Worok Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Idioma

en	36
ar	4
de	4
zh	4
it	2

País

us	26
cn	18
gb	4
de	2

Actores

Worok	3
APT41	1
Cobalt Strike	1

Interesse

Tipo

Not Defined	22
Operating System	6
Content Management System	4
Router Operating System	4
Forum Software	2

Fabricante

Not Defined	12
Microsoft	8
Curtis Galloway	2
Jfinal	2
DrayTek	2

Produto

Microsoft Windows	6
Curtis Galloway libexif	2
Jfinal CMS	2
DrayTek Vigor3900	2
DrayTek Vigor2960	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.09	CVE-2010-0966
2	Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit Roteiro Cruzado de Sítios	3.2	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.04	CVE-2018-25085
3	xiaozhuai imageinfo imageinfo.hpp Excesso de tampão	5.8	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00056	0.09	CVE-2023-1190
4	finixbit elf-parser elf_parser.cpp get_segments Negação de Serviço	3.7	3.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00049	0.09	CVE-2023-1157
5	DrayTek Vigor3900/Vigor2960/Vigor300B execution direitos alargados	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00892	0.03	CVE-2020-14472
6	MGB OpenSource Guestbook email.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	1.66	CVE-2007-0354
7	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	3.18
8	ISS BlackICE PC Protection Update Encriptação fraca	3.7	3.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00067	0.09	CVE-2003-5002
9	Pligg cloud.php Injecção SQL	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.71
10	DZCP deV!L`z Clanportal browser.php Divulgação de Informação	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	1.28	CVE-2007-1167
11	SPIP spip.php Roteiro Cruzado de Sítios	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00132	0.57	CVE-2022-28959
12	FusionPBX fax_send.php direitos alargados	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00121	0.02	CVE-2022-35153
13	NoneCms App.php direitos alargados	8.5	8.5	$0-$5k	$0-$5k	High	Not Defined	0.96678	0.05	CVE-2018-20062
14	Cisco Small Business RV345 Excesso de tampão	9.9	9.7	$5k-$25k	$0-$5k	High	Official Fix	0.96250	0.33	CVE-2022-20699
15	Git Plugin Build direitos alargados	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01156	0.09	CVE-2022-36883
16	Fortinet FortiOS ECDSA PRNG Encriptação fraca	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00169	0.00	CVE-2019-15703
17	Ivanti Pulse Connect Secure Header direitos alargados	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.07	CVE-2022-21826
18	Jfinal CMS Injecção SQL	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00172	0.00	CVE-2022-30500
19	Samba DCE/RPC direitos alargados	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00100	0.00	CVE-2021-23192
20	Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation	7.2	6.5	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.02	CVE-2022-30151

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	5.183.101.9		Worok	05/10/2022	verified	Alto
2	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxx	05/10/2022	verified	Alto
3	XXX.XXX.XX.XX		Xxxxx	05/10/2022	verified	Alto
4	XXX.XXX.XX.XX		Xxxxx	05/10/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1		CAPEC-10	CWE-20, CWE-119, CWE-120, CWE-121, CWE-189, CWE-285, CWE-404, CWE-444, CWE-693, CWE-862, CWE-863	Unknown Vulnerability	predictive	Alto
2	T1040	CAPEC-102	CWE-310, CWE-319	Authentication Bypass by Capture-replay	predictive	Alto
3	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Alto
4	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Alto
10	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
11	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
12	TXXXX.XXX	CAPEC-112	CWE-XXX, CWE-XXX, CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/fax/fax_send.php	predictive	Alto
2	File	/forum/away.php	predictive	Alto
3	File	/spip.php	predictive	Médio
4	File	adclick.php	predictive	Médio
5	File	cloud.php	predictive	Médio
6	File	xxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxx	predictive	Alto
7	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
8	File	xxx_xxxxxx.xxx	predictive	Alto
9	File	xxxxx.xxx	predictive	Médio
10	File	xxxx-xxxxx.x	predictive	Médio
11	File	xxxxxxx.xxx	predictive	Médio
12	File	xxxxxxxxx.xxx	predictive	Alto
13	File	xxx/xxxxxx.xxx	predictive	Alto
14	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Alto
15	File	xxxxxxxxx/xxxxxxxxx	predictive	Alto
16	File	xxxxxxxxx.xxx.xxx	predictive	Alto
17	File	xxxxxxxx.xxx	predictive	Médio
18	File	xxxxxxxxxx.xxx	predictive	Alto
19	File	xxxxxxxxxx_xxxxx.xxxxxx	predictive	Alto
20	File	xxxxxxxxx.xxx	predictive	Alto
21	File	xxxx-xxxxxxxx.xxx	predictive	Alto
22	Library	xxxxx.xxx	predictive	Médio
23	Library	xxxxxxxx/xxxxxxx/xxxxx/xxx.xxx	predictive	Alto
24	Library	xxxxxxxx.xxx	predictive	Médio
25	Argument	xxxxxxxx	predictive	Médio
26	Argument	xxxxxx-xxxx	predictive	Médio
27	Argument	xxxxxxxxxx	predictive	Médio
28	Argument	xxxxxxx-xxxxxx	predictive	Alto
29	Argument	xxxx	predictive	Baixo
30	Argument	xxxx	predictive	Baixo
31	Argument	xxxxxx	predictive	Baixo
32	Argument	xx	predictive	Baixo
33	Argument	xxxxx	predictive	Baixo
34	Argument	xxxxxxxxx	predictive	Médio
35	Argument	xxx	predictive	Baixo

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!