Prometei Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (191)

Idioma

en	186
de	4
zh	2

País

us	188
id	2

Actores

Prometei	3
Dridex	1

Interesse

Tipo

Not Defined	30
Communications System	8
Forum Software	4
Operating System	4
Programming Language Software	4

Fabricante

Not Defined	18
Asterisk	6
Apple	4
Google	4
Sangoma	2

Produto

Asterisk PBX	6
YaBB	2
Sangoma FreePBX	2
Sangoma PBXact	2
Apple macOS	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	5.15
2	FLDS redir.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.32	CVE-2008-5928
3	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00122	0.83	CVE-2018-6200
4	Vunet VU Web Visitor Analyst redir.asp Injecção SQL	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.00119	0.51	CVE-2010-2338
5	Bitrix Site Manager redirect.php direitos alargados	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00113	0.00	CVE-2008-2052
6	Openads adclick.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01871	0.70	CVE-2007-2046
7	MGB OpenSource Guestbook email.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	2.10	CVE-2007-0354
8	GetSimpleCMS index.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00123	0.00	CVE-2019-9915
9	OpenX adclick.php Redirect	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00440	1.02	CVE-2014-2230
10	phpPgAds adclick.php vulnerabilidade desconhecida	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00317	1.46	CVE-2005-3791
11	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.65	CVE-2010-0966
12	Sangoma FreePBX/PBXact restapps Privilege Escalation	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00716	0.00	CVE-2020-10666
13	Issabel PBX Create New Rate Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.03	CVE-2021-34190
14	Issabel PBX Roteiro Cruzado de Sítios	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.04	CVE-2021-46558
15	DZCP deV!L`z Clanportal browser.php Divulgação de Informação	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.64	CVE-2007-1167
16	My Link Trader out.php Injecção SQL	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.20
17	WordPress AdServe adclick.php Injecção SQL	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.14	CVE-2008-0507
18	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.19	CVE-2015-4134
19	Asterisk PBX SIP Invite res_pjsip_session Negação de Serviço	4.8	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00114	0.00	CVE-2020-28327
20	Tiki Admin Password tiki-login.php Fraca autenticação	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	4.83	CVE-2020-15906

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	23.148.145.237	henhariden.info	Prometei	23/03/2023	verified	Alto
2	69.84.240.57		Prometei	23/03/2023	verified	Alto
3	103.40.123.34	ip-34.123.40.jogjaringan.net.id	Prometei	23/03/2023	verified	Alto
4	XXX.XX.XXX.XX	xx.xxx.xx.xx-xxxx.xxxx	Xxxxxxxx	23/03/2023	verified	Alto
5	XXX.XXX.XXX.XXX		Xxxxxxxx	23/03/2023	verified	Alto
6	XXX.XXX.XXX.XXX		Xxxxxxxx	23/03/2023	verified	Alto
7	XXX.XX.XXX.XX		Xxxxxxxx	23/03/2023	verified	Alto
8	XXX.XX.XX.XX	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxxx	08/01/2024	verified	Alto
9	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	23/03/2023	verified	Alto
10	XXX.XXX.XX.XX	xxxxxx.xxx-xxx-xx-xx.xxxx.xxx	Xxxxxxxx	23/03/2023	verified	Alto
11	XXX.XXX.XXX.XXX		Xxxxxxxx	23/03/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1059	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto

IOA - Indicator of Attack (53)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/admin/inquiries/view_details.php	predictive	Alto
2	File	/admin/maintenance/view_designation.php	predictive	Alto
3	File	/cgi-bin/touchlist_sync.cgi	predictive	Alto
4	File	/forum/away.php	predictive	Alto
5	File	/LogoStore/search.php	predictive	Alto
6	File	/mhds/clinic/view_details.php	predictive	Alto
7	File	/newsDia.php	predictive	Médio
8	File	/out.php	predictive	Médio
9	File	/xxxxxxxx-xxxxxxx.xxx	predictive	Alto
10	File	/xxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
11	File	xxxxxxx.xxx	predictive	Médio
12	File	xxxxx/xxxxxx.xxx	predictive	Alto
13	File	xxxxx/xxxx_xxxxx_xxxx.xxx	predictive	Alto
14	File	xxxxx/xxxxx.xxx	predictive	Alto
15	File	xxxxxxxx_xxxxxxxxxxxxxxxxx.xxx	predictive	Alto
16	File	xxxxx.xxx	predictive	Médio
17	File	xxxx.xxx	predictive	Médio
18	File	xxxx.xxx	predictive	Médio
19	File	xxx/xxxxxx.xxx	predictive	Alto
20	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Alto
21	File	xxxxx.xxx?xxxx=xxxxxxx_xxxxx	predictive	Alto
22	File	xxxxxxx/xxx.xxx	predictive	Alto
23	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
24	File	xxxx.xxx	predictive	Médio
25	File	xxxxx.xxx	predictive	Médio
26	File	xxxxx.xxx	predictive	Médio
27	File	xxxxxxxx.xxx	predictive	Médio
28	File	xxxxxxxxxx.xxx	predictive	Alto
29	File	xxxx-xxxxxxxxxx.xxx	predictive	Alto
30	File	xxxx-xxxxx.xxx	predictive	Alto
31	File	xxxxx/xxxxxxxx_xxxxxx/xxxxxx_xxxxxxxx_xxxxx.xxx	predictive	Alto
32	File	xxxxxxx.xxx	predictive	Médio
33	File	xxxx.xx	predictive	Baixo
34	Argument	xxxxxxxx	predictive	Médio
35	Argument	xxxxxxxx	predictive	Médio
36	Argument	xxxxx	predictive	Baixo
37	Argument	xxx	predictive	Baixo
38	Argument	xxxxxxxxxxx	predictive	Médio
39	Argument	xxxx	predictive	Baixo
40	Argument	xxxx	predictive	Baixo
41	Argument	xxxx	predictive	Baixo
42	Argument	xx	predictive	Baixo
43	Argument	xxxxxxxxx	predictive	Médio
44	Argument	xx	predictive	Baixo
45	Argument	xxxx/xxxxxx	predictive	Médio
46	Argument	xxxxxxxx	predictive	Médio
47	Argument	xxxxx	predictive	Baixo
48	Argument	xxxxxxxx	predictive	Médio
49	Argument	xxx	predictive	Baixo
50	Argument	xxx	predictive	Baixo
51	Argument	xxxxxxxx/xxxxxxxx	predictive	Alto
52	Input Value	xxxx' xxxxx xxx xxxxxx xxxxxx(xxxxxx('xxxxx','xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'),'xxxxx'),xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx-- xxxx&xxxxxx=	predictive	Alto
53	Pattern	\|xx\|	predictive	Baixo

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!