Tranchulas Análise

IOB - Indicator of Behavior (230)

Curso de tempo

Idioma

en212
es18

País

us46
gb20
es16
ru16
ca4

Actores

Actividades

Interesse

Curso de tempo

Tipo

Fabricante

Produto

Microsoft Windows12
NVIDIA Windows GPU Display Driver12
Juniper Junos10
Apache HTTP Server10
Linux Kernel6

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1Magento PageBuilder Template direitos alargados8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00669CVE-2019-8144
2Microsoft IIS Roteiro Cruzado de Sítios5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
3Apache HTTP Server HTTP Digest Authentication Challenge Fraca autenticação8.58.4$5k-$25kCalculadoNot DefinedOfficial Fix0.040.01815CVE-2018-1312
4WordPress Metadata direitos alargados8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01578CVE-2018-20148
5Juniper Junos jdhcpd Negação de Serviço6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00268CVE-2017-2301
6Subrion CMS Roteiro Cruzado de Sítios5.25.2$0-$5kCalculadoNot DefinedNot Defined0.000.00076CVE-2019-11406
7Apache HTTP Server mod_proxy_fcgi.c handle_headers Excesso de tampão5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.00953CVE-2014-3583
8Apple iOS WebKit direitos alargados7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.06135CVE-2019-8506
9Microsoft IIS File Name Tilde direitos alargados6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.96712CVE-2005-4360
10Cisco Firepower Threat Defense Data Acquisition direitos alargados7.97.9$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00149CVE-2019-1669
11Zeescripts ZeeBuddy bannerclick.php Injecção SQL8.58.3$0-$5k$0-$5kHighUnavailable0.000.00167CVE-2008-3604
12PHP Scripts Mall PHP Multivendor Ecommerce my_wishlist.php Roteiro Cruzado de Sítios5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00075CVE-2017-17958
13Aj Square Ajauction subcat.php Injecção SQL7.37.3$0-$5k$0-$5kHighUnavailable0.030.00821CVE-2007-1298
14WordPress User Search REST Endpoint Divulgação de Informação4.44.3$5k-$25k$0-$5kNot DefinedNot Defined0.030.00089CVE-2023-5561
15Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track Falsificação de Pedido Cross Site4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00062CVE-2022-47166
16janobe Online Ordering System Injecção SQL6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00172CVE-2022-31356
17Adobe InDesign Excesso de tampão7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00085CVE-2021-40727
18Ubiquiti EdgeMAX EdgeRouter Firmware Update direitos alargados8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00359CVE-2021-22909
19Verbatim Keypad Secure USB Lockout Divulgação de Informação5.04.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00100CVE-2022-28386
20Micro CMS Comments Roteiro Cruzado de Sítios3.53.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000

Campanhas (1)

These are the campaigns that can be associated with the actor:

