WindShift Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (83)

Idioma

en	78
pt	4
pl	2

País

us	50
nl	2
tr	2
ch	2
pl	2

Actores

Mirai	3
BitRAT	3
AsyncRAT	3
RedLine Stealer	3
Nanocore RAT	3

Interesse

Tipo

Not Defined	36
Operating System	10
Web Server	8
Application Server Software	2
Remote Access Software	2

Fabricante

Not Defined	22
Microsoft	14
Linux	4
Cisco	4
OAID	2

Produto

Microsoft Windows	6
Microsoft IIS	4
Linux Kernel	4
Yii Framework	2
ampleShop	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Cisco SD-WAN CLI Privilege Escalation	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2022-20818
2	Cisco IOS XE Self-Healing direitos alargados	7.3	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00042	0.06	CVE-2022-20855
3	Apple iOS ImageIO Negação de Serviço	6.4	6.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03533	0.00	CVE-2016-1811
4	Acme Mini HTTPd Terminal direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00303	0.04	CVE-2009-4490
5	Cisco SD-WAN CLI Privilege Escalation	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-20775
6	Apple iOS CommonCrypto Divulgação de Informação	5.4	5.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2016-1802
7	Microsoft IIS Roteiro Cruzado de Sítios	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.14	CVE-2017-0055
8	Microsoft Word wwlib Remote Code Execution	8.0	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.45352	0.00	CVE-2023-21716
9	Linux Kernel TPM Device Excesso de tampão	7.6	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-2977
10	D-Link Go-RT-AC750 gena.php direitos alargados	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00121	0.03	CVE-2022-36523
11	Multivendor Marketplace Solution for WooCommerce Order Status Falsificação de Pedido Cross Site	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.00	CVE-2022-2657
12	taviso Lotus 1-2-3 Worksheet process_fmt Excesso de tampão	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.00	CVE-2022-39843
13	image-tiler direitos alargados	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00194	0.00	CVE-2020-28451
14	Apple macOS Kernel Divulgação de Informação	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.00	CVE-2022-32817
15	Irfan Skiljan IrfanView ShowPlugInSaveOptions_W Excesso de tampão	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00057	0.00	CVE-2020-23561
16	Microsoft Windows Defender Credential Guard Privilege Escalation	8.3	7.3	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2022-34711
17	Microsoft Windows Kerberos Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00121	0.00	CVE-2022-30165
18	Microsoft Windows Kerberos AppContainer Privilege Escalation	8.9	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2022-30164
19	Microsoft Windows Network File System Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.88909	0.04	CVE-2022-30136
20	Vmware Workspace ONE Access Fraca autenticação	9.8	9.1	$25k-$100k	$0-$5k	Functional	Official Fix	0.58483	0.00	CVE-2022-22972

Campanhas (1)

These are the campaigns that can be associated with the actor:

WindShift

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	37.46.150.102		Hangover	WindShift	29/08/2021	verified	Alto
2	45.133.1.133		Hangover	WindShift	29/08/2021	verified	Alto
3	XXX.XXX.XX.XXX	xxx.xxxxxxxxxxx.xxx.xx	Xxxxxxxx	Xxxxxxxxx	29/08/2021	verified	Alto
4	XXX.XXX.XX.XXX	xxxx.xx.xxxxxxxxxx.xxx	Xxxxxxxx	Xxxxxxxxx	29/08/2021	verified	Alto
5	XXX.XX.XX.XXX	xxxx-xxxxx.xxxxxxx.xxxx	Xxxxxxxxx	Xxxxxxxxx	22/12/2020	verified	Alto
6	XXX.XXX.XXX.XX	xxx-xxxx.xxxxx--xxxxxxx.xxx	Xxxxxxxx	Xxxxxxxxx	29/08/2021	verified	Alto
7	XXX.XXX.XX.XXX		Xxxxxxxx	Xxxxxxxxx	29/08/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22, CWE-25	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-466	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx	predictive	Alto
10	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Alto
11	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
12	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	.procmailrc	predictive	Médio
2	File	/cgi-bin/wapopen	predictive	Alto
3	File	/htdocs/upnpinc/gena.php	predictive	Alto
4	File	/it-IT/splunkd/__raw/services/get_snapshot	predictive	Alto
5	File	/xxxxxxx/xxxxx/xxxxx.xxx	predictive	Alto
6	File	/xxxxxxx/	predictive	Médio
7	File	xxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.x	predictive	Alto
8	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Alto
9	File	xxxxxxxx.xxx	predictive	Médio
10	File	xxx.xxx?xxx=xxxxx_xxxx	predictive	Alto
11	File	xxxxxxxxxxxxxx/xxxxxxx.xxx	predictive	Alto
12	File	xxxxxxxx.xxx	predictive	Médio
13	File	xx-xxxxxxxxxxx.xxx	predictive	Alto
14	File	~/xx-xxxxxxxx.xxx	predictive	Alto
15	Argument	$_xxxxxx['xxx_xxxx']	predictive	Alto
16	Argument	--xxxx=xxx	predictive	Médio
17	Argument	xxxxxxxx	predictive	Médio
18	Argument	xxx	predictive	Baixo
19	Argument	xxxxxxxxxx	predictive	Médio
20	Argument	xxxxxxxx	predictive	Médio
21	Argument	xxxxx	predictive	Baixo
22	Argument	xxxxxx_xx	predictive	Médio
23	Argument	xxxx_xxxx	predictive	Médio
24	Argument	xxx	predictive	Baixo
25	Argument	xxx	predictive	Baixo
26	Argument	xxxxxxxx/xxxx	predictive	Alto
27	Input Value	../..	predictive	Baixo

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!