Wirte Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (241)

Idioma

en	204
de	12
fr	12
ja	6
zh	4

País

us	158
gb	12
cn	8
ua	4
me	2

Actores

Wirte	3
RedLine Stealer	2
Miner	1
Mirai_ptea	1
Exchange Marauder	1

Interesse

Tipo

Not Defined	76
Operating System	18
Database Software	6
Firewall Software	6
WordPress Plugin	6

Fabricante

Not Defined	56
Microsoft	18
Apple	8
Cisco	6
Dahua	6

Produto

Microsoft Windows	8
Apple macOS	6
F5 BIG-IP	4
Dahua IPC-HDW1X2X	4
Dahua IPC-HFW1X2X	4

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DataLife Engine addnews.html Roteiro Cruzado de Sítios	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.02	CVE-2018-14777
3	Dahua IP Camera direitos alargados	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00101	0.03	CVE-2017-7253
4	Microsoft Windows Clipboard User Service Privilege Escalation	7.2	6.5	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.04	CVE-2022-21869
5	eSyndicat Directory Software suggest-listing.php Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
6	nginx direitos alargados	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	0.00	CVE-2020-12440
7	jforum User direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.06	CVE-2019-7550
8	Smart Slider 3 Plugin Imported File direitos alargados	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00086	0.04	CVE-2022-3357
9	MariaDB direitos alargados	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01682	0.03	CVE-2021-27928
10	MariaDB mysql-wsrep wsrep_sst_method direitos alargados	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00858	0.02	CVE-2020-15180
11	Yii unserialize direitos alargados	7.7	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02822	0.00	CVE-2020-15148
12	Linux Kernel dfl-afu-region.c afu_mmio_region_get_by_offset Excesso de tampão	6.6	6.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.02	CVE-2023-26242
13	AssoCIateD Postman X.509 Certificate Validation Fraca autenticação	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00245	0.03	CVE-2018-17215
14	WordPress Directório Traversal	5.7	5.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00326	0.00	CVE-2023-2745
15	ImageMagick direitos alargados	7.0	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00043	0.05	CVE-2023-34153
16	ImageMagick OpenBlob direitos alargados	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00386	0.03	CVE-2023-34152
17	Reolink RLC-410W Firmware Update Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00149	0.03	CVE-2021-40419
18	Dahua IPC-HDBW2XXX/IPC-HFW2XXX/ASI7XXXX ONVIF Fraca autenticação	7.8	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00135	0.01	CVE-2022-30563
19	Dahua DH-IPC-Hxxxxxxxxx Authentication Fraca autenticação	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03148	0.00	CVE-2017-7927
20	Dahua IPC-HDW1X2X IP Address Divulgação de Informação	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.02	CVE-2019-9680

Campanhas (1)

These are the campaigns that can be associated with the actor:

