Satan Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (226)

Curso de tempo

Idioma

en170
zh46
ru6
de4

País

la220
us4
cn2

Actores

Cobalt Strike10
Ave Maria9
RedLine Stealer6
AsyncRAT5
Remcos4

Actividades

Interesse

Curso de tempo

Tipo

Not Defined92
Content Management System22
Groupware Software8
Operating System8
Programming Language Software8

Fabricante

Not Defined80
Microsoft12
Apache10
Alt-N4
Sophos4

Produto

Apache Tomcat6
ZoneMinder4
CodeIgniter4
Moodle4
Microsoft Exchange Server4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1TikiWiki tiki-register.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.34CVE-2006-6168
2Tiki Admin Password tiki-login.php Fraca autenticação8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.07CVE-2020-15906
3DZCP deV!L`z Clanportal config.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.74CVE-2010-0966
4Drupal Sanitization API Roteiro Cruzado de Sítios3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
5LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.38
6LiteSpeed Cache Plugin Shortcode Roteiro Cruzado de Sítios3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
7WebTitan Appliance Extensions Persistent Roteiro Cruzado de Sítios3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
8ipTIME NAS-I Bulletin Manage direitos alargados7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.03CVE-2020-7847
9request-baskets API Request {name} direitos alargados6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
10PHP phpinfo Roteiro Cruzado de Sítios4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
11nginx direitos alargados6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.72CVE-2020-12440
12Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.371130.00CVE-2021-34480
13DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd direitos alargados4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.04CVE-2022-41479
14Basilix Webmail login.php3 direitos alargados7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
15JoomlaTune Com Jcomments admin.jcomments.php Roteiro Cruzado de Sítios4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.04CVE-2010-5048
16Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001690.00CVE-2023-21735
17Alt-N MDaemon Worldclient direitos alargados4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
18CouchCMS mysql2i.func.php Path Divulgação de Informação3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
19Esri ArcGIS Server Injecção SQL8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.04CVE-2021-29114
20Kind Editor File Upload upload_json.php direitos alargados5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.00CVE-2017-1002024

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
16.43.51.17Satan21/05/2019verifiedAlto
245.124.132.119Satan15/06/2018verifiedAlto
3XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxxx21/05/2019verifiedAlto
4XXX.XX.XXX.XXXxxxxxx.xxx.xxXxxxx21/05/2019verifiedAlto
5XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxxx21/05/2019verifiedAlto
6XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxxx21/05/2019verifiedAlto

