Stealth Falcon Análise

IOB - Indicator of Behavior (50)

Curso de tempo

Idioma

en38
de8
zh2
it2

País

Actores

Actividades

Interesse

Curso de tempo

Tipo

Fabricante

Produto

Apache Tomcat4
phpMyAdmin4
Cisco Snort++2
Backdoor.Win32.Hupigon.acio2
Yoast SEO Plugin2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1Archive_Tar Tar.php Directório Traversal6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.020.92368CVE-2020-36193
2Umbraco CMS File Upload direitos alargados6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00077CVE-2020-9472
3ILIAS direitos alargados8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.040.00148CVE-2023-36487
4JCK Editor links.php Injecção SQL8.58.3$0-$5k$0-$5kHighNot Defined0.020.81623CVE-2018-17254
5ILIAS Email Verification Privilege Escalation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00314CVE-2022-31266
6Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.45352CVE-2023-21716
7Joomla CMS LDAP Authentication Password direitos alargados7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01039CVE-2017-14596
8Microsoft Exchange Server Privilege Escalation8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.01192CVE-2023-21529
9Thales SafeNet Authentication Service Encriptação fraca8.38.1$0-$5kCalculadoNot DefinedOfficial Fix0.040.00044CVE-2021-42810
10DZCP deV!L`z Clanportal config.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.680.00943CVE-2010-0966
11ZeroShell kerbynet direitos alargados8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.030.95742CVE-2020-29390
12Backdoor.Win32.Hupigon.acio direitos alargados6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
13Yoast SEO Plugin Term Description direitos alargados9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00244CVE-2019-13478
14phpMyAdmin Navigation Tree Roteiro Cruzado de Sítios5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.19761CVE-2018-19970
15Palo Alto PAN-OS SAML Authentication Fraca autenticação10.09.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00451CVE-2020-2021
16Wowza Streaming Engine MBeans Server direitos alargados8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01533CVE-2018-7047
17PHPOffice PhpSpreadsheet XML Data std_table.php XML External Entity7.56.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00234CVE-2019-12331
18OpenSSL Bleichenbacher Encriptação fraca4.74.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01508CVE-2019-1563
19Apache Mod Fcgid mod_fcgid fcgid_bucket.c fcgid_header_bucket_read Excesso de tampão5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00639CVE-2013-4365
20Oracle HTTP Server Web Listener Excesso de tampão7.57.4$5k-$25kCalculadoHighOfficial Fix0.040.97305CVE-2017-9798

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File.procmailrcpredictiveMédio
2File/cgi-bin/kerbynetpredictiveAlto
3File/uncpath/predictiveMédio
4Filexxxx/xxxxxxxxxxxx.xxxpredictiveAlto
5Filexxx.xxx?xxx=xxxxx_xxxxpredictiveAlto
6Filexxxxx_xxxxxx.xpredictiveAlto
7Filexxx/xxxxxx.xxxpredictiveAlto
8Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveAlto
9Filexxxxxx-xxxxxx/xxxxx/xxxxxxxxx/xxxxxxx/xxx_xxxxx.xxxpredictiveAlto
10Filexxx.xxxpredictiveBaixo
11ArgumentxxxxxxxxpredictiveMédio
12ArgumentxxxxxxxxxpredictiveMédio
13ArgumentxxxxxxpredictiveBaixo
14Argumentxxxxxx_xxpredictiveMédio
15ArgumentxxxpredictiveBaixo
16ArgumentxxxxxxxxxxxxxxxxxxpredictiveAlto
17Input Value?<!xxxxxx?predictiveMédio
18Pattern|xx|xx|xx|predictiveMédio
19Network Portxxx/xx (xxxxxx)predictiveAlto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!