Scar Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Idioma

en	14
it	2

País

us	10
ru	4
it	2

Actores

Scar	2
TA505	1
Cobalt Strike	1
RedLine Stealer	1
Raccoon	1

Interesse

Tipo

Operating System	6
Database Software	2
Not Defined	2
Web Server	2
Firewall Software	2

Fabricante

Not Defined	4
Linux	4
Oracle	2
Microsoft	2
Cisco	2

Produto

Linux Kernel	4
Oracle Database Server	2
systemd	2
Microsoft Windows	2
nginx	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	CTI	EPSS	CVE
1	nginx HTTP/2 Negação de Serviço	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.09699	CVE-2018-16843
2	Microsoft Windows Runtime Remote Code Execution	8.1	7.4	$100k e mais	$5k-$25k	Unproven	Official Fix	0.00	0.47432	CVE-2022-21971
3	Joomla Usergroup Table direitos alargados	4.6	4.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00103	CVE-2021-26036
4	Bitrix24 Web Application Firewall Roteiro Cruzado de Sítios	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.07	0.00113	CVE-2020-13483
5	Linux Kernel Netfilter x_tables.c Excesso de tampão	8.8	8.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03	0.00256	CVE-2021-22555
6	Linux Kernel ptrace.c direitos alargados	7.8	7.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00052	CVE-2019-13272
7	HelpSystems Cobalt Strike Server Screenshot readCountedBytes Hotcobalt Negação de Serviço	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00246	CVE-2021-36798
8	Cisco ASA/Firepower Threat Defense Network Address Translation direitos alargados	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00111	CVE-2021-34790
9	systemd unit-name.c alloca Negação de Serviço	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00044	CVE-2021-33910
10	Hikvision Product Message direitos alargados	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.97493	CVE-2021-36260
11	RARLAB WinRAR Excesso de tampão	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00469	CVE-2008-7144
12	TP-LINK TL-WR740N Firmware Local Privilege Escalation	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00000
13	TP-LINK TL-WR841N Web Service Excesso de tampão	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.02223	CVE-2019-17147
14	Genymotion Desktop Clipboard Divulgação de Informação	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00419	CVE-2021-27549
15	Oracle Database Server OJVM direitos alargados	9.9	9.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.00165	CVE-2017-10202

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	35.186.232.167	167.232.186.35.bc.googleusercontent.com	Scar	06/05/2022	verified	Médio
2	52.85.151.4	server-52-85-151-4.iad89.r.cloudfront.net	Scar	17/07/2021	verified	Alto
3	52.85.151.59	server-52-85-151-59.iad89.r.cloudfront.net	Scar	17/07/2021	verified	Alto
4	64.186.131.47		Scar	12/04/2022	verified	Alto
5	67.228.31.225	e1.1f.e443.ip4.static.sl-reverse.com	Scar	12/04/2022	verified	Alto
6	72.21.81.240		Scar	05/05/2022	verified	Alto
7	XX.XXX.XXX.XX	xxxxxx.xx-xxx-xxx-xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx	17/07/2021	verified	Alto
8	XX.XXX.XXX.XXX		Xxxx	17/07/2021	verified	Alto
9	XX.XX.XXX.XX	xxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxx	Xxxx	17/07/2021	verified	Alto
10	XX.XX.XXX.XXX	xxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxx	Xxxx	17/07/2021	verified	Alto
11	XXX.XXX.XX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxx	05/05/2022	verified	Alto
12	XXX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxx	06/05/2022	verified	Alto
13	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxx	06/05/2022	verified	Alto
14	XXX.XXX.XXX.XX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxx	05/05/2022	verified	Alto
15	XXX.XXX.XX.XX	xx-xx-xxx.xxxxx.xxx	Xxxx	06/05/2022	verified	Alto
16	XXX.XXX.XX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxx	06/05/2022	verified	Alto
17	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxx	06/05/2022	verified	Alto
18	XXX.XXX.X.XX		Xxxx	17/07/2021	verified	Alto
19	XXX.XXX.X.XX	xxxxxx.xxxxxxxxxxx.xxx	Xxxx	17/07/2021	verified	Alto
20	XXX.XXX.XXX.XXX		Xxxx	12/04/2022	verified	Alto
21	XXX.XX.XX.XXX	xx-xx.xxxxxxxxxx.xxx	Xxxx	06/05/2022	verified	Alto
22	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxxx	06/05/2022	verified	Alto
23	XXX.XXX.XXX.XX	xxxx.xxxxx.xxx	Xxxx	05/05/2022	verified	Alto
24	XXX.XXX.XXX.XX	xxxx.xxxxx.xxx	Xxxx	05/05/2022	verified	Alto
25	XXX.XX.XXX.XXX	xxx.xxxxx.xxx.xx	Xxxx	05/05/2022	verified	Alto
26	XXX.XX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxx	06/05/2022	verified	Alto
27	XXX.XX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxx	06/05/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1059.007	CWE-79	Cross Site Scripting	predictive	Alto
2	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
3	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	basic/unit-name.c	predictive	Alto
2	File	components/bitrix/mobileapp.list/ajax.php/	predictive	Alto
3	File	xxxxxx/xxxxxx.x	predictive	Alto
4	File	xxx/xxxxxxxxx/x_xxxxxx.x	predictive	Alto
5	Argument	xxxxx[xxxxx][xx]	predictive	Alto

Referências (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!