Shamoon 2 Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Idioma

en	48
ru	6

País

us	46
ru	8

Actores

Shamoon 2	4
QakBot	1
Meterpreter	1

Interesse

Tipo

Not Defined	20
Image Processing Software	12
Testing Software	6
Groupware Software	4
Router Operating System	4

Fabricante

Not Defined	18
IBM	10
TP-LINK	8
Microsoft	4
SAP	2

Produto

LibTIFF	12
IBM Rational Collaborative Lifecycle Management	6
IBM Rational Quality Manager	6
IBM Rational Team Concert	6
IBM Rational DOORS Next Generation	6

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	ClamAV Antivirus AutoIt Module Negação de Serviço	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00063	0.02	CVE-2023-20212
2	Microsoft SharePoint direitos alargados	6.1	5.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00471	0.00	CVE-2017-8569
3	Ditty Plugin Roteiro Cruzado de Sítios	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00100	0.00	CVE-2022-0533
4	Moxa TN-4900/TN-5900 direitos alargados	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.00	CVE-2023-34217
5	D-Link DAP-2660 GET Request adv_resource Excesso de tampão	5.5	5.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00082	0.03	CVE-2023-39749
6	TP-LINK TL-WR841N/TL-WR940N/TL-WR941ND WlanSecurityRpm Excesso de tampão	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.03	CVE-2023-39747
7	TP-LINK TL-WR841N/TL-WR940N/TL-WR941ND GET Request AccessCtrlAccessRulesRpm Excesso de tampão	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.00	CVE-2023-39745
8	TP-LINK TL-WR1041N V2 GET Request NetworkCfgRpm Negação de Serviço	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.00	CVE-2023-39748
9	Private Internet Access direitos alargados	8.8	8.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00044	0.00	CVE-2022-27092
10	ASUS RT-AC88U Download Master Title direitos alargados	5.9	5.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.02	CVE-2020-29655
11	Mole Adult Portal Script profile.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00129	0.02	CVE-2009-4673
12	4images categories.php Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00207	0.00	CVE-2015-7708
13	4homepages 4images member.php Roteiro Cruzado de Sítios	3.5	3.4	$0-$5k	$0-$5k	High	Official Fix	0.00111	0.00	CVE-2009-2131
14	Kentico CMS CMS Administration Dashboard install.aspx direitos alargados	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.14830	0.04	CVE-2017-17736
15	FileZilla Server PORT direitos alargados	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.12	CVE-2015-10003
16	Microsoft SharePoint Content direitos alargados	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03414	0.00	CVE-2015-1700
17	Microsoft SharePoint Server Roteiro Cruzado de Sítios	4.8	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01035	0.00	CVE-2017-0107
18	Microsoft SharePoint Server Roteiro Cruzado de Sítios	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00187	0.00	CVE-2017-8654
19	Microsoft Excel Excesso de tampão	7.0	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.48559	0.02	CVE-2016-7236
20	ownCloud scan.php Divulgação de Informação	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00439	0.03	CVE-2016-1499

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	5.254.100.200		Shamoon 2	15/02/2024	verified	Alto
2	45.63.10.99	45.63.10.99.vultrusercontent.com	Shamoon 2	15/02/2024	verified	Alto
3	XX.XX.XXX.XX	xx.xx.xxx.xx.xxxxx.xxx	Xxxxxxx X	23/12/2020	verified	Médio
4	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxx.xxx	Xxxxxxx X	23/12/2020	verified	Médio
5	XX.XX.XXX.XX		Xxxxxxx X	15/02/2024	verified	Alto
6	XXX.XXX.XXX.XXX	xxxxxxxxxxx.xxx	Xxxxxxx X	15/02/2024	verified	Alto
7	XXX.XXX.XXX.XXX	xxxxxxxxxxxx.xxxxxxx.xxxx	Xxxxxxx X	15/02/2024	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1040	CWE-294	Authentication Bypass by Capture-replay	predictive	Alto
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/adv_resource	predictive	Alto
2	File	/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp	predictive	Alto
3	File	/userRpm/AccessCtrlAccessRulesRpm	predictive	Alto
4	File	/userRpm/NetworkCfgRpm	predictive	Alto
5	File	/xxxxxxx/xxxxxxxxxxxxxxx	predictive	Alto
6	File	/xxxxxx/xx/xxxxxxxxxxx.xxx	predictive	Alto
7	File	xxxxx/xxxxxxxxxx.xxx	predictive	Alto
8	File	xxxxxxxx.xxx	predictive	Médio
9	File	xxxxxxxxxx/xxxxxxx.xxxx	predictive	Alto
10	File	xxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxx	predictive	Alto
11	File	xxxxxx.xxx	predictive	Médio
12	File	xxxxxxx.xxx	predictive	Médio
13	File	xxx.xxx~xxxxxxxxxxxxxx!xxx/xxxxxxxxx	predictive	Alto
14	File	xxx.xxx~xx~xxxx~xxx~xxxxxxx~xxxxxxxx~xxx/xxxxxxxxxxx	predictive	Alto
15	File	xxx_xxxxxxxx.x	predictive	Alto
16	File	xxx_xxxxxxx.x	predictive	Alto
17	File	xxx_xxxxx.x	predictive	Médio
18	File	xxxxx/xxxxxxxx.x	predictive	Alto
19	File	xxxxx/xxxxxx.x	predictive	Alto
20	File	xxxxx/xxxxxxxx.x	predictive	Alto
21	Argument	xxx_xxxxxxxxxxx	predictive	Alto
22	Argument	xxx	predictive	Baixo
23	Argument	xxxxx	predictive	Baixo
24	Argument	xxxx	predictive	Baixo
25	Argument	xxxxxxxxxxx	predictive	Médio
26	Argument	xxxxxxxxxxxx	predictive	Médio
27	Argument	xxxx_xxxxxxxx	predictive	Alto
28	Argument	xxxx_xx	predictive	Baixo
29	Input Value	<xxxxxx>xxxxx(x)</xxxxxx>	predictive	Alto
30	Network Port	xxx/xxxx	predictive	Médio

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!