  • Bitterbug

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
146.4.139.224static.224.139.4.46.clients.your-server.deTranchulasBitterbug01/01/2021verifiedAlto
246.4.139.225static.225.139.4.46.clients.your-server.deTranchulasBitterbug01/01/2021verifiedAlto
3XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedAlto
4XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedAlto
5XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedAlto
6XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedAlto
7XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (74)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/cgi/loginDefaultUserpredictiveAlto
2File/contentshare/image/data/user/0/com.sony.dtv.photosharingplus/files/_BRAVPSS.TMP/LJYT0010.JPGpredictiveAlto
3File/etc/shadowpredictiveMédio
4File/ordering/admin/store/index.php?view=editpredictiveAlto
5File/proc/ioportspredictiveAlto
6File/uncpath/predictiveMédio
7File/webconsole/APIControllerpredictiveAlto
8File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveAlto
9FileAccountStatus.jsppredictiveAlto
10Filexxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxpredictiveAlto
11Filexxxxxxxxx/xxxxxxxxxxxxxpredictiveAlto
12Filexxx/xxxxx/xxxxxx.xxxpredictiveAlto
13Filexxxxxxxxxxx.xxxpredictiveAlto
14Filexxxxxx_xxxxx.xpredictiveAlto
15Filexxxxxx/xxx-xxxxx.xpredictiveAlto
16Filexxxx/xx-xxxx-xx/xx-xxxx-xx.xpredictiveAlto
17Filexxxxxx_xxxx.xpredictiveAlto
18Filexxxxxxx/xxx/xxxxx/xxx-xxxxx.xpredictiveAlto
19Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xpredictiveAlto
20Filexxxxxxx/xxxxx/xxxxx/xxxxxxx.xpredictiveAlto
21Filexxxxxxxx.xxxpredictiveMédio
22Filexxxx/xxxx/xxxx/xxxx.xxxpredictiveAlto
23Filexxxxx/xxxx/xxxx.xxxpredictiveAlto
24Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveAlto
25Filexxxxx.xxxpredictiveMédio
26Filexxxx.xxxpredictiveMédio
27Filexxxxxx.xpredictiveMédio
28Filexxxxxxxxxxxxx.xxxpredictiveAlto
29Filexxx_xxxxx_xxxx.xpredictiveAlto
30Filexxxxxxxx.xpredictiveMédio
31Filexx_xxxxxxxx.xxxpredictiveAlto
32Filexxxxxxxx_xxxxxx.xxxpredictiveAlto
33Filexxx/xxxx/xx_xxxxxxxx.xpredictiveAlto
34Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveAlto
35Filexxxxxxxxx.xxxxx.xxxpredictiveAlto
36Filexxxxxxx.xxxpredictiveMédio
37Filexxxxx.xxxpredictiveMédio
38FilexxxxxpredictiveBaixo
39Filexxxxxxxx.xxxpredictiveMédio
40Filexxxxxx.xxxpredictiveMédio
41Filexxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
42Filexx/x.x.xx.xxxxxx/xxxxxxx/xx/xxxxx.xx.xxxxxxxxxpredictiveAlto
43Filexxxxxxxxxxxxxxx.xxxxpredictiveAlto
44Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveAlto
45File_xxxx/xx/xxxxxxxx/predictiveAlto
46File_xx_xxxxxpredictiveMédio
47Libraryxxxxxxxxxxxxxxxx.xxxpredictiveAlto
48Libraryxxxxxxxx.xxxpredictiveMédio
49Libraryxxx/xxx/xxxx/predictiveAlto
50ArgumentxxxxpredictiveBaixo
51Argumentxxxx_xxpredictiveBaixo
52ArgumentxxxpredictiveBaixo
53ArgumentxxxxxpredictiveBaixo
54ArgumentxxxpredictiveBaixo
55ArgumentxxxxpredictiveBaixo
56Argumentxxxx_xxxxxxxpredictiveMédio
57ArgumentxxpredictiveBaixo
58Argumentxxxx/xxxxx/xxxxxpredictiveAlto
59Argumentxxxxxxx=xxxxxxxxxxxxxxpredictiveAlto
60ArgumentxxxxxxxxpredictiveMédio
61ArgumentxxxxxxxxpredictiveMédio
62ArgumentxxpredictiveBaixo
63ArgumentxxxxpredictiveBaixo
64Argumentxxxxxx[xxx][xxxx]predictiveAlto
65ArgumentxxxxxxxxxpredictiveMédio
66ArgumentxxxxxxxxpredictiveMédio
67Argumentxxxx->xxxxxxxpredictiveAlto
68Argumentx-xxxxxxxxx-xxxpredictiveAlto
69Input Value-x/xxxxxxxxxxpredictiveAlto
70Input Value::$xxxxx_xxxxxxxxxxpredictiveAlto
71Input ValuexxpredictiveBaixo
72Network Portxxx/xx (xxx)predictiveMédio
73Network Portxxx/xxxxxpredictiveMédio
74Network Portxxx xxxxxx xxxxpredictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!