Middle East

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	45.129.96.174	free.gmhost.hosting	Wirte	Middle East	22/03/2022	verified	Alto
2	45.129.97.207		Wirte	Middle East	22/03/2022	verified	Alto
3	XX.XXX.X.XX	xxxx.xxxxxx.xxx	Xxxxx	Xxxxxx Xxxx	22/03/2022	verified	Alto
4	XX.XXX.XX.XX		Xxxxx	Xxxxxx Xxxx	22/03/2022	verified	Alto
5	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxx.xxx	Xxxxx		21/12/2020	verified	Médio
6	XXX.XX.XX.XXX	xxxxxx-xxx-xxxxxxxxxx.xxxxxx.xx.xx	Xxxxx		21/12/2020	verified	Alto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1040	CWE-294, CWE-319	Authentication Bypass by Capture-replay	predictive	Alto
3	T1059	CWE-94	Argument Injection	predictive	Alto
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
11	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
12	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
13	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
14	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
15	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Alto
16	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
17	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
18	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/addnews.html	predictive	Alto
2	File	/admin.php/pic/admin/type/pl_save	predictive	Alto
3	File	/churchcrm/WhyCameEditor.php	predictive	Alto
4	File	/example/editor	predictive	Alto
5	File	/goform/aspForm	predictive	Alto
6	File	/index.php?page=search/rentals	predictive	Alto
7	File	/members/view_member.php	predictive	Alto
8	File	/xxxx/xx/xxxx/xxxx	predictive	Alto
9	File	/xxx_xxxx_xxxxxxx.xxx	predictive	Alto
10	File	/xxxx.xxx	predictive	Médio
11	File	/xxxxxxxx/xxxx	predictive	Alto
12	File	/xxx/xxx/xxxxxxx/	predictive	Alto
13	File	xxxxx.xxx	predictive	Médio
14	File	xxxxx.xxx	predictive	Médio
15	File	xxx.xxx	predictive	Baixo
16	File	xxxxxxx.x	predictive	Médio
17	File	xxxx/xxxx/xxxxxxxxxxxxxxxx.xxx	predictive	Alto
18	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
19	File	xxxxxxxxx.xxx	predictive	Alto
20	File	xxxxxxx/xxxx/xxx-xxx-xxxxxx.x	predictive	Alto
21	File	xxxxxxx/xxx/xxx-xxxx.x	predictive	Alto
22	File	xxxx-xxxxx-xxxxxxxxx.xxx	predictive	Alto
23	File	xxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxx	predictive	Alto
24	File	xxx.xxx/xxx.xxx	predictive	Alto
25	File	xx.xxx	predictive	Baixo
26	File	xxxxx.xxx	predictive	Médio
27	File	xxxxxxxx.x	predictive	Médio
28	File	xxxxxxxx/xxxxxx/xxxxxx/_xxxxxxxxxxxx/_xxxxxxxx.xxx	predictive	Alto
29	File	xxxxxxxx.x	predictive	Médio
30	File	xxxxxx.x	predictive	Médio
31	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Alto
32	File	xxx.xxxxx	predictive	Médio
33	File	xxxxxx.xx	predictive	Médio
34	File	xxxxxxx-xxxxxxx.xxx	predictive	Alto
35	File	xxxxx.x	predictive	Baixo
36	File	xxxxx/xxx_xxxxxx.x	predictive	Alto
37	File	xxx_xxx.xxxx	predictive	Médio
38	File	xxx/xxx/xxxxxxxxxx/xxxx/xxxxx/xxxxxxxx.xxx	predictive	Alto
39	File	xxxxx-xxxxxx.xxx	predictive	Alto
40	Library	xxxxx.xxx	predictive	Médio
41	Library	xxxxx.xxx	predictive	Médio
42	Argument	xxxxxxxx	predictive	Médio
43	Argument	xxxxxx_xxx	predictive	Médio
44	Argument	xxxxxxx-xxxx	predictive	Médio
45	Argument	xxxxxx/xxxxxxxxxx	predictive	Alto
46	Argument	xxxx	predictive	Baixo
47	Argument	xxxxx	predictive	Baixo
48	Argument	xxxxxxxx	predictive	Médio
49	Argument	xxxx xxxx	predictive	Médio
50	Argument	xxxxx	predictive	Baixo
51	Argument	xxxxxx	predictive	Baixo
52	Argument	xx	predictive	Baixo
53	Argument	xxx_xxxxxxx	predictive	Médio
54	Argument	xxxxxxxx_xxxxxx_xxx	predictive	Alto
55	Argument	xxxxxxxx	predictive	Médio
56	Argument	xxxxxxx/xxxxx	predictive	Alto
57	Argument	xxxxxxxxxxxxxxxxxxx	predictive	Alto
58	Argument	xxxxx	predictive	Baixo
59	Input Value	xxxxxxxx	predictive	Médio
60	Network Port	xxxxx xxx-xxx	predictive	Alto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you know our Splunk app?

Download it now for free!