VBREVSHELL Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (125)

Idioma

en	120
zh	6

País

us	104
cn	14
nl	2

Actores

VBREVSHELL	5
Cobalt Strike	2

Interesse

Tipo

Not Defined	6
Smartphone Operating System	4
Network Camera Software	4
Router Operating System	4
Web Server	2

Fabricante

Not Defined	8
Cisco	6
Google	4
AVer	2
Goahead	2

Produto

Google Android	4
PbootCMS	2
AVer EH6108H+ Hybrid DVR	2
Goahead Web Server	2
Resource Data Management Data Manager	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit Roteiro Cruzado de Sítios	3.2	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00127	0.08	CVE-2018-25085
2	Microsoft Windows NetBIOS WinNuke Negação de Serviço	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.00304	0.03	CVE-1999-0153
3	jforum User direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.04	CVE-2019-7550
4	Palo Alto PAN-OS Web Interface direitos alargados	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00182	0.02	CVE-2021-3050
5	Cisco Packaged Contact Center Enterprise direitos alargados	9.9	9.8	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00162	0.04	CVE-2024-20253
6	Paddle Negação de Serviço	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00046	0.04	CVE-2023-38677
7	DolphinPHP Incomplete Fix CVE-2021-46097 common.php direitos alargados	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01283	0.04	CVE-2023-0935
8	PbootCMS GET Request Injecção SQL	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00109	0.05	CVE-2021-37497
9	October CMS Admin Panel direitos alargados	5.8	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00090	0.06	CVE-2022-35944
10	WordPress Roteiro Cruzado de Sítios	4.3	4.1	$5k-$25k	$0-$5k	High	Official Fix	0.00192	0.00	CVE-2008-2068
11	Microsoft IIS Roteiro Cruzado de Sítios	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.12	CVE-2017-0055
12	Goahead Web Server Multi-Part Request Excesso de tampão	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Workaround	0.47818	0.04	CVE-2019-5096
13	Bitcoin wallet.dat AES Encryption Padding Encriptação fraca	7.1	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.04
14	QNAP QTS Helpdesk direitos alargados	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00274	0.03	CVE-2018-0714
15	Linux Kernel Call tcp_collapse_ofo_queue direitos alargados	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.78302	0.04	CVE-2018-5390
16	Cisco Linksys Router tmUnblock.cgi direitos alargados	9.8	9.2	$25k-$100k	$0-$5k	High	Workaround	0.00000	0.12
17	AVTECH IP Camera/NVR/DVR PwdGrp.cgi direitos alargados	9.8	9.2	$5k-$25k	$0-$5k	High	Unavailable	0.00000	0.00
18	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.05	CVE-2018-6200
19	Google Android Ashmem Excesso de tampão	6.5	5.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00101	0.03	CVE-2017-13216
20	Sony IPELA ENGINE IP Camera direitos alargados	9.8	8.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.04

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	8.134.126.121		VBREVSHELL	01/04/2024	verified	Alto
2	27.124.47.147		VBREVSHELL	15/10/2023	verified	Alto
3	45.77.250.196	45.77.250.196.vultrusercontent.com	VBREVSHELL	29/11/2023	verified	Alto
4	XX.XXX.XXX.XX		Xxxxxxxxxx	21/10/2023	verified	Alto
5	XX.XXX.XXX.XX		Xxxxxxxxxx	03/11/2023	verified	Alto
6	XX.XX.XX.XX		Xxxxxxxxxx	29/11/2023	verified	Alto
7	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxx	09/03/2024	verified	Alto
8	XXX.XXX.XXX.XX	xxx-xxx-xxx-xxx-xx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxxxxxx	29/10/2023	verified	Alto
9	XXX.XXX.XXX.XX		Xxxxxxxxxx	10/11/2023	verified	Alto
10	XXX.XXX.XXX.XX		Xxxxxxxxxx	15/10/2023	verified	Alto
11	XXX.XXX.XX.XXX		Xxxxxxxxxx	15/10/2023	verified	Alto
12	XXX.XX.XX.XXX	xxx-xx-xx-xxx-xxxxxxxxx.xxxxxxxx.xxx	Xxxxxxxxxx	15/10/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Alto
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-157	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/cgi-bin/supervisor/PwdGrp.cgi	predictive	Alto
2	File	/uncpath/	predictive	Médio
3	File	common.php	predictive	Médio
4	File	xxxxxxxxxx.xxx	predictive	Alto
5	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Alto
6	File	xxxxxxxxxx_xxxxx.xxxxxx	predictive	Alto
7	File	xxxxx.xxx	predictive	Médio
8	File	xxxxxxxxx.xxx	predictive	Alto
9	File	xxxxxx.xxx	predictive	Médio
10	Argument	xx	predictive	Baixo
11	Argument	xxxxxxxx	predictive	Médio
12	Argument	xxxx_xx	predictive	Baixo
13	Argument	xxx	predictive	Baixo
14	Network Port	xxx/xxxx	predictive	Médio

Referências (13)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!