xxx	predictive	Médio
76	File	xxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xx	predictive	Alto
77	File	xxxxx.xxx	predictive	Médio
78	File	xxx_xxxxxx.xxx	predictive	Alto
79	File	xxxxx-xxxxxxxxxxxx.xxx	predictive	Alto
80	File	xxxxx/_xxxxxxxx.xxx	predictive	Alto
81	File	xxxxxxxxx	predictive	Médio
82	File	xxxxxx.xxx	predictive	Médio
83	File	xxxx_xxxxx_xxxxx.xxx	predictive	Alto
84	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	Alto
85	File	xxxx/xxxx/xxxxx.xxx	predictive	Alto
86	File	xxxx_xxx_xxx_xxxx.xxx	predictive	Alto
87	File	xxxxx.xxx	predictive	Médio
88	File	xxx/xxxxxx-xxxxxxx.xxx	predictive	Alto
89	File	xxxxx.xxx	predictive	Médio
90	File	xxxxxxx/xxx.x	predictive	Alto
91	File	xxxxxxx/xxxxxxxxx.x	predictive	Alto
92	File	xx-xxxxx/xxxx-xxx.xxx	predictive	Alto
93	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Alto
94	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	Alto
95	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	Alto
96	File	xxx/xxxxxxxx/xxxxxxxx.xxx	predictive	Alto
97	File	xxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=x	predictive	Alto
98	Library	xxxxxx.xxx	predictive	Médio
99	Library	xxxxx.xxx	predictive	Médio
100	Library	xxx/xxxxxx/xxxxxx.xx	predictive	Alto
101	Library	xxx/xxxxxxxxxxxxx/xxxxxxxxxx.xx	predictive	Alto
102	Library	xxxxxx.xxx	predictive	Médio
103	Argument	$_xxxxx	predictive	Baixo
104	Argument	$_xxxxxxx['xxxx']	predictive	Alto
105	Argument	xx_xxxxx_xxx_xxxx	predictive	Alto
106	Argument	xxxxxx_xxxxxx	predictive	Alto
107	Argument	xxxx	predictive	Baixo
108	Argument	xxxxxx	predictive	Baixo
109	Argument	xxxxxx	predictive	Baixo
110	Argument	xxxxxxxxxx_xxxx	predictive	Alto
111	Argument	xxx	predictive	Baixo
112	Argument	xxxxxx_xxxxxxx	predictive	Alto
113	Argument	xxxxxx	predictive	Baixo
114	Argument	xxxxxxxx	predictive	Médio
115	Argument	xxxxxx xxxx	predictive	Médio
116	Argument	xxx	predictive	Baixo
117	Argument	xxxx	predictive	Baixo
118	Argument	xxx	predictive	Baixo
119	Argument	xxxxxx	predictive	Baixo
120	Argument	xxxxxxx	predictive	Baixo
121	Argument	xxxx	predictive	Baixo
122	Argument	xxxxxxxx	predictive	Médio
123	Argument	xxxxxxxxx	predictive	Médio
124	Argument	xxxxxx_xxxxx_xxx	predictive	Alto
125	Argument	xxxxx	predictive	Baixo
126	Argument	xxxxxxxxx/xxxxxx	predictive	Alto
127	Argument	xxxxxxx	predictive	Baixo
128	Argument	xxxxx_xx	predictive	Médio
129	Argument	xxxxx_xxxxxx	predictive	Médio
130	Argument	xxxx	predictive	Baixo
131	Argument	xxxx	predictive	Baixo
132	Argument	xx	predictive	Baixo
133	Argument	xxxxxxxxxxxxx	predictive	Alto
134	Argument	xxxxxxx_xxxxxx	predictive	Alto
135	Argument	xxx	predictive	Baixo
136	Argument	xxxx	predictive	Baixo
137	Argument	xxxxxx_xxxx_xxxx	predictive	Alto
138	Argument	xxxxxxxxxxxxxx	predictive	Alto
139	Argument	xxxxxxxxxxxxx	predictive	Alto
140	Argument	xxxxxxx	predictive	Baixo
141	Argument	xxx_xxxxx	predictive	Médio
142	Argument	xxxx	predictive	Baixo
143	Argument	xxxx	predictive	Baixo
144	Argument	xxxxx	predictive	Baixo
145	Argument	xxxxxxxx	predictive	Médio
146	Argument	xxxxxxxxxxxxxx	predictive	Alto
147	Argument	xxxxxx	predictive	Baixo
148	Argument	xxxx	predictive	Baixo
149	Argument	xxxxxxx/xxxxxxx	predictive	Alto
150	Argument	xxxxxx-xxxx-xx	predictive	Alto
151	Argument	xxxxx	predictive	Baixo
152	Argument	xxxxxxx[]	predictive	Médio
153	Argument	xxxxxxxxxx[xxxx]	predictive	Alto
154	Argument	xxxx	predictive	Baixo
155	Argument	xxxxxxxxxx_xxxx_xxxxxxx	predictive	Alto
156	Argument	xx	predictive	Baixo
157	Argument	xxxxxxxx	predictive	Médio
158	Argument	xxxxxxxx/xxxxxxxx	predictive	Alto
159	Argument	xxx	predictive	Baixo
160	Argument	xxxx->xxxxxxx	predictive	Alto
161	Argument	_xxxxxxxxx	predictive	Médio
162	Argument	_xxxxxxx	predictive	Médio
163	Input Value	../../	predictive	Baixo
164	Input Value	..\	predictive	Baixo
165	Network Port	xxx/xxx (xxxx)	predictive	Alto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!