Sednit Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (95)

Idioma

en	72
de	10
es	8
fr	4
ru	2

País

us	56
ru	4
de	4
be	4
es	4

Actores

Grizzly Steppe	5
APT28	3
Mirai	3
Zeus	2
Cobalt Strike	2

Interesse

Tipo

Not Defined	18
Operating System	14
Web Server	8
Programming Language Software	6
Content Management System	6

Fabricante

Not Defined	36
Microsoft	12
Apache	6
Apple	4
Victor	2

Produto

PHP	6
Microsoft Windows	6
Apache HTTP Server	4
Apple macOS	4
Microsoft Exchange Server	4

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Apple macOS Sudo Excesso de tampão	6.5	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.97051	0.00	CVE-2021-3156
2	Microsoft IIS FastCGI Excesso de tampão	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.28264	0.08	CVE-2010-2730
3	Microsoft IIS Roteiro Cruzado de Sítios	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.17	CVE-2017-0055
4	Apache HTTP Server mod_cgid Negação de Serviço	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.24715	0.02	CVE-2014-0231
5	Drupal Injecção SQL	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00135	0.00	CVE-2008-2999
6	Nuked-Klan Partenaires module clic.php Injecção SQL	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00134	0.03	CVE-2010-4925
7	Contest Gallery Photos and Files Plugin Falsificação de Pedido Cross Site	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.04	CVE-2024-24887
8	MariaDB init_expr_cache_tracker Excesso de tampão	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00095	0.00	CVE-2022-32083
9	TikiWiki tiki-register.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.74	CVE-2006-6168
10	Django Admin Interface debug.py Roteiro Cruzado de Sítios	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00370	0.03	CVE-2016-6186
11	Mendelson OFTP2 Upload Directory Directório Traversal	4.6	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00090	0.00	CVE-2022-27906
12	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 Negação de Serviço	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00172	0.03	CVE-2023-20079
13	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 direitos alargados	9.8	9.7	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00287	0.00	CVE-2023-20078
14	Serendipity exit.php direitos alargados	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.38
15	Bitrix Site Manager redirect.php direitos alargados	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00113	0.03	CVE-2008-2052
16	OpenBB read.php Injecção SQL	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00250	0.00	CVE-2005-1612
17	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.04	CVE-2015-4134
18	eSyndicat Directory Software suggest-listing.php Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.17
19	iRZ RUH2 Firmware Patch Fraca autenticação	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00226	0.00	CVE-2016-2309
20	Joomla Injecção SQL	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00142	0.02	CVE-2022-23797

Campanhas (1)

These are the campaigns that can be associated with the actor:

Sednit

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	5.135.183.154	ns3290077.ip-5-135-183.eu	APT28	Sednit	15/12/2020	verified	Alto
2	31.7.62.103		Sednit		05/03/2022	verified	Alto
3	XX.XXX.XX.XX		Xxxxx	Xxxxxx	15/12/2020	verified	Alto
4	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxxx.xxxxxxxxx.xxx	Xxxxx	Xxxxxx	15/12/2020	verified	Alto
5	XX.XX.XX.X	xxxxxx-xx.xxxxxxxxxxxxxxxx.xxx	Xxxxx	Xxxxxx	15/12/2020	verified	Alto
6	XX.XXX.XX.XXX		Xxxxx	Xxxxxx	15/12/2020	verified	Alto
7	XX.XXX.XX.XXX	xxxx.xxxxxxxxxxxxxx.xxx	Xxxxx	Xxxxxx	15/12/2020	verified	Alto
8	XXX.XX.XXX.XXX		Xxxxx	Xxxxxx	15/12/2020	verified	Alto
9	XXX.XXX.XXX.XXX	xxxx.xxxxxxxxxxxxx.xxx	Xxxxx	Xxxxxx	15/12/2020	verified	Alto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-21, CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Alto
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (48)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/+CSCOE+/logon.html	predictive	Alto
2	File	/etc/config/image_sign	predictive	Alto
3	File	/home/httpd/cgi-bin/cgi.cgi	predictive	Alto
4	File	/htdocs/web/getcfg.php	predictive	Alto
5	File	/uncpath/	predictive	Médio
6	File	admin/admin.shtml	predictive	Alto
7	File	xxxxx/xxxxxxxx.xxx	predictive	Alto
8	File	xxxxx/xxxxxxxxx.xxx	predictive	Alto
9	File	xxxx.xxx	predictive	Médio
10	File	xxxx.xxx	predictive	Médio
11	File	xxx/xxxx/xxx/xxxxx_xxxx.x	predictive	Alto
12	File	xxx/xxxx/xxxx.x	predictive	Alto
13	File	xxx/xxxxxxxx/xxxx_xxxxx.x	predictive	Alto
14	File	xxxx.xxx	predictive	Médio
15	File	xxxxxxxxxxxxxx.xxx	predictive	Alto
16	File	xxxxx.xxx	predictive	Médio
17	File	xxxxx.xxx?x=/xxxx/xxxxxxxx	predictive	Alto
18	File	xxxxxx.x	predictive	Médio
19	File	xxx/xxxx/xxxx.x	predictive	Alto
20	File	xxxxx:xxxxxxxxxxx.xx	predictive	Alto
21	File	xxxx.xxx	predictive	Médio
22	File	xxxxxxxx.xxx	predictive	Médio
23	File	xxxxxxxx.xxx	predictive	Médio
24	File	xx-xxxxxxx.xxx	predictive	Alto
25	File	xxx.xxx	predictive	Baixo
26	File	xxxxxxxxxxx.x	predictive	Alto
27	File	xxxxxx_xxxxxxxxxx_xxxxxxxx_xxxxxxx_xxxxxxxx.x	predictive	Alto
28	File	xxxxxxx-xxxxxxx.xxx	predictive	Alto
29	File	xxxx-xxxxxxxx.xxx	predictive	Alto
30	File	xxx.xxx	predictive	Baixo
31	File	xxxxx/xxxxx.xx	predictive	Alto
32	File	xxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxx	predictive	Alto
33	File	xxxxxxx.xxx	predictive	Médio
34	Argument	xxxx	predictive	Baixo
35	Argument	xx	predictive	Baixo
36	Argument	xxxxxxxxx	predictive	Médio
37	Argument	xxxxxxxx	predictive	Médio
38	Argument	xxxxxx/xxxxx	predictive	Médio
39	Argument	xxx	predictive	Baixo
40	Argument	xxx	predictive	Baixo
41	Argument	xxxxxxx	predictive	Baixo
42	Argument	xxx	predictive	Baixo
43	Argument	xxxxx	predictive	Baixo
44	Argument	xxx	predictive	Baixo
45	Argument	xxxx_xxxxxxxxx/xxxx_xxxxxxxx	predictive	Alto
46	Argument	x=/	predictive	Baixo
47	Input Value	xxxxxx/**/xxxx.	predictive	Alto
48	Input Value	…/.	predictive	Baixo

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!