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
16TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictiveAlto
17TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
18TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (124)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/admin/dl_sendmail.phppredictiveAlto
2File/adminPage/conf/reloadpredictiveAlto
3File/api/baskets/{name}predictiveAlto
4File/api/v2/cli/commandspredictiveAlto
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveAlto
6File/DXR.axdpredictiveMédio
7File/forum/away.phppredictiveAlto
8File/mfsNotice/pagepredictiveAlto
9File/novel/bookSetting/listpredictiveAlto
10File/novel/userFeedback/listpredictiveAlto
11File/owa/auth/logon.aspxpredictiveAlto
12File/spip.phppredictiveMédio
13File/var/WEB-GUI/cgi-bin/telnet.cgipredictiveAlto
14File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveAlto
15File/xx/xxxxx.xxxpredictiveAlto
16Filexxxxxxx.xxxpredictiveMédio
17Filexxxxx.xxxxxxxxx.xxxpredictiveAlto
18Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
19Filexxxx/xxxxxxxxxxxx.xxxpredictiveAlto
20Filexxxx.xxxpredictiveMédio
21Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveAlto
22Filexxxx_xxxxxxx.xxxpredictiveAlto
23Filexxxxx.xxxpredictiveMédio
24Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveAlto
25Filexxxxx-xxxxxxx.xxxpredictiveAlto
26Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
27Filexxxxxxxxxx\xxxx.xxxpredictiveAlto
28Filexxxxxxxxxxx.xxxpredictiveAlto
29Filexxxx-xxxxxx.xxxpredictiveAlto
30Filexxxxxxxxxxx.xxxxx.xxxpredictiveAlto
31Filexxxx.xxxpredictiveMédio
32Filexxxxx_xxxx.xxxpredictiveAlto
33Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveAlto
34Filexxx/xxxxxx.xxxpredictiveAlto
35Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveAlto
36Filexxxxx.xxxxpredictiveMédio
37Filexxxxx.xxxpredictiveMédio
38Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveAlto
39Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveAlto
40Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveAlto
41Filexxxx_xxxxxxx.xxxpredictiveAlto
42Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveAlto
43Filexxxxx.xxxxpredictiveMédio
44Filexxxxx.xxxpredictiveMédio
45Filexxxx.xxxxpredictiveMédio
46Filexx_xxxx.xpredictiveMédio
47Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveAlto
48Filexxxxxxx_xxxx.xxxpredictiveAlto
49Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
50Filexxxxxxx.xxxpredictiveMédio
51Filexxxxx-xxxxxxx.xxxpredictiveAlto
52Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveAlto
53Filexxxx_xxxx_xxxxxx.xxxpredictiveAlto
54Filexxxx_xxxxx.xxxxpredictiveAlto
55Filexxxxxxxxxx_xxxx.xxxpredictiveAlto
56Filexxx/xxxx/xxxxpredictiveAlto
57Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveAlto
58Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveAlto
59Filexxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
60Filexxxx_xxxxxx.xxpredictiveAlto
61Filexxxx-xxxxx.xxxpredictiveAlto
62Filexxxx-xxxxxxxx.xxxpredictiveAlto
63Filexxxxxx_xxxxx.xxxpredictiveAlto
64Filexxxxxx.xxxpredictiveMédio
65Filexxxxxxx-xxxxx.xxxpredictiveAlto
66Filexxxx_xxxxx.xxxpredictiveAlto
67Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveAlto
68Filexxxx.xxxpredictiveMédio
69Filexx-xxxxx-xxxxxx.xxxpredictiveAlto
70Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveAlto
71Filexxxx.xxxpredictiveMédio
72File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveAlto
73File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveAlto
74Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveAlto
75Argumentxxx_xxxpredictiveBaixo
76ArgumentxxxxpredictiveBaixo
77ArgumentxxxxxxxxxpredictiveMédio
78ArgumentxxxxxxxxpredictiveMédio
79Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveAlto
80Argumentxxxxx_xxxxpredictiveMédio
81Argumentxxxx_xxx_xxxxpredictiveAlto
82ArgumentxxxxxxxxxxpredictiveMédio
83ArgumentxxxpredictiveBaixo
84ArgumentxxxxxxxxxxxxxxxpredictiveAlto
85ArgumentxxxxpredictiveBaixo
86Argumentxxxxxxxxx_xxxxxxpredictiveAlto
87ArgumentxxxxxxxxxpredictiveMédio
88Argumentxx_xxxxxxxpredictiveMédio
89ArgumentxxxxpredictiveBaixo
90ArgumentxxxxxxxxpredictiveMédio
91ArgumentxxxxxpredictiveBaixo
92Argumentxxxxxx_xxxxxpredictiveMédio
93Argumentxx_xxpredictiveBaixo
94Argumentxxxxxxx[xxxxxxx]predictiveAlto
95ArgumentxxxxxxxpredictiveBaixo
96ArgumentxxxxxxpredictiveBaixo
97ArgumentxxxxxpredictiveBaixo
98ArgumentxxpredictiveBaixo
99ArgumentxxxpredictiveBaixo
100ArgumentxxxxpredictiveBaixo
101ArgumentxxxxpredictiveBaixo
102Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveAlto
103ArgumentxxxxxxxxpredictiveMédio
104Argumentxxxxxx/xxxxx/xxxxpredictiveAlto
105ArgumentxxxxxxxpredictiveBaixo
106ArgumentxxxxpredictiveBaixo
107ArgumentxxxxpredictiveBaixo
108Argumentxxxxxx_xxxxxxpredictiveAlto
109Argumentxxxxxxxx_xxpredictiveMédio
110Argumentxxxxxx_xxxxxpredictiveMédio
111Argumentxxxx_xxxxpredictiveMédio
112ArgumentxxxxpredictiveBaixo
113ArgumentxxxxxxpredictiveBaixo
114ArgumentxxxxxxxpredictiveBaixo
115ArgumentxxxpredictiveBaixo
116Argumentxxx_xxpredictiveBaixo
117ArgumentxxxxxpredictiveBaixo
118ArgumentxxxpredictiveBaixo
119ArgumentxxxxxxxxpredictiveMédio
120Argument_xxx_xxxxxxxxxxx_predictiveAlto
121Input Valuexxxxxxxxx' xxx 'x'='xpredictiveAlto
122Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
123Pattern|xx xx xx xx|predictiveAlto
124Network PortxxxxxpredictiveBaixo

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!