Shlayer Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Curso de tempo

Idioma

en20

País

us10
rs2
gb2
nl2
ma2

Actores

Shlayer1
Remcos1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined8
Connectivity Software2
Content Management System2
Programming Language Software2
Chip Software2

Fabricante

Acunetix2
Seowon Intech2
Not Defined2
LogicBoard2
Thomas R. Pasawicz2

Produto

Acunetix Web Vulnerability Scanner2
Seowon Intech SLC-1302
Seowon Intech SLR-120S2
OpenSSH2
LogicBoard CMS2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable6.980.00000
2lighttpd mod_evhost/mod_simple_vhost Directório Traversal5.34.6$0-$5kCalculadoProof-of-ConceptOfficial Fix0.000.14448CVE-2013-2324
3Samsung DSP Driver ELF Library direitos alargados6.46.1$0-$5kCalculadoNot DefinedOfficial Fix0.020.00078CVE-2021-25371
4Seowon Intech SLC-130/SLR-120S system_log.cgi direitos alargados8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.96263CVE-2020-17456
5Cisco Unified Communications Manager Database User Privilege Divulgação de Informação5.85.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00093CVE-2022-20791
6Neato Botvac Connected USB Serial Port direitos alargados4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00109CVE-2018-20785
7Neato Botvac Connected/Botvac 85 Black Box Log rc4_crypt RC4 Encriptação fraca3.43.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00060CVE-2018-17177
8Facebook WhatsApp/WhatsApp Business/WhatsApp Desktop RTCP Flag Parser Divulgação de Informação6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00138CVE-2021-24043
9Qualcomm Snapdragon Wired Infrastructure and Networking TrustZone BSP Excesso de tampão5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2020-11259
10Qualcomm Snapdragon Wired Infrastructure and Networking TrustZone BSP Excesso de tampão5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2020-11258
11Python Software Foundation BaseHTTPServer HTTP Request Negação de Serviço7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.050.00000
12Dell SupportAssist Client direitos alargados7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00248CVE-2019-3719
13Acunetix Web Vulnerability Scanner Negação de Serviço3.73.5$0-$5k$0-$5kProof-of-ConceptUnavailable0.020.00000
14Plohni Advanced Comment System Installation index.php direitos alargados7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00997CVE-2009-4623
15OpenSSH Authentication Username Divulgação de Informação5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
16Forescout CounterACT direitos alargados5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00452CVE-2012-4985
17ForeScout CounterACT Roteiro Cruzado de Sítios4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00195CVE-2012-1825
18Apache HTTP Server Limit Directive ap_limit_section Excesso de tampão6.46.3$5k-$25k$0-$5kHighOfficial Fix0.030.97305CVE-2017-9798
19Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
134.225.46.51ec2-34-225-46-51.compute-1.amazonaws.comShlayer28/08/2022verifiedMédio
2XX.XX.XX.XXXxxxxxx28/08/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1006CWE-22, CWE-36Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/bin/rc4_cryptpredictiveAlto
2File/forum/away.phppredictiveAlto
3Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
4Filexxxxx.xxxpredictiveMédio
5Filexxxxxx_xxx.xxxpredictiveAlto
6Argumentxxx_xxxxpredictiveMédio
7ArgumentxxxxxxxxpredictiveMédio
8ArgumentxxxxxxpredictiveBaixo
9ArgumentxxxxxxxxpredictiveMédio
10ArgumentxxxxxxxpredictiveBaixo
11ArgumentxxxxxxxxpredictiveMédio
12Input Value*^xxxxx!xpredictiveMédio
13Input Value../predictiveBaixo
14Network Portxxx xxxxxx xxxxpredictiveAlto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!