Prowli Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (13)

Idioma

en	10
de	4

País

ru	12

Actores

ProLock	1
Baldr	1
Gafgyt_tor	1
Prowli	1
WordPress SMTP Exploit	1

Interesse

Tipo

Not Defined	4
Enterprise Resource Planning Software	2
Content Management System	2
Network Encryption Software	2
WordPress Plugin	2

Fabricante

Not Defined	8
Check Point	2
Oracle	2

Produto

Check Point Endpoint Security	2
Oracle PeopleSoft Enterprise HRMS	2
WordPress	2
OpenSSL	2
Werkzeug	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	OpenSSL 64-bit Block Cipher SWEET32 Divulgação de Informação	6.5	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00528	0.02	CVE-2016-2183
2	Werkzeug URL Redirect	5.8	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00114	0.00	CVE-2020-28724
3	Pallets Werkzeug HTTP Request Parser direitos alargados	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00113	0.00	CVE-2022-29361
4	Oracle PeopleSoft Enterprise HRMS Time/Labor vulnerabilidade desconhecida	5.4	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2020-14612
5	Micgr Mic Blog category.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00140	0.02	CVE-2008-6805
6	ThemeMakers Accio Responsive Parallax One Page Site Template wp_users.dat Divulgação de Informação	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00703	0.02	CVE-2015-9485
7	WordPress Plugin Installation uploads direitos alargados	6.7	6.7	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.31598	0.03	CVE-2018-14028
8	WordPress Media Attachment media-upload.php direitos alargados	5.4	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00157	0.03	CVE-2012-6634
9	Fortinet FortiOS Single Sign-On Divulgação de Informação	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00463	0.04	CVE-2018-9185
10	Check Point Endpoint Security Password Policy Unlock.exe direitos alargados	5.1	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00063	0.00	CVE-2013-5635
11	PHPOK File Upload direitos alargados	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00194	0.02	CVE-2018-8944

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	185.212.128.154	free.ptr1.ru	Prowli		13/02/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1068	CWE-264	Execution with Unnecessary Privileges	predictive	Alto
2	T1204.001	CWE-601	Open Redirect	predictive	Alto
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	category.php	predictive	Médio
2	File	Unlock.exe	predictive	Médio
3	File	xx-xxxxx/xxxxx-xxxxxx.xxx	predictive	Alto
4	File	xx-xxxxxxx/xxxxxxx	predictive	Alto
5	File	xx-xxxxxxx/xxxxxxx/xxx_xx_xxxxxxx/xx_xxxxx.xxx	predictive	Alto
6	Argument	xxxx_xx	predictive	Baixo
7	Argument	xxxx	predictive	Baixo
8	Argument	xxxx_xxxxx/xxxx_xxxx/xxxx_xxxxx	predictive	Alto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you know our Splunk app?

Download it now for free!